Help in checking HJT Log

XxSaberxX

Hello. Just did a scan and need someone here to help me check it out. Thanks a lot in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:32:45, on 18/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Games\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Games\Stardock\Impulse\Now\ImpulseNow.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Games\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: ImpulseNow.lnk = D:\Games\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8F31E57-681A-4ED3-A96D-8C5E85698452}: NameServer = 202.156.1.68,218.186.1.88
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

--
End of file - 9031 bytes

Katana

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Failure to reply within 5 days will result in the topic being closed.
5. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

---

What problems are you having ?

Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

XxSaberxX

Thanks!! Here are the logs:

---

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-05-22 23:31:19
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 10 GB (19%) free of 51 GB
Total RAM: 2046 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:34, on 22/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Games\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Games\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Games\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: ImpulseNow.lnk = D:\Games\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8F31E57-681A-4ED3-A96D-8C5E85698452}: NameServer = 202.156.1.68,218.186.1.88
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

--
End of file - 8986 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{BA2C7C89-D801-4463-89D1-C0D7352D0DCA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-10-16 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-31 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-31 2403392]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 691656]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - ZoneAlarm Spy Blocker Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-10-16 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe []
"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2007-04-27 188416]
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe []
"Wbutton"=C:\Program Files\Launch Manager\WButton.exe []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"MaxMenuMgr"=C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-18 516440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"DAEMON Tools Lite"=D:\Games\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-05-31 171448]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
C:\Program Files\Launch Manager\LaunchAp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-05-31 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-19 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
C:\Program Files\Launch Manager\WButton.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-03-09 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows]
C:\Users\Public\Public Documents\Windows Movie Player\player.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
C:\PROGRA~1\Hamachi\hamachi.exe [2009-02-20 625952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
ImpulseNow.lnk - D:\Games\Stardock\Impulse\Now\ImpulseNow.exe
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5107b701-8ca2-11dd-b520-0016d38b0b4a}]
shell\AutoRun\command - I:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5107b702-8ca2-11dd-b520-0016d38b0b4a}]
shell\AutoRun\command - J:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76ee9335-39f3-11de-8874-0016d38b0b4a}]
shell\AutoRun\command - I:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8ed7a38-e059-11dc-8966-0016d38b0b4a}]
shell\AutoRun\command - E:\oufddh.exe
shell\explore\command - E:\oufddh.exe
shell\open\command - E:\oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2603542-1d9d-11de-bc79-0016d38b0b4a}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fba89c83-91b6-11dd-9f7f-0016d38b0b4a}]
shell\AutoRun\command - K:\Installer.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-05-22 23:31:19 ----D---- C:\rsit
2009-05-18 23:31:58 ----D---- C:\Program Files\Trend Micro
2009-05-18 02:11:28 ----A---- C:\AdAwareScanLog.txt
2009-05-18 02:10:46 ----A---- C:\Windows\system32\lsdelete.exe
2009-05-18 02:00:35 ----A---- C:\Windows\ntbtlog.txt
2009-05-18 01:53:39 ----HDC---- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-13 11:48:35 ----SHD---- C:\Windows\system32\%APPDATA%
2009-05-11 19:09:25 ----D---- C:\ProgramData\CCP
2009-05-08 17:12:22 ----D---- C:\ProgramData\Seagate
2009-05-08 17:12:22 ----D---- C:\Program Files\Seagate
2009-05-08 17:11:18 ----D---- C:\Windows\Downloaded Installations
2009-05-08 17:11:12 ----SHD---- C:\Windows\ftpcache
2009-05-06 15:36:56 ----A---- C:\Windows\Sins of a Solar Empire Uninstall Log.txt
2009-05-06 15:35:05 ----D---- C:\Windows\Sins of a Solar Empire
2009-05-06 15:34:39 ----A---- C:\Windows\Sins of a Solar Empire Setup Log.txt
2009-04-29 22:30:54 ----A---- C:\Windows\system32\msls31.dll
2009-04-29 22:30:54 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-29 22:30:54 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-29 22:30:54 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-29 22:30:54 ----A---- C:\Windows\system32\ieui.dll
2009-04-29 22:30:54 ----A---- C:\Windows\system32\iernonce.dll
2009-04-29 22:30:54 ----A---- C:\Windows\system32\ieakeng.dll
2009-04-29 22:30:54 ----A---- C:\Windows\system32\icardie.dll
2009-04-29 22:30:54 ----A---- C:\Windows\system32\corpol.dll
2009-04-29 22:30:54 ----A---- C:\Windows\system32\admparse.dll
2009-04-29 22:30:53 ----A---- C:\Windows\system32\webcheck.dll
2009-04-29 22:30:53 ----A---- C:\Windows\system32\occache.dll
2009-04-29 22:30:53 ----A---- C:\Windows\system32\msrating.dll
2009-04-29 22:30:53 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-04-29 22:30:53 ----A---- C:\Windows\system32\licmgr10.dll
2009-04-29 22:30:53 ----A---- C:\Windows\system32\inseng.dll
2009-04-29 22:30:53 ----A---- C:\Windows\system32\imgutil.dll
2009-04-29 22:30:53 ----A---- C:\Windows\system32\iepeers.dll
2009-04-29 22:30:53 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-29 22:30:53 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-29 22:30:53 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-29 22:30:52 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-04-29 22:30:52 ----A---- C:\Windows\system32\wextract.exe
2009-04-29 22:30:52 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-29 22:30:52 ----A---- C:\Windows\system32\mstime.dll
2009-04-29 22:30:52 ----A---- C:\Windows\system32\msfeedssync.exe
2009-04-29 22:30:52 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-29 22:30:52 ----A---- C:\Windows\system32\iesetup.dll
2009-04-29 22:30:52 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-29 22:30:52 ----A---- C:\Windows\system32\ieakui.dll
2009-04-29 22:30:52 ----A---- C:\Windows\system32\advpack.dll
2009-04-29 22:30:51 ----A---- C:\Windows\system32\vbscript.dll
2009-04-29 22:30:51 ----A---- C:\Windows\system32\url.dll
2009-04-29 22:30:51 ----A---- C:\Windows\system32\jscript.dll
2009-04-29 22:30:51 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-29 22:30:50 ----A---- C:\Windows\system32\wininet.dll
2009-04-29 22:30:50 ----A---- C:\Windows\system32\urlmon.dll
2009-04-29 22:30:50 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-04-29 22:30:50 ----A---- C:\Windows\system32\SetDepNx.exe
2009-04-29 22:30:50 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-04-29 22:30:50 ----A---- C:\Windows\system32\PDMSetup.exe
2009-04-29 22:30:50 ----A---- C:\Windows\system32\mshta.exe
2009-04-29 22:30:50 ----A---- C:\Windows\system32\iexpress.exe
2009-04-29 22:30:50 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-29 22:30:50 ----A---- C:\Windows\system32\iesysprep.dll
2009-04-29 22:30:50 ----A---- C:\Windows\system32\iertutil.dll
2009-04-29 22:30:50 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-29 22:30:49 ----A---- C:\Windows\system32\ieframe.dll
2009-04-29 22:30:48 ----A---- C:\Windows\system32\mshtml.dll

======List of files/folders modified in the last 1 months======

2009-05-22 23:31:34 ----D---- C:\Windows\Prefetch
2009-05-22 23:31:27 ----D---- C:\Windows\Temp
2009-05-22 23:31:24 ----D---- C:\Windows\System32
2009-05-22 23:31:24 ----D---- C:\Windows\inf
2009-05-22 23:31:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-22 23:25:21 ----D---- C:\Users\Owner\AppData\Roaming\Hamachi
2009-05-22 23:25:14 ----D---- C:\Program Files\Mozilla Firefox
2009-05-22 19:04:23 ----D---- C:\System Volume Information
2009-05-19 12:03:56 ----D---- C:\Users\Owner\AppData\Roaming\Any Video Converter
2009-05-18 23:46:43 ----A---- C:\DxDiag.txt
2009-05-18 23:31:58 ----RD---- C:\Program Files
2009-05-18 17:06:59 ----SHD---- C:\Windows\Installer
2009-05-18 17:06:49 ----D---- C:\Program Files\Safari
2009-05-18 02:01:09 ----D---- C:\Windows\Tasks
2009-05-18 02:01:09 ----D---- C:\Windows\system32\Tasks
2009-05-18 02:00:35 ----D---- C:\Windows
2009-05-18 01:53:39 ----D---- C:\ProgramData
2009-05-18 01:53:21 ----D---- C:\Program Files\Lavasoft
2009-05-18 01:53:15 ----D---- C:\Program Files\Common Files
2009-05-18 01:53:12 ----D---- C:\Windows\system32\drivers
2009-05-18 01:43:19 ----AD---- C:\ProgramData\TEMP
2009-05-18 01:43:10 ----D---- C:\Program Files\SpywareBlaster
2009-05-15 09:24:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-15 00:45:04 ----D---- C:\Program Files\Any Video Converter
2009-05-13 11:49:02 ----RSD---- C:\Windows\assembly
2009-05-13 11:48:58 ----D---- C:\ProgramData\Microsoft Help
2009-05-13 11:47:02 ----D---- C:\Windows\winsxs
2009-05-13 11:45:48 ----D---- C:\Windows\system32\catroot
2009-05-13 11:45:38 ----D---- C:\Program Files\Windows Mail
2009-05-12 02:16:39 ----D---- C:\Windows\system32\catroot2
2009-05-09 02:01:56 ----A---- C:\Windows\system32CmdLineExt.dll
2009-05-08 17:13:19 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2009-05-08 09:06:16 ----D---- C:\Program Files\Internet Explorer
2009-05-07 15:16:29 ----A---- C:\Windows\system32\mrt.exe
2009-05-07 11:59:56 ----D---- C:\Program Files\Garena
2009-05-06 15:38:30 ----RSD---- C:\Windows\Fonts
2009-04-30 00:37:24 ----D---- C:\Windows\rescache
2009-04-30 00:18:59 ----D---- C:\Windows\system32\migration
2009-04-30 00:18:59 ----D---- C:\Windows\system32\en-US
2009-04-30 00:18:59 ----D---- C:\Windows\PolicyDefinitions
2009-04-29 22:34:40 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-29 22:34:31 ----D---- C:\Program Files\Microsoft Works
2009-04-29 22:33:17 ----D---- C:\Program Files\Common Files\System
2009-04-29 22:33:17 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-29 9867]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 2600960]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-05-26 25280]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-15 70144]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 ST50220;Sonix ST50220 USB Video Camera Driver; C:\Windows\System32\Drivers\ST50220.sys [2008-12-02 34224]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-05 36864]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 mailKmd;mailKmd; C:\Windows\system32\drivers\mailKmd.sys []
S3 an7wjw60;an7wjw60; C:\Windows\system32\drivers\an7wjw60.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-05-01 160768]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-22 1749760]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\drivers\usbser.sys [2008-01-18 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
S3 XDva037;XDva037; \??\C:\Windows\system32\XDva037.sys []
S3 XDva104;XDva104; \??\C:\Windows\system32\XDva104.sys []
S3 XDva121;XDva121; \??\C:\Windows\system32\XDva121.sys []
S3 XDva132;XDva132; \??\C:\Windows\system32\XDva132.sys []
S3 XDva197;XDva197; \??\C:\Windows\system32\XDva197.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-06-21 606208]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 HamachiService;Hamachi Service; C:\Program Files\Hamachi\hamachi.exe [2009-02-20 625952]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-18 953168]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S4 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S4 GtFix;GtFix; C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe [2007-07-17 114688]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-31 138168]
S4 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
S4 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2006-11-18 118784]

---

EOF

---

---

XxSaberxX

info.txt

info.txt logfile of random's system information tool 1.06 2009-05-22 23:31:35

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->"C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Any Audio Converter 1.1.0-->"C:\Program Files\Any Audio Converter\unins000.exe"
Any Video Converter 2.7.3-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BootSkin Vista (Free)-->"D:\Games\Stardock\Object Desktop\BootSkin\UninstHelper.exe" /autouninstall bssw
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Command & Conquer 3-->MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IC4xVenza.INF
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
EVE Online (remove only)-->D:\Games\EVE Online\Uninstall.exe
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\Combined Community Codec Pack\Filters\unins000.exe"
Football Manager 2009-->"C:\Program Files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe"
Galactic Civilizations II - Endless Universe-->D:\Games\GALCIV~1\UNWISE.EXE D:\Games\GALCIV~1\INSTALL.LOG
Galactic Civilizations II-->C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\UNWISE.EXE C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\INSTALL.LOG
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
GlobeTrotter Connect-->MsiExec.exe /X{E03C00AC-9A90-4764-8D4B-57813A4AFD92}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guild Wars-->"D:\Games\Guild Wars\Gw.exe" -uninstall
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Heroes of Might and Magic III Complete-->C:\Windows\IsUninst.exe -f"d:\games\3DO\Heroes III\Heroes of Might and Magic III Complete.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Impulse-->"C:\ProgramData\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\ProgramData\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\Impulse_setup.exe
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Launch Manager V1.4.6-->C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\Setup.exe -runfromtemp -l0x0009 -removeonly
Left 4 Dead Standalone Patch-->D:\Games\Images\Left 4 Dead\Uninstall.exe
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MechWarrior 4 Mercenaries-->"C:\Program Files\Microsoft Games\Mechwarrior Mercenaries\UNINSTAL.EXE" /runtemp /addremove
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mIRC-->"C:\sysreset\mirc.exe" -uninstall
MobileMe Control Panel-->MsiExec.exe /I{A14C24F6-615B-415E-84B0-610FDAD19B68}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Recovery Tool-->"C:\Program Files\Creative\MP3 Player Recovery Tool\unins000.exe"
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Need for Speedâ„¢ Most Wanted-->D:\Games\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Nero 7 Essentials-->MsiExec.exe /I{D34D82E0-4600-407B-9478-8506C1DD1033}
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia PC Suite-->C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_eng.exe
Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Nokia Software Updater-->MsiExec.exe /X{48110A46-A3A4-481E-8230-7873B7F4C696}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Pcsx2 0.9.4 Watermoose-->"C:\Program Files\Pcsx2\unins000.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{71883667-71F2-48A1-AB72-28D518D8AC4A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{71883667-71F2-48A1-AB72-28D518D8AC4A}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Shattered Galaxy-->D:\Games\SHATTE~1\UNWISE.EXE D:\Games\SHATTE~1\INSTALL.LOG
Sins of a Solar Empire-->"C:\Windows\Sins of a Solar Empire\uninstall.exe" "/U:D:\Games\Stardock Games\Sins of a Solar Empire\Uninstall\uninstall.xml"
Sins of a Solar Empire-->C:\ProgramData\{FD71DB76-A64B-4A16-BD57-1CC61B92D082}\setup.exe
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SmartAudio-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio /F1"C:\Program Files\InstallShield Installation Information\{E621DCAF-82F7-4F6D-B563-B6A4004B2397}\setup.iss" /S
Spybot - Search & Destroy 1.5.2.20-->"C:\Windows\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Webshots Desktop-->"C:\Program Files\Webshots\unins000.exe"
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Firefox-->"C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s6zp1zk5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
ZoneAlarm Spy Blocker Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender

======System event log======

Computer Name: XxSaberxX
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 356064
Source Name: Service Control Manager
Time Written: 20090522153115.000000-000
Event Type: Error
User:

Computer Name: XxSaberxX
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 356065
Source Name: Service Control Manager
Time Written: 20090522153116.000000-000
Event Type: Error
User:

Computer Name: XxSaberxX
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 356066
Source Name: Service Control Manager
Time Written: 20090522153126.000000-000
Event Type: Error
User:

Computer Name: XxSaberxX
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 356067
Source Name: Service Control Manager
Time Written: 20090522153135.000000-000
Event Type: Error
User:

Computer Name: XxSaberxX
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 356068
Source Name: Service Control Manager
Time Written: 20090522153135.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: XxSaberxX
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3478870226-1589877564-701819142-1000_Classes:
Process 992 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3478870226-1589877564-701819142-1000_CLASSES

Record Number: 31613
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090517181149.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: XxSaberxX
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3478870226-1589877564-701819142-1000:
Process 968 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3478870226-1589877564-701819142-1000

Record Number: 31674
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090518050757.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: XxSaberxX
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3478870226-1589877564-701819142-1000_Classes:
Process 968 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3478870226-1589877564-701819142-1000_CLASSES

Record Number: 31675
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090518050759.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: XxSaberxX
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3478870226-1589877564-701819142-1000:
Process 956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3478870226-1589877564-701819142-1000

Record Number: 31789
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090519040534.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: XxSaberxX
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3478870226-1589877564-701819142-1000_Classes:
Process 956 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3478870226-1589877564-701819142-1000_CLASSES

Record Number: 31790
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090519040536.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: XxSaberxX
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 26464
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090522153133.252512-000
Event Type: Audit Failure
User:

Computer Name: XxSaberxX
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 26465
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090522153133.286512-000
Event Type: Audit Failure
User:

Computer Name: XxSaberxX
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 26466
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090522153133.321512-000
Event Type: Audit Failure
User:

Computer Name: XxSaberxX
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 26467
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090522153133.355512-000
Event Type: Audit Failure
User:

Computer Name: XxSaberxX
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 26468
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090522153133.386512-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"configsetroot"=%SystemRoot%\ConfigSetRoot
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0b
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

---

EOF

---

---

Again, thanks for helping out! I would really appreciate it if you could also suggest some ways I could improve my lappy performance with the exception of getting new/upgrading hardware.

Katana

Katana wrote:

What problems are you having ?

Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
• If requested, please reboot
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
  
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  
• Double click combofix.exe & follow the prompts.
  
• When finished, it will produce a log. Please save that log to post in your next reply
  
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper





Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
  
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  
• Double click combofix.exe & follow the prompts.
  
• When finished, it will produce a log. Please save that log to post in your next reply
  
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


USBNoRisk

Please download USBNoRisk to your Desktop and run it by double-clicking the program's icon
wait a couple of seconds for initial scan to be done
connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
if there are more USB storage devices to scan, please take a note about the order in which these were connected
after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log to forum

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.



Logs/Information to Post in Reply
Please post the following logs/Information in your reply

• MalwareBytes Log
• Combofix Log
• USBNoRisk Log

---

---

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

• Please go to this link Adobe Acrobat Reader Download Link
• Click Download
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.

• Adobe Reader 8.1.3
  Java(TM) 6 Update 7

Now close the Control Panel.

XxSaberxX

Sorry. Didn't see the question. My lappy recently started pausing every now and then, and sometimes it results in Windows Explorer 'not responding' and my whole screen slowly turns white. I suspect there's something that is causing that, though i'm not exactly sure.

XxSaberxX

ComboFix 09-05-22.05 - Owner 23/05/2009 11:15.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.65.1033.18.2046.822 [GMT 8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
PEV Error: LocalSettingsFile

((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
.

2009-05-23 03:04 . 2009-05-23 03:17

---

d

---

w c:\users\Owner\AppData\Local\temp
2009-05-23 03:04 . 2009-05-23 03:04

---

d

---

w c:\users\Authorized\AppData\Local\temp
2009-05-23 02:58 . 2009-05-23 02:58

---

d

---

w c:\users\Owner\AppData\Roaming\Malwarebytes
2009-05-23 02:58 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 02:58 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 02:58 . 2009-05-23 02:58

---

d

---

w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 02:58 . 2009-05-23 02:58

---

d

---

w c:\programdata\Malwarebytes
2009-05-23 02:53 . 2009-05-23 02:53

---

d

---

w c:\users\Owner\AppData\Roaming\Foxit
2009-05-23 02:52 . 2009-05-23 02:52

---

d

---

w c:\program files\Foxit Software
2009-05-22 16:02 . 2009-05-22 16:02

---

d

---

w c:\users\Owner\AppData\Roaming\Auslogics
2009-05-22 15:53 . 2009-05-22 15:53 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-22 15:53 . 2009-05-22 15:53 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-22 15:53 . 2009-05-22 15:53 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-22 15:53 . 2009-05-22 15:53 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-22 15:53 . 2009-05-23 00:09

---

d

---

w c:\windows\system32\drivers\Avg
2009-05-22 15:42 . 2009-05-22 15:42

---

d

---

w c:\program files\CCleaner
2009-05-22 15:41 . 2009-05-22 15:41

---

d

---

w c:\program files\Auslogics
2009-05-22 15:31 . 2009-05-22 15:31

---

d

---

w C:\rsit
2009-05-22 08:36 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{D52AF379-82C7-4517-8CD9-6BA5898E838D}\mpengine.dll
2009-05-18 15:31 . 2009-05-18 15:31

---

d

---

w c:\program files\Trend Micro
2009-05-18 00:22 . 2009-05-18 00:22 299352 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-18 00:22 . 2009-05-18 00:22 25440 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-05-18 00:22 . 2009-05-18 00:22 15688 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-17 17:57 . 2009-05-17 17:57 626000 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-17 17:57 . 2009-05-17 17:57 516440 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-17 17:57 . 2009-05-17 17:57 953168 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-17 17:53 . 2009-05-17 17:53

---

dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-17 17:53 . 2009-03-12 08:17 2902048 -c--a-w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-13 03:48 . 2009-05-13 03:48

---

d-sh--w c:\windows\system32\%APPDATA%
2009-05-11 16:17 . 2009-05-11 16:17

---

d

---

w c:\users\Owner\AppData\Local\CCP
2009-05-11 11:09 . 2009-05-11 11:09

---

d

---

w c:\programdata\CCP
2009-05-08 09:12 . 2009-05-08 09:12

---

d

---

w c:\programdata\Seagate
2009-05-08 09:11 . 2009-05-08 09:11

---

d

---

w c:\windows\Downloaded Installations
2009-05-08 09:11 . 2009-05-08 09:11

---

d-sh--w c:\windows\ftpcache
2009-05-06 07:35 . 2009-05-06 07:35

---

d

---

w c:\windows\Sins of a Solar Empire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 03:03 . 2008-05-26 10:40

---

d

---

w c:\users\Owner\AppData\Roaming\Hamachi
2009-05-22 18:02 . 2008-01-26 15:45 12 ----a-w c:\windows\bthservsdp.dat
2009-05-22 15:53 . 2008-05-06 23:54

---

d

---

w c:\programdata\avg8
2009-05-22 15:51 . 2008-05-06 14:55

---

d

---

w c:\program files\SpywareBlaster
2009-05-22 15:51 . 2008-01-26 15:34

---

d

---

w c:\programdata\Spybot - Search & Destroy
2009-05-22 15:49 . 2008-01-26 15:51

---

d--h--w c:\program files\InstallShield Installation Information
2009-05-22 15:47 . 2008-01-26 16:45

---

d

---

w c:\program files\Creative
2009-05-19 04:03 . 2009-01-18 12:15

---

d

---

w c:\users\Owner\AppData\Roaming\Any Video Converter
2009-05-18 09:06 . 2008-05-18 18:10

---

d

---

w c:\program files\Safari
2009-05-18 00:22 . 2009-05-17 18:10 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-18 00:22 . 2009-05-18 00:22 165728 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-05-18 00:22 . 2009-05-18 00:22 343888 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-05-18 00:22 . 2009-05-18 00:22 289632 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-05-18 00:22 . 2009-05-18 00:22 82784 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-18 00:21 . 2009-05-18 00:21 1629024 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-05-18 00:21 . 2009-05-18 00:21 212848 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-18 00:21 . 2009-05-18 00:21 40288 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-18 00:21 . 2009-05-18 00:21 64160 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-18 00:21 . 2009-05-18 00:21 632680 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-05-18 00:21 . 2009-05-18 00:21 539512 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-05-18 00:21 . 2009-05-18 00:21 552808 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-18 00:20 . 2009-05-18 00:20 2324808 ----a-w c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-17 17:53 . 2008-03-27 00:10

---

d

---

w c:\program files\Lavasoft
2009-05-14 16:45 . 2009-01-18 12:15

---

d

---

w c:\program files\Any Video Converter
2009-05-13 03:48 . 2007-11-08 21:29

---

d

---

w c:\programdata\Microsoft Help
2009-05-13 03:45 . 2006-11-02 11:18

---

d

---

w c:\program files\Windows Mail
2009-05-08 18:01 . 2008-06-28 23:38 98304 ----a-w c:\windows\system32CmdLineExt.dll
2009-05-07 03:59 . 2009-02-06 10:51

---

d

---

w c:\program files\Garena
2009-05-06 07:40 . 2008-01-26 00:07 101816 ----a-w c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-02 04:04 . 2008-01-27 07:00 680 ----a-w c:\users\Owner\AppData\Local\d3d9caps.dat
2009-04-29 14:34 . 2007-11-08 21:32

---

d

---

w c:\program files\Microsoft Works
2009-04-19 11:50 . 2008-05-31 13:23

---

d

---

w c:\program files\FlashGet
2009-04-10 06:53 . 2009-03-31 03:31 68203 ----a-w c:\windows\War3Unin.dat
2009-04-09 16:42 . 2009-04-09 16:42

---

d--h--w c:\programdata\{FD71DB76-A64B-4A16-BD57-1CC61B92D082}
2009-04-09 16:18 . 2009-04-09 16:18

---

d

---

w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-09 16:18 . 2009-04-09 16:18

---

d

---

w c:\program files\iTunes
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-18 15:48 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-18 15:48 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 21:19 . 2008-12-07 15:04 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-04-29 14:30 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-29 14:30 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-29 14:30 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-29 14:30 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-29 14:30 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-29 14:30 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-29 14:30 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-29 14:30 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-29 14:30 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-29 14:30 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-29 14:30 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-29 14:30 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-29 14:30 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-29 14:30 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-29 14:30 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-29 14:30 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-29 14:30 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-29 14:30 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-05 15:59 . 2009-03-05 15:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 15:59 . 2009-03-05 15:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-03 04:46 . 2009-04-18 15:48 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-18 15:48 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-18 15:48 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-18 15:48 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-18 15:48 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-18 15:48 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-18 15:48 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-18 15:48 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-18 15:48 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-18 15:48 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-28 14:19 . 2008-06-02 03:18 6102782 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-02-24 22:41 . 2009-03-05 17:43 2590336 -c--a-w c:\programdata\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\Impulse_setup.exe
2009-02-24 22:10 . 2009-03-05 17:43 587120 -c--a-w c:\programdata\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\OFFLINE\939F327A\6217F262\SDC.dll
2009-02-24 22:10 . 2009-03-05 17:43 9072 -c--a-w c:\programdata\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\OFFLINE\939F327A\38EBD4A9\Sd.Irc.resources.dll
2009-02-24 22:10 . 2009-03-05 17:43 107888 -c--a-w c:\programdata\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\OFFLINE\939F327A\C430389C\VistaBridgeLibrary.dll
2009-02-24 22:10 . 2009-03-05 17:43 161136 -c--a-w c:\programdata\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\OFFLINE\939F327A\C430389C\VDialog.dll
2009-02-24 22:08 . 2009-03-05 17:43 733184 -c--a-w c:\programdata\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\OFFLINE\939F327A\C430389C\UninstHelper.exe
2009-02-24 22:07 . 2009-03-05 17:43 616696 -c--a-w c:\programdata\{76E4F0D3-DBAE-4553-92DF-9807B61B5277}\OFFLINE\939F327A\C430389C\7z.dll
2007-11-08 13:12 . 2007-11-08 12:58 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-23_03.03.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-23 03:00 . 2009-05-23 03:15 6475776 c:\windows\ERDNT\Hiv-backup\schema.dat
- 2009-05-23 03:00 . 2009-05-23 03:00 6475776 c:\windows\ERDNT\Hiv-backup\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 10:22 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="d:\games\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-31 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-17 516440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-22 1947928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-5-26 625952]
ImpulseNow.lnk - d:\games\Stardock\Impulse\Now\ImpulseNow.exe [2009-4-9 356352]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-2-20 157008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=&quot;Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=&quot;Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4BFDDA2B-EFE7-4D65-87F4-9656C4E823BB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BA5B0374-5C78-439E-B547-153059E1CFB8}"= UDP:d:\games\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{14A99915-281C-4391-8B8E-A9C3BA7761AA}"= TCP:d:\games\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{56182432-BFB1-4C1E-9963-2501B9944D19}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{5C03A54C-DE68-443D-B130-E8A09790E206}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{1BEA049A-EC92-4A80-B450-A8C62A07B1C0}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5A81F8E0-083A-4DD7-B1A8-14FC5018DD03}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{97019DF6-6E0E-4515-AE2B-1241D47E5C12}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{BFDCED1A-B479-4635-A40C-728CC0A3FCD5}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{B60AEF1F-CD23-4614-A398-7D3FEE2D1CD1}"= UDP:g:\program installers\utorrent.exe:µTorrent
"{8ACC6C9E-CD28-4FDE-A04A-A972D74BB3B0}"= TCP:g:\program installers\utorrent.exe:µTorrent
"{662003D6-E044-4619-9DDD-D94AA21FFD28}"= UDP:c:\users\Owner\Desktop\utorrent.exe:µTorrent
"{D1AD919B-85BB-42DA-BC05-07B29F198B57}"= TCP:c:\users\Owner\Desktop\utorrent.exe:µTorrent
"{00A8DCEC-0DB6-4AA6-A0C3-9B411BE2F23A}"= UDP:c:\users\Owner\Desktop\utorrent.exe:µTorrent (TCP-In)
"{BE4CDDAB-5AF3-4085-A538-959F6822818A}"= TCP:c:\users\Owner\Desktop\utorrent.exe:µTorrent (UDP-In)
"{A2E74334-8490-4E03-B0C6-37F5E0A813D6}"= UDP:d:\games\Sports Interactive\fm.exe:Football Manager 2009
"{4E4F2B68-76A6-4AFF-A0D0-95949384D5BC}"= TCP:d:\games\Sports Interactive\fm.exe:Football Manager 2009
"{EA9B4FCA-67F9-4E55-8812-6ADE3427ADE9}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{829B5A16-02EF-4199-8BC9-1B930307F1DE}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{E496EBD9-C0A5-4F7F-9FE8-D27A0802063C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5559EFC2-4AED-43A0-A724-48193D7ADAB2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{718FF82E-4543-4FC2-9299-8595034BBCD0}"= UDP:d:\games\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{6D9B6FB5-95F4-400D-85EC-583B874339A0}"= TCP:d:\games\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{DBDA5C35-7799-4951-AEBC-790152CA9AD2}"= UDP:d:\games\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{97460509-64A1-4257-BA0B-5499D2AA06B5}"= TCP:d:\games\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{346B9C0C-DD48-41D1-A591-60A5FF2C0E62}"= UDP:d:\games\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{16185E31-343E-4594-89DA-C17013981840}"= TCP:d:\games\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{DC0694AA-B941-4453-A4C8-F6B0A0222D88}"= UDP:d:\games\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{3341FB0C-FFEE-4A9B-8657-DF8192BC3C71}"= TCP:d:\games\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{361A9544-340C-402A-B217-3E5A132E33DC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{28CF3107-E7AA-4528-9FB3-C31CFCED8A11}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{44BF2FF2-DF5E-4CE2-B639-C11BFD6962DB}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{5CA03434-69B7-4FAC-8506-D5437429F32E}c:\\program files\\sports interactive\\football manager 2009\\fm.exe"= UDP:c:\program files\sports interactive\football manager 2009\fm.exe:Football Manager 2009
"UDP Query User{063C75AE-8B72-4CC2-BCB2-ECF6749F7B8B}c:\\program files\\sports interactive\\football manager 2009\\fm.exe"= TCP:c:\program files\sports interactive\football manager 2009\fm.exe:Football Manager 2009
"TCP Query User{97365139-3849-401F-8C9A-9D2DAA0329FD}d:\\games\\images\\left 4 dead\\left4dead.exe"= UDP:d:\games\images\left 4 dead\left4dead.exe:left4dead
"UDP Query User{89491369-3E09-4EC6-8DB7-DD6D827F0076}d:\\games\\images\\left 4 dead\\left4dead.exe"= TCP:d:\games\images\left 4 dead\left4dead.exe:left4dead
"TCP Query User{86688135-9695-47DB-8C60-F34DF8A83C37}c:\\sysreset\\mirc.exe"= UDP:c:\sysreset\mirc.exe:mIRC
"UDP Query User{5A0E8B83-2184-44D9-B251-0895030A6646}c:\\sysreset\\mirc.exe"= TCP:c:\sysreset\mirc.exe:mIRC
"TCP Query User{CE9BCA57-5BE6-48CF-B7F7-42A47B5EF086}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{82231754-1BC7-47DE-BE78-6320FF7C5F58}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"{9DDB9BEF-6E9E-4921-B692-41BAB724257C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D8045044-C7CB-461B-8805-08E498E003D8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{47076D13-7DB3-4053-B97D-3039FFC97B85}"= UDP:d:\games\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{1A9B399D-0BA0-438B-BAC7-D9EB986B380E}"= TCP:d:\games\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"TCP Query User{0CE4C6B8-04DD-477B-92A2-E540AED325F1}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{D5DB5878-4A71-4733-87C7-AF792DB10C3E}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena
"TCP Query User{FBA54703-12D5-4B57-B8E3-FEE759ACA540}d:\\games\\diablo ii\\game.exe"= UDP:d:\games\diablo ii\game.exe:Diablo II
"UDP Query User{92A852D9-C5BE-41C0-A72B-4B93C19660F5}d:\\games\\diablo ii\\game.exe"= TCP:d:\games\diablo ii\game.exe:Diablo II
"TCP Query User{ED42CD1E-51C5-44CD-AF2D-F92A7C892503}d:\\games\\eve online\\bin\\exefile.exe"= UDP:d:\games\eve online\bin\exefile.exe:CCP ExeFile
"UDP Query User{D948DB67-21EC-4BFC-A5B3-46140295F653}d:\\games\\eve online\\bin\\exefile.exe"= TCP:d:\games\eve online\bin\exefile.exe:CCP ExeFile
"{F14CAE4E-55A5-40B2-AAC5-061DEBE21C1F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{063D367D-5AA8-476F-8D53-6A336B6E99DD}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [22/05/2009 23:53 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [22/05/2009 23:53 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22/05/2009 23:53 298776]
R2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [26/05/2008 18:34 625952]
R3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\System32\drivers\ST50220.sys [02/12/2008 12:26 34224]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/03/2009 03:06 953168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [02/11/2006 18:25 167936]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [01/02/2008 16:17 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [01/02/2008 16:17 8320]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [08/12/2008 10:30 464264]
S4 GtFix;GtFix;c:\program files\Option\GlobeTrotter Connect\GtFix.exe [17/07/2007 07:28 114688]
S4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [26/01/2008 23:51 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:21]

2009-05-22 c:\windows\Tasks\Auslogics Console Defragmentation.job
- c:\program files\Auslogics\AusLogics Disk Defrag\cdefrag.exe [2009-05-22 09:37]

2009-05-22 c:\windows\Tasks\User_Feed_Synchronization-{BA2C7C89-D801-4463-89D1-C0D7352D0DCA}.job
- c:\windows\system32\msfeedssync.exe [2009-04-29 11:31]
.
.

---

Supplementary Scan

---

.
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {E8F31E57-681A-4ED3-A96D-8C5E85698452} = 202.156.1.68,218.186.1.88
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s6zp1zk5.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-23 11:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0x4620676E

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_USERS\S-1-5-21-3478870226-1589877564-701819142-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c8,2c,d2,c3,a9,80,43,53,a5,80,ce,ce,bf,00,c5,e9,fe,7d,ec,2a,da,4b,d0,
7c,06,d6,cc,7f,33,e8,05,56,bc,81,e7,53,82,3c,2d,66,93,ef,ba,4e,78,3c,64,ad,\
"??"=hex:bd,f8,b4,ea,f8,e9,39,92,9b,70,94,ed,86,fc,4c,f7

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'Explorer.exe'(5308)
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
Completion time: 2009-05-23 11:19
ComboFix-quarantined-files.txt 2009-05-23 03:18
ComboFix2.txt 2009-05-23 03:04

Pre-Run: 11,614,900,224 bytes free
Post-Run: 11,518,246,912 bytes free

334 --- E O F --- 2009-05-22 08:36

XxSaberxX

USBNoRisk 2.2 09 May 2009 by bobby

Started at 23/05/2009 11:24:42

Searching for connected USB Mass storage...

---

========================================

Searching for other storage...

---

C: {09591292-cc25-11dc-995e-806e6f6e6963}
D: {1032df3d-cc27-11dc-ab29-001a6bb70a38}
H: {448ec68e-df28-11dd-b7e3-0016d38b0b4a}
========================================


Scanning fixed storage...

---

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 09591292-cc25-11dc-995e-806e6f6e6963
No Desktop.ini files found on C:

---

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 1032df3d-cc27-11dc-ab29-001a6bb70a38
No Desktop.ini files found on D:

---

No blocked files found on H:
No Autorun.inf files found on H:
No mountpoint found for H:
No mountpoint found for 448ec68e-df28-11dd-b7e3-0016d38b0b4a
No Desktop.ini files found on H:

---

autorun.inf found in Qoobox

---

Content of C:\QooBox\Quarantine\H\autorun.inf.vir

---

[autorun]
icon = .\Maxtor_Desktop.ico

---

========================================
Initial scan finished!
========================================

XxSaberxX

Malwarebytes' Anti-Malware 1.36
Database version: 2168
Windows 6.0.6001 Service Pack 1

23/05/2009 15:25:24
mbam-log-2009-05-23 (15-25-24).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|H:\|)
Objects scanned: 232845
Time elapsed: 3 hour(s), 44 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Katana

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it collect.bat Please save it on your desktop.

@Zip LocalSettings.zip C:\QooBox\BackEnv\localsettings.folder.dat C:\QooBox\BackEnv\localappdata.folder.dat &&DEL %0
exit

Double click on collect.bat
This will create a file called LocalSettings.zip on your desktop, you will be needing it in the next step.

Please open LINK >>> THIS PAGE <<<LINK in a new window.

In the box marked Link to topic where this file was requested: please put this text

http://icrontic.com/forum/showthread.php?p=687773#post687773

In the box marked Browse to the file you want to submit: please put this text

c:\users\Owner\Desktop\LocalSettings.zip

In the Largest box please put

File Requested By Katana/sUBs
PEV Error: LocalSettingsFile

Finally click SendFile



Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click Yes.
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log.
• Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

XxSaberxX

---

KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 25, 2009
Operating System: Microsoft Windows Vista Business Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, May 24, 2009 13:09:37
Records in database: 2233588

---

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan statistics:
Files scanned: 156609
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 03:57:21


File name / Threat name / Threats count
C:\sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3bc72a85-568266c5 Infected: Trojan-Downloader.Java.Agent.n 1
H:\Backup\Program Installers\sysreset253.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1

The selected area was scanned.

XxSaberxX

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-24 15:12:25
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

INT 0x51 ? 86CE7F00
INT 0x52 ? 86CE7F00
INT 0x62 ? 86CE7F00
INT 0x72 ? 84C5CBF8
INT 0x82 ? 84C5CBF8
INT 0x92 ? 84C5CBF8
INT 0x92 ? 84C5CBF8
INT 0x92 ? 84C5CBF8
INT 0x92 ? 86CE7F00
INT 0x92 ? 84C5CBF8
INT 0xA2 ? 86CE7F00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\sphe.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8D3C946F 5 Bytes JMP 86CE74E0
.text anaiyy4d.SYS 8D6B0000 22 Bytes [26, 42, 1C, 83, 10, 41, 1C, ...]
.text anaiyy4d.SYS 8D6B0017 130 Bytes [00, 32, 87, 79, 80, 3D, 85, ...]
.text anaiyy4d.SYS 8D6B009A 14 Bytes [E5, 82, 9C, 83, E5, 82, 60, ...]
.text anaiyy4d.SYS 8D6B00A9 35 Bytes [70, E5, 82, A0, 67, E5, 82, ...]
.text anaiyy4d.SYS 8D6B00CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4332] USER32.dll!DialogBoxIndirectParamW 7613BD25 5 Bytes JMP 6F5AE021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4332] USER32.dll!CreateWindowExW 76143D67 5 Bytes JMP 6F494832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4332] USER32.dll!DialogBoxParamW 76151FD5 5 Bytes JMP 6F3B9315 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4332] USER32.dll!DialogBoxParamA 761780B2 5 Bytes JMP 6F5ADFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4332] USER32.dll!DialogBoxIndirectParamA 761783DD 5 Bytes JMP 6F5AE084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4332] USER32.dll!MessageBoxIndirectA 7618D471 5 Bytes JMP 6F5ADF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4332] USER32.dll!MessageBoxIndirectW 7618D56B 5 Bytes JMP 6F5ADEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4332] USER32.dll!MessageBoxExA 7618D5D1 5 Bytes JMP 6F5ADE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4332] USER32.dll!MessageBoxExW 7618D5F5 5 Bytes JMP 6F5ADE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!SetWindowsHookExW 76137B69 5 Bytes JMP 6F48DBCB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!CallNextHookEx 76138C33 5 Bytes JMP 6F48DD81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!DialogBoxIndirectParamW 7613BD25 5 Bytes JMP 6F5AE021 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!CreateWindowExW 76143D67 5 Bytes JMP 6F494832 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!DialogBoxParamW 76151FD5 5 Bytes JMP 6F3B9315 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!UnhookWindowsHookEx 761608BE 5 Bytes JMP 6F3F1CA2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!DialogBoxParamA 761780B2 5 Bytes JMP 6F5ADFBE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!DialogBoxIndirectParamA 761783DD 5 Bytes JMP 6F5AE084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!MessageBoxIndirectA 7618D471 5 Bytes JMP 6F5ADF51 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!MessageBoxIndirectW 7618D56B 5 Bytes JMP 6F5ADEE6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!MessageBoxExA 7618D5D1 5 Bytes JMP 6F5ADE84 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] USER32.dll!MessageBoxExW 7618D5F5 5 Bytes JMP 6F5ADE22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5856] ole32.dll!CoCreateInstance 7705E188 5 Bytes JMP 6F49488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068F6D2] \SystemRoot\System32\Drivers\sphe.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068F040] \SystemRoot\System32\Drivers\sphe.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068F7FC] \SystemRoot\System32\Drivers\sphe.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068F0BE] \SystemRoot\System32\Drivers\sphe.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068F13C] \SystemRoot\System32\Drivers\sphe.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069F048] \SystemRoot\System32\Drivers\sphe.sys
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8DC80320
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [8D6D5FBC] \SystemRoot\System32\Drivers\anaiyy4d.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortReadPortUshort] 6D5FC8A1
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortReadPortBufferUshort] [8D526A8D] \SystemRoot\system32\DRIVERS\NETw4v32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation)
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\anaiyy4d.SYS[ataport.SYS!AtaPortDeviceStateChange] [8D076A50] \SystemRoot\system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85E201F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84C5E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{EE870089-E456-4F5B-9B53-1188BD2207F4} 900F9500
Device \Driver\netbt \Device\NetBT_Tcpip_{E8F31E57-681A-4ED3-A96D-8C5E85698452} 900F9500
Device \Driver\usbuhci \Device\USBPDO-0 86CF51F8
Device \Driver\usbuhci \Device\USBPDO-1 86CF51F8
Device \Driver\usbehci \Device\USBPDO-2 86CF41F8
Device \Driver\usbuhci \Device\USBPDO-3 86CF51F8
Device \Driver\usbuhci \Device\USBPDO-4 86CF51F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 86CF51F8
Device \Driver\usbehci \Device\USBPDO-6 86CF41F8
Device \Driver\volmgr \Device\HarddiskVolume1 84C5E1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84C5E1F8
Device \Driver\cdrom \Device\CdRom0 86D171F8
Device \Driver\volmgr \Device\HarddiskVolume3 84C5E1F8
Device \Driver\cdrom \Device\CdRom1 86D171F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85E1E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 85E1E1F8
Device \Driver\atapi \Device\Ide\IdePort0 85E1E1F8
Device \Driver\atapi \Device\Ide\IdePort1 85E1E1F8
Device \Driver\atapi \Device\Ide\IdePort2 85E1E1F8
Device \Driver\atapi \Device\Ide\IdePort3 85E1E1F8
Device \Driver\atapi \Device\Ide\IdePort4 85E1E1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 85E1F1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 85E1F1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 85E1F1F8
Device \Driver\volmgr \Device\HarddiskVolume4 84C5E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{FD277D65-41BD-4A69-8558-99DA13F42E66} 900F9500
Device \Driver\netbt \Device\NetBt_Wins_Export 900F9500
Device \Driver\Smb \Device\NetbiosSmb 900F61F8
Device \Driver\PCI_PNP6163 \Device\0000004f sphe.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86DEE1F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\sptd \Device\86518175 sphe.sys
Device \Driver\usbuhci \Device\USBFDO-0 86CF51F8
Device \Driver\USBSTOR \Device\0000007a 900D01F8
Device \Driver\usbuhci \Device\USBFDO-1 86CF51F8
Device \Driver\USBSTOR \Device\0000007b 900D01F8
Device \Driver\usbehci \Device\USBFDO-2 86CF41F8
Device \Driver\usbuhci \Device\USBFDO-3 86CF51F8
Device \Driver\usbuhci \Device\USBFDO-4 86CF51F8
Device \Driver\usbuhci \Device\USBFDO-5 86CF51F8
Device \Driver\usbehci \Device\USBFDO-6 86CF41F8
Device \Driver\anaiyy4d \Device\Scsi\anaiyy4d1Port6Path0Target0Lun0 86DE11F8
Device \Driver\anaiyy4d \Device\Scsi\anaiyy4d1 86DE11F8
Device \FileSystem\cdfs \Cdfs 920A71F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bb70a38
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bb70a38@001e3d06ee39 0xD1 0x58 0x97 0x91 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Games\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x12 0x33 0xEC 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB8 0x66 0x8A 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x14 0xB3 0x3E 0x6D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x29 0xF4 0x7E 0xA1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x22 0xA0 0x3C 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xBD 0x86 0xB6 0x08 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bb70a38
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bb70a38@001e3d06ee39 0xD1 0x58 0x97 0x91 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Games\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x12 0x33 0xEC 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB8 0x66 0x8A 0x9B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x14 0xB3 0x3E 0x6D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x29 0xF4 0x7E 0xA1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x22 0xA0 0x3C 0x07 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xBD 0x86 0xB6 0x08 ...

---- EOF - GMER 1.0.15 ----

Katana

OTMoveIt
Please download OTM by OldTimer and save it to your desktop

• Double-click OTM.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include :Processes )

:Processes
:Files
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5
:Commands
[Purity]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• - Close ALL open windows (especially Internet Explorer!)-
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



How are things running now ?

XxSaberxX

========== PROCESSES ==========
========== FILES ==========
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 moved successfully.
========== COMMANDS ==========

OTM by OldTimer - Version 2.1.0.0 log created on 05262009_232556

---

Slightly better. Thanks. So there's no malware or spyware affecting my system?

Katana

XxSaberxX wrote:

So there's no malware or spyware affecting my system?

Correct


Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.


Uninstall Combofix

• This will clear your System Volume Information restore points and remove all the infected files that were quarantined
• Click START, type RUN into the search box, then click Enter
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  
  • 

Uninstall OTMoveIt (OTM.exe)

• Open OTMoveIt Click Cleanup,
• When a box pops up click YES.

---

---

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware is

not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
[*]Spybot - Search & Destroy <<< A must have program

• It includes host protection and registry protection
• A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

[*] MalwareBytes Anti-malware <<< A New and effective program
[*]a-squared Free <<< A good "realtime" or "on demand" scanner
[*]superantispyware <<< A good "realtime" or "on demand" scanner



Prevention

These programs don't detect malware, they help stop it getting on your machine in the first place. Each does a different job, so you can have more than one
• Winpatrol
  • An excellent startup manager and then some !!
  • Notifies you if programs are added to startup
  • Allows delayed startup
  • A must have addition
• SpywareBlaster 4.0
  • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
• SpywareGuard 2.2
  • SpywareGuard provides real-time protection against spyware.
  • Not required if you have other "realtime" antispyware or Winpatrol
• ZonedOut
  • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
• MVPS HOSTS
  • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
  • Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
     
     • Change the Download signed ActiveX controls to Prompt
     • Change the Download unsigned ActiveX controls to Disable
     • Change the Initialise and script ActiveX controls not marked as safe to Disable
     • Change the Installation of desktop items to Prompt
     • Change the Launching programs and files in an IFRAME to Prompt
     • Change the Navigate sub-frames across different domains to Prompt
     • When all these settings have been made, click on the OK button.
     • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.

• FireFox
  • With many addons available that make customization easy this is a very popular choice
  • NoScript and AdBlockPlus addons are essential
• Opera
  • Another popular alternative
• Netscape
  • Another popular alternative
  • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

Temporary Internet Files are mainly the files that are downloaded when you open a web page. Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware. It is a good idea to empty the Temporary Internet Files folder on a regular basis. Tracking Cookies are files that websites use to monitor which sites you visit and how often. A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted. CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords Both of these can be cleaned manually, but a quicker option is to use a program
• ATF Cleaner
  • Free and very simple to use
• CCleaner
  • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

XxSaberxX

Thanks a lot!