Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect ! antivirus' wont start ! [Closed]

Started by helloyip , Sep 23 2009 05:26 PM

  • This topic is locked This topic is locked

#1
helloyip
Posted 23 September 2009 - 05:26 PM

helloyip

    Member

  • Member
  • PipPip
  • 13 posts
:) my google links are being redirected, my computer is running quite slow, and i cant right click in firefox.My antivirus' wont run, including mbam and superfreeantispywaree.

help please? thanks ! :)

OTL logfile created on: 9/9/2009 04:52:52 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Yip\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.98 Mb Total Physical Memory | 476.45 Mb Available Physical Memory | 53.30% Memory free
2.12 Gb Paging File | 1.83 Gb Available in Paging File | 86.31% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 41.56 Gb Free Space | 59.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN
Current User Name: Yip
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/08/26 21:10:06 | 02,383,216 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2007/06/07 20:28:06 | 00,561,152 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/09/09 16:07:06 | 03,204,801 | R--- | M] () -- C:\Documents and Settings\Yip\Desktop\ComboFix.exe
PRC - [2009/09/09 00:32:17 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/09 16:50:47 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yip\Desktop\TFC.exe
PRC - [2009/09/09 16:52:19 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yip\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/06/07 20:28:06 | 00,561,152 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/09/15 23:08:12 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Stopped])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Stopped])
SRV - [2004/04/07 14:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Stopped])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/09/23 04:49:08 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (ehRecvr [Auto | Stopped])
SRV - File not found -- -- (ehSched [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - File not found -- -- (McrdSvc [Auto | Stopped])
SRV - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2006/08/23 18:13:28 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Stopped])
SRV - [2009/04/26 20:05:00 | 02,870,429 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation [Auto | Stopped])
SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/09/04 21:54:44 | 00,880,722 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe -- (PcCtlCom [Auto | Stopped])
SRV - [2004/01/05 03:30:14 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2005/08/30 18:47:46 | 00,290,889 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe -- (Tmntsrv [Auto | Stopped])
SRV - [2005/08/30 18:47:46 | 00,585,792 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe -- (TmPfw [Auto | Stopped])
SRV - [2005/08/30 18:47:46 | 00,262,215 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe -- (tmproxy [Auto | Stopped])
SRV - [2009/08/27 00:30:43 | 00,361,216 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe -- (tuneup.defrag [On_Demand | Stopped])
SRV - [2009/08/27 00:30:50 | 00,604,416 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe -- (tuneup.programstatisticssvc [Auto | Stopped])
SRV - [2009/04/27 14:21:36 | 00,028,928 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll -- (uxtuneup [Auto | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Stopped])
SRV - [2009/08/26 21:10:06 | 02,383,216 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - File not found -- -- (wltrysvc [Auto | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061122
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5061122
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-cneta&type=biennesoft_10647340"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-cneta&type=biennesoft_10647340"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07051001
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {FD9E5C6A-55ED-479D-9E08-C5E26A6CA0DC}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.3.20080730
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/09 00:32:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/09 00:32:36 | 00,000,000 | ---D | M]

[2008/08/26 00:13:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\mozilla\Extensions
[2008/08/26 00:13:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/09 00:15:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\mozilla\Firefox\Profiles\0eowsv68.default\extensions
[2009/01/25 22:30:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\mozilla\Firefox\Profiles\0eowsv68.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/17 13:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\mozilla\Firefox\Profiles\0eowsv68.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008/08/31 02:52:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\mozilla\Firefox\Profiles\0eowsv68.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2007/05/28 00:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\mozilla\Firefox\Profiles\0eowsv68.default\extensions\[email protected]
[2009/08/17 13:10:05 | 00,004,207 | ---- | M] () -- C:\Documents and Settings\Yip\Application Data\Mozilla\FireFox\Profiles\0eowsv68.default\searchplugins\aim-search.xml
[2008/08/31 16:04:49 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Yip\Application Data\Mozilla\FireFox\Profiles\0eowsv68.default\searchplugins\ask.xml
[2008/10/02 17:27:55 | 00,000,274 | ---- | M] () -- C:\Documents and Settings\Yip\Application Data\Mozilla\FireFox\Profiles\0eowsv68.default\searchplugins\search.xml
[2009/09/09 16:49:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/09 00:32:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/03 18:02:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/04 19:19:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{FD9E5C6A-55ED-479D-9E08-C5E26A6CA0DC}
[2009/09/09 00:32:11 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/09 00:32:11 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/05 18:08:04 | 00,049,664 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/11/24 15:35:00 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/11/21 17:45:04 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/09/26 12:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2007/02/01 20:08:54 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npdrmv2.dll
[2007/02/01 20:09:09 | 00,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files\mozilla firefox\plugins\npdsplay.dll
[2009/05/20 01:49:50 | 00,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009/05/27 16:41:50 | 00,069,632 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2007/04/24 11:36:16 | 01,452,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/09/09 00:32:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/09/06 06:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/01/05 22:44:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/01/05 22:44:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/01/05 22:44:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/01/05 22:44:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/01/05 22:44:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/01/05 22:44:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/01/05 22:44:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/04/27 16:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2008/09/06 06:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint_.dll
[2007/02/01 20:07:40 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npwmsdrm.dll
[2009/09/09 00:32:27 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/09 00:32:27 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/09/09 00:32:27 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/09 00:32:27 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/09 00:32:27 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/02 17:30:05 | 00,000,354 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2009/09/09 00:32:27 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/09 00:32:27 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (789 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: () - {3d599fc0-7682-4867-9a2a-b2c74c334a43} - C:\WINDOWS\System32\tirewpr.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE (Logitech Inc.)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe (Trend Micro Incorporated.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [Dancer] C:\Program Files\Windows Plus\Dancer\Dancer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe ()
O4 - HKCU..\Run: [Monopod] C:\Documents and Settings\Yip\Local Settings\Temp\b.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Yip\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Yip\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &aim toolbar search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.c...nst20040510.cab (YInstStarter Class)
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} http://gamedownload....Plugin11USA.cab (ijjiPlugin2 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock)
O20 - Winlogon\Notify\xuzirbgg: DllName - tirewpr.dll - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{815b1b48-5396-11de-8cc4-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{815b1b48-5396-11de-8cc4-00038a000015}\Shell\autorun - "" = Auto&Play
O33 - MountPoints2\{815b1b48-5396-11de-8cc4-00038a000015}\Shell\autorun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (Partizan) - File not found
O34 - HKLM BootExecute: (ootExecute) - File not found
O34 - HKLM BootExecute: (settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: jvqwcfwm - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: UxTuneUp - C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\Yip\My Documents\*.tmp files]
[9 C:\Documents and Settings\Yip\Desktop\*.tmp files]
[2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\kareseyu
[2009/09/09 16:52:21 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Yip\Desktop\OTL.exe
[2009/09/09 16:50:50 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Yip\Desktop\TFC.exe
[2009/09/09 16:43:11 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/09/09 16:31:46 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/09 16:31:28 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 16:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malwar
[2009/09/09 16:14:50 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Yip\Desktop\mbam-setup.exe
[2009/09/09 16:07:08 | 03,204,801 | R--- | C] () -- C:\Documents and Settings\Yip\Desktop\ComboFix.exe
[2009/09/08 15:03:09 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/08 15:02:35 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/09/08 15:02:35 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/09/08 15:02:35 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/09/08 15:02:35 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/09/08 15:02:34 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/09/08 15:02:26 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/09/08 00:11:24 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\Yip\Desktop\Garena.lnk
[2009/09/08 00:11:13 | 00,000,000 | ---D | C] -- C:\Program Files\Garena
[2009/09/07 22:27:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Yip\My Documents\Qtracker
[2009/09/07 22:25:07 | 00,000,000 | ---D | C] -- C:\Program Files\Qtracker
[2009/09/07 22:13:51 | 06,308,584 | ---- | C] () -- C:\Documents and Settings\Yip\Desktop\Garena_setup.exe
[2009/09/07 20:52:42 | 00,293,524 | ---- | C] () -- C:\Documents and Settings\Yip\Desktop\RevInstaller_9.78rc2.exe
[2009/09/07 20:35:46 | 06,629,319 | ---- | C] () -- C:\Documents and Settings\Yip\Desktop\L4D.Real.Multi.Crack.rar
[2009/09/07 20:08:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Yip\Application Data\AVG8
[2009/09/07 20:08:16 | 00,848,712 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Yip\Desktop\AVG.exe
[2009/09/07 20:03:49 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Yip\Desktop\avast_home_setup.exe
[2009/09/07 20:00:41 | 33,961,728 | ---- | C] () -- C:\Documents and Settings\Yip\Desktop\avira_antivir_personal_en.exe
[2009/09/07 19:28:58 | 00,000,716 | ---- | C] () -- C:\Documents and Settings\Yip\Desktop\DrWeb.csv
[2009/09/07 19:23:35 | 17,214,712 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Yip\Desktop\drweb-cureit.exe
[2009/09/07 19:21:36 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Yip\Desktop\dds.scr
[2009/09/07 18:32:14 | 03,199,680 | R--- | C] () -- C:\Documents and Settings\Yip\My Documents\ComboFix.exe
[2009/09/07 18:19:21 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/09/07 17:24:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/09/07 17:21:47 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/09/07 17:21:09 | 00,130,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/09/07 17:21:09 | 00,073,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/09/07 17:20:34 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/09/07 17:20:23 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/09/07 17:20:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/09/07 17:20:15 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/09/07 17:20:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Yip\Application Data\PC Tools
[2009/09/07 17:20:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/09/07 17:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Yip\Desktop\Downloads
[2009/09/07 17:18:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Yip\Application Data\GetRightToGo
[2009/09/07 16:23:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\AVR09.exe
[2009/09/07 13:09:29 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/07 13:09:29 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/07 13:09:29 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/07 13:09:29 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/07 13:09:29 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/07 13:09:29 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/07 13:09:29 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/07 13:09:29 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/07 13:09:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/07 13:08:55 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/07 12:41:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/09/06 19:38:04 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\Yip\Desktop\LEFT 4 DEAD.lnk
[2009/09/06 19:31:09 | 00,000,270 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/06 19:18:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/08/31 23:43:02 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\eugijp.sys
[2009/08/31 21:27:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/08/31 15:05:59 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/31 15:05:58 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\Yip\Desktop\ZoneAlarm Security.lnk
[2009/08/31 15:05:39 | 00,303,248 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/08/31 15:05:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/08/31 15:04:56 | 00,419,186 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/31 15:04:54 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/08/31 15:04:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/08/31 14:50:45 | 00,000,132 | ---- | C] () -- C:\httpdwl.dat
[2009/08/31 14:13:47 | 00,000,000 | ---D | C] -- C:\Program Files\ahtiml
[2009/08/27 17:05:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/08/27 16:52:10 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/27 14:38:49 | 00,000,943 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/08/27 02:31:11 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/08/27 02:10:22 | 00,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/08/27 02:10:21 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/08/27 01:59:32 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/08/27 01:59:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/08/27 01:51:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/08/27 00:30:49 | 00,604,416 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/08/27 00:30:47 | 00,000,482 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/08/27 00:30:45 | 00,028,928 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2009/08/27 00:30:43 | 00,361,216 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009/08/27 00:30:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Yip\Application Data\TuneUp Software
[2009/08/27 00:30:18 | 00,001,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2009/08/27 00:30:18 | 00,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2009/08/27 00:29:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/08/27 00:29:54 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/08/27 00:28:50 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/08/27 00:20:13 | 00,011,940 | ---- | C] () -- C:\Documents and Settings\Yip\Local Settings\Application Data\vugol.dll

========== Files - Modified Within 14 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\Yip\My Documents\*.tmp files]
[9 C:\Documents and Settings\Yip\Desktop\*.tmp files]
[2009/09/09 16:52:19 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yip\Desktop\OTL.exe
[2009/09/09 16:50:47 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yip\Desktop\TFC.exe
[2009/09/09 16:42:40 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/09 16:38:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/09 16:37:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/09 16:31:55 | 00,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/09 16:30:27 | 00,000,482 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/09/09 16:27:43 | 00,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/09 16:27:11 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\tpfmkuif.job
[2009/09/09 16:14:49 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Yip\Desktop\mbam-setup.exe
[2009/09/09 16:07:06 | 03,204,801 | R--- | M] () -- C:\Documents and Settings\Yip\Desktop\ComboFix.exe
[2009/09/09 00:01:58 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/09/08 22:43:09 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/09/08 15:03:09 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/09/08 00:11:24 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\Yip\Desktop\Garena.lnk
[2009/09/07 22:13:57 | 06,308,584 | ---- | M] () -- C:\Documents and Settings\Yip\Desktop\Garena_setup.exe
[2009/09/07 21:31:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/07 21:02:55 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/07 21:01:18 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\Yip\Desktop\LEFT 4 DEAD.lnk
[2009/09/07 20:52:39 | 00,293,524 | ---- | M] () -- C:\Documents and Settings\Yip\Desktop\RevInstaller_9.78rc2.exe
[2009/09/07 20:36:24 | 06,629,319 | ---- | M] () -- C:\Documents and Settings\Yip\Desktop\L4D.Real.Multi.Crack.rar
[2009/09/07 20:08:17 | 00,848,712 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Yip\Desktop\AVG.exe
[2009/09/07 20:03:47 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Yip\Desktop\avast_home_setup.exe
[2009/09/07 20:01:12 | 33,961,728 | ---- | M] () -- C:\Documents and Settings\Yip\Desktop\avira_antivir_personal_en.exe
[2009/09/07 19:28:58 | 00,000,716 | ---- | M] () -- C:\Documents and Settings\Yip\Desktop\DrWeb.csv
[2009/09/07 19:28:40 | 00,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/07 19:24:13 | 17,214,712 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Yip\Desktop\drweb-cureit.exe
[2009/09/07 19:21:32 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Yip\Desktop\dds.scr
[2009/09/07 18:19:34 | 03,199,680 | R--- | M] () -- C:\Documents and Settings\Yip\My Documents\ComboFix.exe
[2009/09/07 17:24:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/09/07 17:20:34 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/09/07 16:23:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/09/07 16:23:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\AVR09.exe
[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/31 23:43:02 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\eugijp.sys
[2009/08/31 23:03:13 | 01,568,656 | -H-- | M] () -- C:\Documents and Settings\Yip\Local Settings\Application Data\IconCache.db
[2009/08/31 21:54:25 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Yip\Desktop\Microsoft Office Word 2003.lnk
[2009/08/31 15:15:15 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/31 15:06:55 | 00,419,186 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/31 15:05:58 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\Yip\Desktop\ZoneAlarm Security.lnk
[2009/08/31 14:50:45 | 00,000,132 | ---- | M] () -- C:\httpdwl.dat
[2009/08/31 14:50:44 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/08/27 15:13:32 | 00,000,943 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/08/27 02:10:22 | 00,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/08/27 02:10:21 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/08/27 00:30:50 | 00,604,416 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2009/08/27 00:30:43 | 00,361,216 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009/08/27 00:30:18 | 00,001,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
[2009/08/27 00:30:18 | 00,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk
[2009/08/27 00:20:13 | 00,011,940 | ---- | M] () -- C:\Documents and Settings\Yip\Local Settings\Application Data\vugol.dll

========== LOP Check ==========

[2009/09/07 17:20:15 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/05 22:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/08/27 00:28:55 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2008/12/11 18:50:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/12/11 18:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/08/27 02:09:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2007/12/19 22:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2005/08/16 22:54:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/06/16 16:43:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2008/04/05 10:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/08/17 16:40:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2006/12/04 20:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2009/09/09 16:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/27 00:29:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/08/17 12:59:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/22 12:43:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/09/07 20:08:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Yip\Application Data
[2006/12/01 19:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\acccore
[2009/06/15 23:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\Any Video Converter
[2006/11/22 12:30:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\ATI
[2009/06/01 22:48:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\cqajeiql
[2007/09/07 16:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\CyberLink
[2006/12/31 01:13:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\dvdcss
[2009/03/07 12:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\FVZilla
[2009/09/07 17:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\GetRightToGo
[2007/11/25 18:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\ICAClient
[2009/06/16 16:53:12 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Yip\Application Data\ijjigame
[2007/01/22 23:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\iMP3Tunes
[2008/04/05 10:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\Intuit
[2009/08/17 16:39:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\iolo
[2007/05/28 00:22:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\Move Networks
[2009/03/08 18:23:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\Orbit
[2006/12/04 20:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\Otto
[2009/08/11 16:25:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\Paltalk
[2009/08/17 17:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\Thinstall
[2009/08/27 00:30:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\TuneUp Software
[2009/06/26 14:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\U3
[2008/09/25 16:22:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\uTorrent
[2007/01/11 20:17:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\Viewpoint
[2009/03/03 22:45:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yip\Application Data\zbusoft
[2009/09/09 16:30:27 | 00,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/09/07 21:31:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/09/08 22:43:09 | 00,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2004/08/10 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/09 16:37:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/09 16:27:11 | 00,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\tpfmkuif.job
[2009/09/09 16:27:43 | 00,000,270 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,061,952 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll
[6 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[6 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll
[6 C:\WINDOWS\system32\*.tmp files]

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:825D5945

========== Files - Unicode (All) ==========
[2007/07/15 15:57:29 | 00,000,000 | ---D | C](C:\Documents and Settings\Yip\My Documents\?racle) -- C:\Documents and Settings\Yip\My Documents\Оracle
[2007/07/17 00:15:44 | 00,000,000 | ---D | M](C:\Documents and Settings\Yip\My Documents\?racle) -- C:\Documents and Settings\Yip\My Documents\Оracle
< End of report >


ROOTREPEAL

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/23 17:48
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7395000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF78E0000 Size: 11648 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEDEF0000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xF68E5000 Size: 57344 File Visible: - Signed: -
Status: -

Name: APPDRV.SYS
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
Address: 0xF6430000 Size: 16128 File Visible: - Signed: -
Status: -

Name: aspi32.sys
Image Path: C:\WINDOWS\System32\drivers\aspi32.sys
Address: 0xF7854000 Size: 16512 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7327000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF055000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000 Size: 274432 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF6638000 Size: 1744896 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF0DF000 Size: 2375680 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF09B000 Size: 278528 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF323000 Size: 2355200 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7A9A000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgio.sys
Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Address: 0xF7A44000 Size: 6144 File Visible: - Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xEBB86000 Size: 81920 File Visible: - Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xEDDF2000 Size: 114688 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF78DC000 Size: 16384 File Visible: - Signed: -
Status: -

Name: bcm4sbxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
Address: 0xF7674000 Size: 65536 File Visible: - Signed: -
Status: -

Name: bcmwl5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
Address: 0xF65BC000 Size: 424320 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A30000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF78D4000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF75F4000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF68C5000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7504000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF79BC000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF78D8000 Size: 10240 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF74F4000 Size: 36352 File Visible: - Signed: -
Status: -

Name: DLABOIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Address: 0xF781C000 Size: 25568 File Visible: - Signed: -
Status: -

Name: DLACDBHM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Address: 0xF7A1A000 Size: 5568 File Visible: - Signed: -
Status: -

Name: DLADResN.SYS
Image Path: C:\WINDOWS\System32\DLA\DLADResN.SYS
Address: 0xF7BC1000 Size: 2432 File Visible: - Signed: -
Status: -

Name: DLAIFS_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Address: 0xEB9BA000 Size: 86464 File Visible: - Signed: -
Status: -

Name: DLAOPIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Address: 0xEBBD2000 Size: 14624 File Visible: - Signed: -
Status: -

Name: DLAPoolM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Address: 0xF79CE000 Size: 6304 File Visible: - Signed: -
Status: -

Name: DLARTL_N.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
Address: 0xF7794000 Size: 22624 File Visible: - Signed: -
Status: -

Name: DLAUDF_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Address: 0xEB98C000 Size: 86976 File Visible: - Signed: -
Status: -

Name: DLAUDFAM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Address: 0xEB9A2000 Size: 94272 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF733F000 Size: 153344 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7724000 Size: 61440 File Visible: - Signed: -
Status: -

Name: DRVMCDB.SYS
Image Path: DRVMCDB.SYS
Address: 0xF72DF000 Size: 87104 File Visible: - Signed: -
Status: -

Name: DRVNDDM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Address: 0xF6935000 Size: 38304 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDDB2000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A46000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF7960000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7B82000 Size: 4096 File Visible: - Signed: -
Status: -

Name: eamon.sys
Image Path: C:\WINDOWS\system32\DRIVERS\eamon.sys
Address: 0xB9311000 Size: 835584 File Visible: - Signed: -
Status: -

Name: ehdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Address: 0xB941E000 Size: 118784 File Visible: - Signed: -
Status: -

Name: epfwtdir.sys
Image Path: C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
Address: 0xB93DD000 Size: 102400 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF75B4000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7307000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A2E000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7365000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF79B0000 Size: 9984 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF654D000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
Address: 0xEE1FD000 Size: 745472 File Visible: - Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
Address: 0xEE2B3000 Size: 1011712 File Visible: - Signed: -
Status: -

Name: HSXHWAZL.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
Address: 0xEE3AA000 Size: 237568 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xF7136000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF67E2000 Size: 8576 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7664000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF68D5000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xEDEA9000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xEE04A000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF74C4000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF78A4000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF79C4000 Size: 8192 File Visible: - Signed: -
Status: -

Name: klif.sys
Image Path: C:\WINDOWS\system32\DRIVERS\klif.sys
Address: 0xEE07D000 Size: 296576 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB95B2000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6575000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF72C8000 Size: 92288 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF7514000 Size: 57472 File Visible: - Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7BD6000 Size: 2560 File Visible: No Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xF7084000 Size: 12544 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A32000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7784000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF78AC000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF74D4000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xEDE0E000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF77A4000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF76B4000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF717F000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF71E1000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF71FB000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF79C0000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xEB894000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF64F3000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF76D4000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7534000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xEDFC9000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF77AC000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7228000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7AB7000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nwlnkflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Address: 0xBA297000 Size: 12416 File Visible: - Signed: -
Status: -

Name: nwlnkfwd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Address: 0xF7864000 Size: 32512 File Visible: - Signed: -
Status: -

Name: nwlnkipx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Address: 0xEB796000 Size: 88320 File Visible: - Signed: -
Status: -

Name: nwlnknb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Address: 0xF7574000 Size: 63232 File Visible: - Signed: -
Status: -

Name: nwlnkspx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Address: 0xEB37E000 Size: 55936 File Visible: - Signed: -
Status: -

Name: nwrdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwrdr.sys
Address: 0xEB4EE000 Size: 163584 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7A8D000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF774C000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7384000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A8C000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7744000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCTCore.sys
Image Path: C:\WINDOWS\system32\drivers\PCTCore.sys
Address: 0xB957B000 Size: 225280 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xEE0C6000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF64E2000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF78C4000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7524000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7988000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7684000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7694000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF76A4000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF78CC000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xEDE7E000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A34000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF64B2000 Size: 196224 File Visible: - Signed: -
Status: -

Name: RDPWD.SYS
Image Path: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Address: 0xBA0E9000 Size: 139520 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF68B5000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rimmptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
Address: 0xF78B4000 Size: 28544 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9EF9000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF77BC000 Size: 28672 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xEDECF000 Size: 135168 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xF650A000 Size: 79232 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF72F5000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xF70C8000 Size: 333952 File Visible: - Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xF77B4000 Size: 23040 File Visible: - Signed: -
Status: -

Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xEE0EA000 Size: 1122560 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A20000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF651E000 Size: 191872 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xEB57E000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xEDFF1000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF78BC000 Size: 20480 File Visible: - Signed: -
Status: -

Name: TDTCP.SYS
Image Path: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Address: 0xBA6EF000 Size: 21760 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF76C4000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tm_cfw.sys
Image Path: C:\WINDOWS\System32\Drivers\tm_cfw.sys
Address: 0xF6A2D000 Size: 1867424 File Visible: - Signed: -
Status: -

Name: tmcomm.sys
Image Path: C:\WINDOWS\system32\drivers\tmcomm.sys
Address: 0xF6D5D000 Size: 97280 File Visible: - Signed: -
Status: -

Name: Tmpreflt.sys
Image Path: C:\WINDOWS\system32\drivers\Tmpreflt.sys
Address: 0xF6945000 Size: 53248 File Visible: - Signed: -
Status: -

Name: tmtdi.sys
Image Path: C:\WINDOWS\System32\Drivers\tmtdi.sys
Address: 0xF7564000 Size: 38528 File Visible: - Signed: -
Status: -

Name: TmXPFlt.sys
Image Path: C:\WINDOWS\system32\drivers\TmXPFlt.sys
Address: 0xEB9F8000 Size: 274432 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6454000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A1C000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF789C000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7704000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF7894000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6598000 Size: 147456 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF779C000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6624000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF74E4000 Size: 52352 File Visible: - Signed: -
Status: -

Name: Vsapint.sys
Image Path: C:\WINDOWS\system32\drivers\Vsapint.sys
Address: 0xEBA3B000 Size: 1188640 File Visible: - Signed: -
Status: -

Name: vsdatant.sys
Image Path: C:\WINDOWS\System32\vsdatant.sys
Address: 0xEDF3A000 Size: 585728 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF75A4000 Size: 34560 File Visible: - Signed: -
Status: -

Name: wanatw4.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
Address: 0xF777C000 Size: 20512 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF77EC000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEB411000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7824000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xEBC1A000 Size: 61440 File Visible: No Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xF79AC000 Size: 8832 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF79C6000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF72B5000 Size: 77568 File Visible: - Signed: -
Status: -
  • 0

Advertisements

#2
heir
Posted 25 September 2009 - 02:12 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Sorry about the delay


Hello helloyip !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Step 1.
Win32kDiag:

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Step 2.
Things I would like to see in your reply:

  • The content of Win32kDiag.txt from step 1.
  • The content of Extras.txt on your desktop.

  • 0

#3
helloyip
Posted 27 September 2009 - 01:33 PM

helloyip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello, thank you for your help !

this is the win32kdiag.
Running from: C:\Documents and Settings\Yip\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Yip\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5EE.tmp\ZAP5EE.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF22.tmp\ZAPF22.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\de\de

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\fr\fr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\ja\ja

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\ko\ko

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\zh-chs\zh-chs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2772962437-2925417626-1104516692-1006\S-1-5-21-2772962437-2925417626-1104516692-1006

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\ATI\ACE\ACE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch3\ch3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch4\ch4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch5\ch5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch6\ch6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\instch_gdql_d_cache\instch_gdql_d_cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\{4E3254D7-522A-412A-9296-3F4767B3A2CB}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\08d4e8557aef\08d4e8557aef

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Yahoo\YMP\YMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\My Yahoo! Music\My Yahoo! Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 10\dswmedia\dswmedia

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 10\prefs\prefs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\DswMedia\DswMedia

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\Prefs\Prefs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ZoneLabs\streamapi\streamapi

Mount point destination : \Device\__max++>\^



Finished!

And this is the extras.txt on my desktop
OTL Extras logfile created on: 9/9/2009 04:52:52 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Yip\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.98 Mb Total Physical Memory | 476.45 Mb Available Physical Memory | 53.30% Memory free
2.12 Gb Paging File | 1.83 Gb Available in Paging File | 86.31% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 41.56 Gb Free Space | 59.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN
Current User Name: Yip
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\ijji\ENGLISH\u_gunz.exe" = C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader> -- (NHN USA inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Yip\Desktop\Everything Else\left4dead\Left 4 Dead\left4dead.exe" = C:\Documents and Settings\Yip\Desktop\Everything Else\left4dead\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}" = Ad-Aware 2007
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0ECFA55C-8F8F-41D3-AFAD-30586A418DAA}_is1" = Source Mod 1.2.1
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{133CD5EF-A4A1-442a-8D50-910B5DEF76BD}" = 4200_Help
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34611BCF-3157-405b-A34E-879C7DC79142}" = 4200
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{55a29068-f2ce-456c-9148-c869879e2357}" = TuneUp Utilities 2009
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{669F3AD6-07C4-48EF-99F7-CF64EDB845E9}" = USB Susteen Driver
"{66f0ac35-4805-44bc-a3d4-347d4196f9b3}" = Microsoft Xbox 360 Accessories 1.1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{68A2A8FC-2CA0-4b6c-BE09-CC7ABE2A8DDC}" = 4200Trb
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}" = Trend Micro PC-cillin Internet Security 12
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F4507EF-C5F3-46CE-9718-9D3698821333}" = Motorola Driver Installation
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}" =
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A0DCD97-9648-45ed-A52C-133C728AB2FF}" = 4200Tour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.2
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC6AE077-1566-4655-BE73-38A869C150DC}" = ATI Catalyst Control Center
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{c4124e95-5061-4776-8d5d-e3d931c778e1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}" =
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"adobe flash player plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"any video converter_is1" = Any Video Converter 2.7.5
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"Avi Player" = Avi Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"BuddyList Ops 1.0.0.1" = BuddyList Ops 1.0.0.1
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"FLV Player" = FLV Player 2.0 (build 25)
"Garena" = Garena
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{669F3AD6-07C4-48EF-99F7-CF64EDB845E9}" = USB Susteen Driver
"IP Changer 2.0" = IP Changer 2.0
"L4DSP" = Left 4 Dead Standalone Patch
"LG V CAST Music Sync Reset Tool Install" = LG V CAST Music Sync Reset Tool
"LimeWire" = LimeWire 4.12.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Megavideo Video Downloader_is1" = Megavideo Video Downloader 3.12
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mp4 Player" = MP4 Player
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Qtracker" = Qtracker
"RealAlt_is1" = Real Alternative 1.8.4
"SearchAssist" = SearchAssist
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 6.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"UnityWebPlayer" = Unity Web Player
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"videora xbox 360 converter" = Videora Xbox 360 Converter 4.07
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZAccess Manager" = VZAccess Manager
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"ijji.com" = ijji

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/7/2009 10:43:01 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application left4dead.exe, version 0.0.0.0, faulting module
filesystem_stdio.dll, version 0.0.0.0, fault address 0x00010f0a.

Error - 9/7/2009 10:51:52 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application left4dead.exe, version 0.0.0.0, faulting module
filesystem_stdio.dll, version 0.0.0.0, fault address 0x00010f0a.

Error - 9/7/2009 10:53:41 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application left4dead.exe, version 0.0.0.0, faulting module
filesystem_stdio.dll, version 0.0.0.0, fault address 0x00010f0a.

Error - 9/7/2009 11:02:04 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application left4dead.exe, version 0.0.0.0, faulting module
filesystem_stdio.dll, version 0.0.0.0, fault address 0x00010f0a.

Error - 9/7/2009 11:06:38 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
Description = Faulting application left4dead.exe, version 0.0.0.0, faulting module
filesystem_stdio.dll, version 0.0.0.0, fault address 0x00010f0a.

Error - 9/8/2009 02:54:49 PM | Computer Name = BRIAN | Source = pctsSvc.exe | ID = 0
Description =

Error - 9/8/2009 02:56:18 PM | Computer Name = BRIAN | Source = Application Hang | ID = 1002
Description = Hanging application _iu14D2N.tmp, version 51.49.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2009 03:03:42 PM | Computer Name = BRIAN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/8/2009 03:03:42 PM | Computer Name = BRIAN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/8/2009 11:14:36 PM | Computer Name = BRIAN | Source = MsiInstaller | ID = 11706
Description = Product: Fax -- Error 1706.No valid source could be found for product
Fax. The Windows Installer cannot continue.

[ System Events ]
Error - 9/9/2009 04:29:15 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The Media Center Scheduler Service service failed to start due to
the following error: %%3

Error - 9/9/2009 04:29:15 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/9/2009 04:29:15 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The Media Center Extender Service service failed to start due to the
following error: %%3

Error - 9/9/2009 04:29:15 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7000
Description = The Trend Micro Personal Firewall service failed to start due to the
following error: %%5

Error - 9/9/2009 04:40:25 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI
Driver service which failed to start because of the following error: %%31

Error - 9/9/2009 04:40:25 PM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 APPDRV avgio avipbb Fips klif SASDIFSV SASKUTIL ssmdrv tmtdi

Error - 9/9/2009 04:42:56 PM | Computer Name = BRIAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/9/2009 04:43:59 PM | Computer Name = BRIAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 9/9/2009 04:49:16 PM | Computer Name = BRIAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 9/9/2009 04:49:16 PM | Computer Name = BRIAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

[ tuneup Events ]
Error - 9/7/2009 12:40:37 PM | Computer Name = BRIAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-07 12:40:37', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','4756',0)

Error - 9/7/2009 12:40:47 PM | Computer Name = BRIAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-07 12:40:47', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5728',0)

Error - 9/7/2009 12:45:39 PM | Computer Name = BRIAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-07 12:45:39', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5456',0)

Error - 9/7/2009 12:45:49 PM | Computer Name = BRIAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-07 12:45:49', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','6080',0)

Error - 9/7/2009 12:46:02 PM | Computer Name = BRIAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-07 12:46:02', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','2732',0)

Error - 9/7/2009 01:24:25 PM | Computer Name = BRIAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-07 13:24:25', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\xxxx.exe','5600',0)

Error - 9/7/2009 01:25:54 PM | Computer Name = BRIAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-07 13:25:53', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\xxxx.exe','5380',0)

Error - 9/7/2009 01:26:21 PM | Computer Name = BRIAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-07 13:26:21', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\xxxx.exe','4616',0)

Error - 9/7/2009 01:26:31 PM | Computer Name = BRIAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-07 13:26:31', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\xxxx.exe','2360',0)

Error - 9/7/2009 01:50:43 PM | Computer Name = BRIAN | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-07 13:50:43', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5704',0)


< End of report >


Thanks again!
  • 0

#4
heir
Posted 27 September 2009 - 01:47 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
There is something strange here.

Have you ran any other tools after you ran OTL but before you ran Win32kDiag?
Which?


I need you to run OTL again like this for verification.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTL.Txt that's saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

  • 0

#5
helloyip
Posted 27 September 2009 - 02:01 PM

helloyip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
the Extras.txt was outdated from two weeks ago actually.
And I just tried re running OTL.exe but it stopped and exited after 15 seconds. When trying to reopen it said that I may not have the appropriate permissions to open it.

???
  • 0

#6
heir
Posted 27 September 2009 - 02:11 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Definitely something strange going on here

Please rerun Win32kDiag.exe and post its log.
  • 0

#7
helloyip
Posted 27 September 2009 - 02:28 PM

helloyip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
heres the new log
Running from: C:\Documents and Settings\Yip\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Yip\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5EE.tmp\ZAP5EE.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF22.tmp\ZAPF22.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\de\de

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\fr\fr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\ja\ja

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\ko\ko

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\zh-chs\zh-chs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2772962437-2925417626-1104516692-1006\S-1-5-21-2772962437-2925417626-1104516692-1006

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\ATI\ACE\ACE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch3\ch3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch4\ch4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch5\ch5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch6\ch6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\instch_gdql_d_cache\instch_gdql_d_cache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\{4E3254D7-522A-412A-9296-3F4767B3A2CB}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\08d4e8557aef\08d4e8557aef

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Yahoo\YMP\YMP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\My Yahoo! Music\My Yahoo! Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 10\dswmedia\dswmedia

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 10\prefs\prefs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\DswMedia\DswMedia

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\Prefs\Prefs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ZoneLabs\streamapi\streamapi

Mount point destination : \Device\__max++>\^



Finished!
  • 0

#8
heir
Posted 27 September 2009 - 02:55 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
As this one was a bit strange, we'll do it step by step.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
  • 0

#9
helloyip
Posted 27 September 2009 - 03:10 PM

helloyip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the avenger log

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#10
heir
Posted 27 September 2009 - 03:30 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Good :)
We'll do three steps this time.

Step 1.
Win32kDiag:

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r



Step 2.
ComboFix:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt .


Step 3.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 4.
Things I would like to see in your reply:

  • The content of Win32kDiag.txt from step 1.
  • The content of C:\ComboFix.txt from step 2.
  • The content of C:\lopR.txt from step 3.

  • 0

Advertisements

#11
helloyip
Posted 27 September 2009 - 07:20 PM

helloyip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry for the delay. I was actually not able to run ComboFix at first until after I ran the lopR, but it worked after.
p.s. - i see that i have multiple antiviruses enabled. Do i need to disable?

win32kdiag
Running from: C:\Documents and Settings\Yip\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Yip\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5EE.tmp\ZAP5EE.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5EE.tmp\ZAP5EE.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF22.tmp\ZAPF22.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF22.tmp\ZAPF22.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\ehome\de\de

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ehome\de\de

Found mount point : C:\WINDOWS\ehome\fr\fr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ehome\fr\fr

Found mount point : C:\WINDOWS\ehome\ja\ja

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ehome\ja\ja

Found mount point : C:\WINDOWS\ehome\ko\ko

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ehome\ko\ko

Found mount point : C:\WINDOWS\ehome\zh-chs\zh-chs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ehome\zh-chs\zh-chs

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Minidump\Minidump

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2772962437-2925417626-1104516692-1006\S-1-5-21-2772962437-2925417626-1104516692-1006

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2772962437-2925417626-1104516692-1006\S-1-5-21-2772962437-2925417626-1104516692-1006

Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\ATI\ACE\ACE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\ATI\ACE\ACE

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\ch1

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\ch2

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch3\ch3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch3\ch3

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch4\ch4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch4\ch4

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch5\ch5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch5\ch5

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch6\ch6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch6\ch6

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\instch_gdql_d_cache\instch_gdql_d_cache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\instch_gdql_d_cache\instch_gdql_d_cache

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\{4E3254D7-522A-412A-9296-3F4767B3A2CB}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\{4E3254D7-522A-412A-9296-3F4767B3A2CB}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\08d4e8557aef\08d4e8557aef

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\08d4e8557aef\08d4e8557aef

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2772962437-2925417626-1104516692-500\S-1-5-21-2772962437-2925417626-1104516692-500

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Yahoo\YMP\YMP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Yahoo\YMP\YMP

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\My Yahoo! Music\My Yahoo! Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Music\My Yahoo! Music\My Yahoo! Music

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 10\dswmedia\dswmedia

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Macromed\Shockwave 10\dswmedia\dswmedia

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 10\prefs\prefs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Macromed\Shockwave 10\prefs\prefs

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\DswMedia\DswMedia

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\DswMedia\DswMedia

Found mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\Prefs\Prefs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Macromed\Shockwave 8\Prefs\Prefs

Found mount point : C:\WINDOWS\system32\Macromed\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Macromed\update\update

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\system32\ZoneLabs\streamapi\streamapi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ZoneLabs\streamapi\streamapi



Finished!
ComboFix

ComboFix 09-09-25.01 - Yip 09/27/2009 18:08.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.493 [GMT -4:00]
Running from: c:\documents and settings\Yip\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-2064067720
c:\documents and settings\All Users\Application Data\yfygibukoq.vbs
c:\documents and settings\All Users\Documents\elak.reg
c:\documents and settings\All Users\Documents\memin.bat
c:\documents and settings\All Users\Documents\yzijuj.vbs
c:\documents and settings\Yip\Application Data\imovelym.reg
c:\documents and settings\Yip\Application Data\irewijejuj.reg
c:\documents and settings\Yip\Cookies\bilorahije.bat
c:\documents and settings\Yip\Cookies\bimiw.bat
c:\documents and settings\Yip\Cookies\iwitohequ.com
c:\documents and settings\Yip\Cookies\opoq.com
c:\documents and settings\Yip\Cookies\qaqe.pif
c:\documents and settings\Yip\Cookies\vidajowici.sys
c:\documents and settings\Yip\Cookies\ysetut.ban
c:\documents and settings\Yip\Local Settings\Application Data\gyzixihad.vbs
c:\program files\Mozilla Firefox\extensions\{FD9E5C6A-55ED-479D-9E08-C5E26A6CA0DC}
c:\program files\Mozilla Firefox\extensions\{FD9E5C6A-55ED-479D-9E08-C5E26A6CA0DC}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{FD9E5C6A-55ED-479D-9E08-C5E26A6CA0DC}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{FD9E5C6A-55ED-479D-9E08-C5E26A6CA0DC}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\Installer\1bc2a.msi
c:\windows\Installer\781e7d.msi
c:\windows\kb913800.exe
c:\windows\rywirag.dll
c:\windows\system32\18467.exe
c:\windows\system32\41.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\Drivers\eugijp.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\senekadyocnbeb.sys
c:\windows\system32\drivers\senekaykspkmyf.sys
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\senekacvgtgfyx.dll
c:\windows\system32\senekapkdliydk.dll
c:\windows\system32\senekaqjlbosrt.dat
c:\windows\system32\senekarmlxroiu.dll
c:\windows\system32\senekaxnxfmbog.dat
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\wpcap.dll
c:\windows\Tasks\tpfmkuif.job
c:\windows\xefinu.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF
-------\Legacy_NPF
-------\Legacy_NWCWORKSTATION
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_NPF
-------\Service_NWCWorkstation


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-27 21:38 . 2009-09-27 22:04 -------- d-----w- C:\Lop SD
2009-09-23 23:44 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-23 23:44 . 2009-09-23 23:44 -------- d-----w- c:\program files\Panda Security
2009-09-23 20:48 . 2009-09-23 20:48 -------- d-----w- c:\program files\ESET
2009-09-23 20:48 . 2009-09-23 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-23 20:41 . 2009-09-23 20:41 691712 ----a-w- c:\windows\is-8JH1G.exe
2009-09-20 01:03 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-20 01:00 . 2009-09-20 01:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-11 11:26 . 2009-09-11 11:26 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-11 11:23 . 2009-09-11 11:23 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-11 11:17 . 2009-09-11 11:17 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-09 21:01 . 2009-09-09 21:01 -------- d-----w- c:\program files\ERUNT
2009-09-09 20:31 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 20:31 . 2009-09-24 19:59 -------- d-----w- c:\program files\Malwarebytes Anti-Malwar
2009-09-09 20:31 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 19:02 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-08 19:02 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-08 19:02 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-08 19:02 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-08 19:02 . 2009-09-08 19:02 -------- d-----w- c:\program files\Avira
2009-09-08 04:11 . 2009-09-09 03:25 -------- d-----w- c:\program files\Garena
2009-09-08 02:25 . 2009-09-08 02:32 -------- d-----w- c:\program files\Qtracker
2009-09-08 00:08 . 2009-09-08 00:08 -------- d-----w- c:\documents and settings\Yip\Application Data\AVG8
2009-09-07 23:24 . 2009-09-07 23:24 -------- d-----w- c:\documents and settings\Yip\DoctorWeb
2009-09-07 21:21 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-07 21:21 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-07 21:21 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-07 21:20 . 2009-09-07 21:24 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-07 21:20 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-07 21:20 . 2009-09-23 20:42 -------- d-----w- c:\program files\Spyware Doctor
2009-09-07 21:20 . 2009-09-07 21:20 -------- d-----w- c:\documents and settings\Yip\Application Data\PC Tools
2009-09-07 21:20 . 2009-09-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-07 21:18 . 2009-09-07 21:19 -------- d-----w- c:\documents and settings\Yip\Application Data\GetRightToGo
2009-09-06 23:20 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-09-06 23:20 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-09-06 23:20 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-09-06 23:18 . 2009-09-06 23:18 -------- d-----w- c:\windows\Logs
2009-09-01 16:32 . 2009-09-01 16:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-01 01:27 . 2009-09-01 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-31 19:05 . 2009-09-20 00:17 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-31 19:05 . 2009-08-27 01:09 72584 ----a-w- c:\windows\zllsputility.exe
2009-08-31 19:05 . 2009-08-27 01:08 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-31 19:05 . 2009-08-27 01:08 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-31 19:05 . 2009-08-27 01:08 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-31 19:05 . 2009-08-31 19:05 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-31 19:04 . 2009-08-31 19:04 -------- d-----w- c:\program files\Zone Labs
2009-08-31 19:04 . 2009-09-28 00:57 -------- d-----w- c:\windows\Internet Logs
2009-08-31 18:50 . 2009-08-31 18:50 132 ----a-w- C:\httpdwl.dat
2009-08-31 18:28 . 2009-08-31 18:28 -------- d-sh--w- c:\documents and settings\Yip\PrivacIE
2009-08-31 18:13 . 2009-09-01 03:42 -------- d-----w- c:\program files\ahtiml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 21:38 . 2008-06-07 17:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-27 20:11 . 2008-01-16 02:04 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-20 01:04 . 2007-06-17 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-20 01:02 . 2008-06-07 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-20 01:02 . 2008-06-07 15:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-20 00:59 . 2007-06-17 22:40 -------- d-----w- c:\program files\Lavasoft
2009-09-09 20:32 . 2008-12-14 17:06 -------- d-----w- c:\documents and settings\Yip\Application Data\Malwarebytes
2009-09-09 20:31 . 2008-12-14 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 19:02 . 2007-12-07 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-01 03:43 . 2009-09-01 03:43 3350 ----a-w- c:\program files\kkuvi.txt
2009-08-31 18:51 . 2009-08-27 05:51 -------- d-----w- c:\program files\Common Files\BitDefender
2009-08-31 18:51 . 2009-08-27 05:59 -------- d-----w- c:\program files\BitDefender
2009-08-31 18:50 . 2009-08-27 06:31 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-27 06:09 . 2009-08-27 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-08-27 06:09 . 2009-03-20 00:55 -------- d-----w- c:\program files\COMODO
2009-08-27 05:58 . 2009-06-02 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-08-27 04:30 . 2009-08-27 04:30 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-27 04:30 . 2009-08-27 04:30 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-27 04:30 . 2009-08-27 04:30 -------- d-----w- c:\documents and settings\Yip\Application Data\TuneUp Software
2009-08-27 04:30 . 2009-08-27 04:29 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-27 04:29 . 2009-08-27 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-08-27 04:28 . 2009-08-27 04:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-27 04:20 . 2009-08-27 04:20 11940 ----a-w- c:\documents and settings\Yip\Local Settings\Application Data\vugol.dll
2009-08-19 04:03 . 2008-10-03 22:02 -------- d-----w- c:\documents and settings\Yip\Application Data\Skype
2009-08-17 21:06 . 2009-08-17 21:06 -------- d-----w- c:\documents and settings\Yip\Application Data\Thinstall
2009-08-17 20:40 . 2009-08-17 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-08-17 20:39 . 2009-08-17 20:39 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-08-17 20:39 . 2009-08-17 20:39 -------- d-----w- c:\documents and settings\Yip\Application Data\iolo
2009-08-17 20:07 . 2008-10-03 22:03 -------- d-----w- c:\documents and settings\Yip\Application Data\skypePM
2009-08-17 17:09 . 2006-12-01 23:20 -------- d-----w- c:\program files\AIM6
2009-08-17 16:59 . 2009-08-17 16:59 -------- d-----w- c:\program files\AIM Toolbar
2009-08-17 16:59 . 2006-11-22 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-17 16:51 . 2009-08-17 16:51 18066 ----a-w- c:\documents and settings\Yip\Application Data\ilohigo.pif
2009-08-17 16:51 . 2009-08-17 16:51 17919 ----a-w- c:\program files\Common Files\omuqywijed.scr
2009-08-17 16:51 . 2009-08-17 16:51 14354 ----a-w- c:\windows\system32\uqywezaleg.dll
2009-08-17 16:49 . 2006-12-01 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-08-14 10:58 . 2009-09-23 20:41 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-13 16:38 . 2009-08-13 16:38 17354 ----a-w- c:\windows\jejaqoweh.dat
2009-08-13 16:38 . 2009-08-13 16:38 14961 ----a-w- c:\program files\Common Files\qomexofyxy.exe
2009-08-13 16:38 . 2009-08-13 16:38 12502 ----a-w- c:\documents and settings\Yip\Local Settings\Application Data\ezexuky.com
2009-08-13 16:38 . 2009-08-13 16:38 10255 ----a-w- c:\documents and settings\All Users\Application Data\yhufos.pif
2009-08-13 16:38 . 2009-08-13 16:38 19917 ----a-w- c:\program files\Common Files\umacosapy.dl
2009-08-13 16:38 . 2009-08-13 16:38 17112 ----a-w- c:\windows\kamupas.com
2009-08-13 16:38 . 2009-08-13 16:38 16132 ----a-w- c:\windows\deqyfafa.sys
2009-08-13 16:38 . 2009-08-13 16:38 12615 ----a-w- c:\documents and settings\Yip\Application Data\yjemoheka.bin
2009-08-13 16:38 . 2009-08-13 16:38 11616 ----a-w- c:\program files\Common Files\afelolat.dl
2009-08-12 22:56 . 2006-11-22 16:40 -------- d-----w- c:\program files\Google
2009-08-12 00:14 . 2009-08-12 00:14 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-08-11 23:09 . 2009-08-11 23:09 -------- d-----w- c:\program files\XBox 360 Controller for Windows Software
2009-08-11 20:28 . 2006-12-31 05:46 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-11 20:25 . 2008-08-31 06:51 -------- d-----w- c:\documents and settings\Yip\Application Data\Paltalk
2009-08-11 20:25 . 2008-08-31 06:51 -------- d-----w- c:\program files\Paltalk Messenger
2009-08-11 20:24 . 2008-07-02 07:21 -------- d-----w- c:\program files\NavNet
2009-08-10 22:37 . 2009-08-10 22:37 -------- d-----w- c:\program files\Common Files\Stardock
2009-08-10 22:37 . 2007-03-06 03:39 -------- d-----w- c:\program files\Stardock
2007-02-04 18:18 . 2007-02-04 18:18 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-03-05 22:08 . 2009-08-27 06:10 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-09-18 03:11 . 2007-12-23 02:47 2 --shatr- c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-12 176201]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Dancer"="c:\program files\Windows Plus\Dancer\Dancer.exe" [2004-08-10 188416]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 1510640]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

c:\documents and settings\Yip\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 03:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/19/2009 09:03 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/7/2009 05:21 PM 206256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 07:26 AM 96408]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/23/2009 07:44 PM 28544]
S0 tbhijke;tbhijke;c:\windows\system32\drivers\hnaid.sys --> c:\windows\system32\drivers\hnaid.sys [?]
S1 7a419377;7a419377;c:\windows\system32\drivers\7a419377.sys --> c:\windows\system32\drivers\7a419377.sys [?]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 07:23 AM 108792]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/13/2008 12:43 PM 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/13/2008 12:43 PM 55024]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/8/2009 03:02 PM 108289]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 07:24 AM 735960]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 06:47 PM 205328]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 06:47 PM 290889]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 06:47 PM 585792]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 06:47 PM 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 06:47 PM 262215]
S2 tuneup.programstatisticssvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/27/2009 12:30 AM 604416]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/11/2008 06:50 PM 24652]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Yip\LOCALS~1\Temp\IQXD0.tmp --> c:\docume~1\Yip\LOCALS~1\Temp\IQXD0.tmp [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [7/9/2008 12:40 AM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/9/2008 12:40 AM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [7/9/2008 12:40 AM 23680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/13/2008 12:44 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/7/2009 05:20 PM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jvqwcfwm
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 19:37]

2009-09-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &aim toolbar search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Yip\Application Data\Mozilla\Firefox\Profiles\0eowsv68.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Yip\Application Data\Mozilla\Firefox\Profiles\0eowsv68.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint_.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint_.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

BHO-{3d599fc0-7682-4867-9a2a-b2c74c334a43} - (no file)
Notify-xuzirbgg - tirewpr.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 20:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Yip\LOCALS~1\Temp\IQXD0.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
.
**************************************************************************
.
Completion time: 2009-09-28 21:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-28 01:05

Pre-Run: 45,333,880,832 bytes free
Post-Run: 45,166,915,584 bytes free

395 --- E O F --- 2009-03-01 08:01

lopR


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Turion™ 64 Mobile Technology MK-36 )
BIOS : BIOS Version 2.3.0
USER : Yip ( Administrator )
BOOT : Fail-safe with network boot
Antivirus : Trend Micro PC-cillin Internet Security 12.7.1019 (Activated)
Firewall : Trend Micro PC-cillin Internet Security (Firewall) 12 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:42 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 09/27/2009|17:39 )

--------------------\\ Listing folders in Application Data

[11/22/2006|12:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> ATI
[11/22/2006|12:46] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> GTek
[08/16/2005|06:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[11/22/2006|12:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> InstallShield
[03/01/2009|11:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[01/05/2009|10:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[08/27/2009|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {55A29068-F2CE-456C-9148-C869879E2357}
[09/19/2009|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {EF63305C-BAD7-4144-9208-D65528260864}
[12/11/2008|06:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[12/29/2008|03:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/15/2007|11:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[12/11/2008|06:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AIM Toolbar
[03/11/2008|07:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[08/17/2009|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/01/2006|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[11/10/2008|09:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/11/2006|09:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/01/2009|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[09/08/2009|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[08/27/2009|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BitDefender
[08/27/2009|01:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comodo
[12/19/2007|10:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[08/16/2005|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DIGStream
[09/23/2009|04:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ESET
[02/04/2007|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/22/2006|12:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[06/16/2009|04:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IJJIGame
[11/22/2006|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[04/05/2008|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[08/17/2009|04:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iolo
[08/31/2009|09:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab Setup Files
[09/19/2009|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[09/09/2009|04:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[06/28/2008|02:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/04/2006|08:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Otto
[09/07/2009|05:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Tools
[11/22/2006|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[09/25/2008|01:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[10/03/2008|06:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[11/22/2006|12:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[09/19/2009|09:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[06/01/2008|09:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[09/27/2009|05:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[08/27/2009|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TuneUp Software
[08/17/2009|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[07/02/2007|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[11/22/2006|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> YAHOO
[07/03/2007|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[11/22/2006|12:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> ATI
[11/22/2006|12:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Gtek
[08/16/2005|06:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[11/22/2006|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> InstallShield
[08/16/2005|06:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[03/01/2009|11:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[03/01/2009|11:32] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[03/19/2009|08:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Mozilla

[12/01/2006|07:25] C:\DOCUME~1\Yip\APPLIC~1\<DIR> acccore
[06/27/2008|02:08] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Adobe
[12/07/2006|07:27] C:\DOCUME~1\Yip\APPLIC~1\<DIR> AdobeUM
[06/15/2009|11:20] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Any Video Converter
[01/05/2009|10:50] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Apple Computer
[11/22/2006|12:30] C:\DOCUME~1\Yip\APPLIC~1\<DIR> ATI
[09/07/2009|08:08] C:\DOCUME~1\Yip\APPLIC~1\<DIR> AVG8
[06/01/2009|10:48] C:\DOCUME~1\Yip\APPLIC~1\<DIR> cqajeiql
[09/07/2007|04:20] C:\DOCUME~1\Yip\APPLIC~1\<DIR> CyberLink
[04/01/2007|12:47] C:\DOCUME~1\Yip\APPLIC~1\<DIR> DivX
[12/31/2006|01:13] C:\DOCUME~1\Yip\APPLIC~1\<DIR> dvdcss
[03/07/2009|12:52] C:\DOCUME~1\Yip\APPLIC~1\<DIR> FVZilla
[09/07/2009|05:19] C:\DOCUME~1\Yip\APPLIC~1\<DIR> GetRightToGo
[12/03/2006|07:58] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Google
[11/22/2006|12:46] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Gtek
[12/01/2006|08:25] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Help
[11/25/2007|06:25] C:\DOCUME~1\Yip\APPLIC~1\<DIR> ICAClient
[08/16/2005|06:50] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Identities
[06/16/2009|04:53] C:\DOCUME~1\Yip\APPLIC~1\<DIR> ijjigame
[01/22/2007|11:19] C:\DOCUME~1\Yip\APPLIC~1\<DIR> iMP3Tunes
[11/22/2006|12:44] C:\DOCUME~1\Yip\APPLIC~1\<DIR> InstallShield
[04/05/2008|10:21] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Intuit
[08/17/2009|04:39] C:\DOCUME~1\Yip\APPLIC~1\<DIR> iolo
[12/18/2006|10:57] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Macromedia
[09/09/2009|04:32] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Malwarebytes
[12/20/2006|10:16] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Media Player Classic
[02/25/2007|05:51] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Microsoft
[05/28/2007|12:22] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Move Networks
[08/26/2008|12:13] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Mozilla
[07/20/2007|12:43] C:\DOCUME~1\Yip\APPLIC~1\<DIR> MySpace
[03/08/2009|06:23] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Orbit
[12/04/2006|08:44] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Otto
[08/11/2009|04:25] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Paltalk
[09/07/2009|05:20] C:\DOCUME~1\Yip\APPLIC~1\<DIR> PC Tools
[03/04/2009|10:01] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Real
[08/19/2009|12:03] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Skype
[08/17/2009|04:07] C:\DOCUME~1\Yip\APPLIC~1\<DIR> skypePM
[12/09/2006|12:07] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Sun
[06/01/2008|09:54] C:\DOCUME~1\Yip\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/17/2009|05:06] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Thinstall
[08/27/2009|12:30] C:\DOCUME~1\Yip\APPLIC~1\<DIR> TuneUp Software
[06/26/2009|02:54] C:\DOCUME~1\Yip\APPLIC~1\<DIR> U3
[09/25/2008|04:22] C:\DOCUME~1\Yip\APPLIC~1\<DIR> uTorrent
[01/11/2007|08:17] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Viewpoint
[03/15/2007|10:34] C:\DOCUME~1\Yip\APPLIC~1\<DIR> WinRAR
[07/03/2007|12:27] C:\DOCUME~1\Yip\APPLIC~1\<DIR> Yahoo!
[03/03/2009|10:45] C:\DOCUME~1\Yip\APPLIC~1\<DIR> zbusoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/19/2009 09:06 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[09/27/2009 05:03 PM][--a------] C:\WINDOWS\tasks\1-Click Maintenance.job
[09/08/2009 10:43 PM][--a------] C:\WINDOWS\tasks\At1.job
[09/24/2009 12:18 AM][--a------] C:\WINDOWS\tasks\tpfmkuif.job
[09/07/2009 09:31 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/27/2009 05:03 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/15/2007|11:10] C:\Program Files\<DIR> Adobe
[08/31/2009|11:42] C:\Program Files\<DIR> ahtiml
[08/17/2009|12:59] C:\Program Files\<DIR> AIM Toolbar
[08/17/2009|01:09] C:\Program Files\<DIR> AIM6
[11/22/2006|12:26] C:\Program Files\<DIR> AMD
[12/01/2006|07:14] C:\Program Files\<DIR> America Online 9.0
[06/15/2009|11:20] C:\Program Files\<DIR> Any Video Converter
[04/08/2007|12:54] C:\Program Files\<DIR> AOL
[11/22/2006|12:37] C:\Program Files\<DIR> AOL Companion
[11/10/2008|09:08] C:\Program Files\<DIR> Apple Software Update
[08/31/2008|02:52] C:\Program Files\<DIR> AskBarDis
[11/22/2006|12:24] C:\Program Files\<DIR> ATI Technologies
[12/31/2006|01:22] C:\Program Files\<DIR> Avex
[10/02/2008|06:00] C:\Program Files\<DIR> AVG
[09/12/2007|02:49] C:\Program Files\<DIR> Avi Player
[09/08/2009|03:02] C:\Program Files\<DIR> Avira
[08/11/2009|04:28] C:\Program Files\<DIR> AviSynth 2.5
[11/22/2006|12:40] C:\Program Files\<DIR> BAE
[08/31/2009|02:51] C:\Program Files\<DIR> BitDefender
[01/05/2009|10:44] C:\Program Files\<DIR> Bonjour
[11/22/2006|12:25] C:\Program Files\<DIR> Broadcom
[03/24/2008|10:20] C:\Program Files\<DIR> BuddyList Ops
[07/05/2007|01:13] C:\Program Files\<DIR> CCleaner
[12/28/2008|03:09] C:\Program Files\<DIR> Cell Phone Manager
[11/25/2007|06:24] C:\Program Files\<DIR> Citrix
[12/14/2008|03:10] C:\Program Files\<DIR> CleanMyPC
[09/07/2009|05:20] C:\Program Files\<DIR> Common Files
[08/27/2009|02:09] C:\Program Files\<DIR> COMODO
[08/16/2005|06:38] C:\Program Files\<DIR> ComPlus Applications
[11/22/2006|12:28] C:\Program Files\<DIR> CONEXANT
[01/29/2009|01:18] C:\Program Files\<DIR> Convert AVI to MP4
[01/23/2008|12:12] C:\Program Files\<DIR> Cucusoft
[11/22/2006|12:31] C:\Program Files\<DIR> CyberLink
[11/22/2006|12:49] C:\Program Files\<DIR> Dell
[11/22/2006|12:45] C:\Program Files\<DIR> Dell Support
[11/22/2006|12:31] C:\Program Files\<DIR> Digital Line Detect
[10/03/2008|12:23] C:\Program Files\<DIR> DIGStream
[01/02/2009|03:51] C:\Program Files\<DIR> DivX
[02/08/2009|11:37] C:\Program Files\<DIR> DownloadToolz
[11/22/2006|12:47] C:\Program Files\<DIR> EarthLink Setup
[12/07/2007|03:55] C:\Program Files\<DIR> efmxmpqt
[05/26/2008|02:41] C:\Program Files\<DIR> Enigma Software Group
[09/09/2009|05:01] C:\Program Files\<DIR> ERUNT
[09/23/2009|04:48] C:\Program Files\<DIR> ESET
[08/16/2005|10:54] C:\Program Files\<DIR> ESPNMotion
[03/07/2009|01:04] C:\Program Files\<DIR> Exterminate It!
[02/04/2007|02:26] C:\Program Files\<DIR> Family Feud
[02/09/2009|10:11] C:\Program Files\<DIR> FLV Player
[03/07/2009|12:53] C:\Program Files\<DIR> Free Video Zilla
[09/08/2009|11:25] C:\Program Files\<DIR> Garena
[03/29/2008|07:20] C:\Program Files\<DIR> GatInst
[02/04/2007|02:26] C:\Program Files\<DIR> GemMaster
[08/12/2009|06:56] C:\Program Files\<DIR> Google
[12/13/2008|11:08] C:\Program Files\<DIR> Handbrake
[01/23/2008|12:07] C:\Program Files\<DIR> HOTLLAMA MEDIA
[09/04/2007|02:11] C:\Program Files\<DIR> HP
[11/22/2006|12:43] C:\Program Files\<DIR> illiminable
[03/12/2007|08:02] C:\Program Files\<DIR> Image-Line
[01/22/2007|11:19] C:\Program Files\<DIR> iMP3Tunes
[06/16/2009|04:42] C:\Program Files\<DIR> InstallShield Installation Information
[08/27/2009|05:12] C:\Program Files\<DIR> Internet Explorer
[01/05/2009|10:47] C:\Program Files\<DIR> iPod
[01/05/2009|10:48] C:\Program Files\<DIR> iTunes
[01/18/2009|06:19] C:\Program Files\<DIR> iWin
[11/22/2006|12:21] C:\Program Files\<DIR> Java
[12/07/2007|03:55] C:\Program Files\<DIR> Kaitxwdz
[09/19/2009|08:59] C:\Program Files\<DIR> Lavasoft
[11/22/2006|12:37] C:\Program Files\<DIR> Learn2.com
[12/31/2008|03:45] C:\Program Files\<DIR> LG Electronics
[05/17/2007|10:21] C:\Program Files\<DIR> LimeWire
[12/14/2006|08:02] C:\Program Files\<DIR> Logitech
[09/24/2009|03:59] C:\Program Files\<DIR> Malwarebytes Anti-Malwar
[08/27/2009|05:11] C:\Program Files\<DIR> Messenger
[11/22/2006|12:33] C:\Program Files\<DIR> Microsoft ActiveSync
[08/16/2005|06:43] C:\Program Files\<DIR> microsoft frontpage
[04/16/2007|09:41] C:\Program Files\<DIR> Microsoft Office
[11/22/2006|12:35] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[11/22/2006|12:35] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[11/22/2006|12:33] C:\Program Files\<DIR> Microsoft Visual Studio
[11/22/2006|12:48] C:\Program Files\<DIR> Microsoft Works
[08/11/2009|08:14] C:\Program Files\<DIR> Microsoft Xbox 360 Accessories
[11/22/2006|12:33] C:\Program Files\<DIR> Microsoft.NET
[11/22/2006|12:31] C:\Program Files\<DIR> Modem Helper
[01/04/2007|06:44] C:\Program Files\<DIR> Morpheus
[07/09/2008|12:39] C:\Program Files\<DIR> Motorola
[08/05/2008|09:50] C:\Program Files\<DIR> Movie Maker
[09/27/2009|05:08] C:\Program Files\<DIR> Mozilla Firefox
[10/30/2008|12:50] C:\Program Files\<DIR> Mp4 Player
[08/16/2005|06:37] C:\Program Files\<DIR> MSN
[08/16/2005|06:37] C:\Program Files\<DIR> MSN Gaming Zone
[07/23/2007|03:52] C:\Program Files\<DIR> MSXML 4.0
[11/22/2006|12:34] C:\Program Files\<DIR> MUSICMATCH
[12/14/2008|02:17] C:\Program Files\<DIR> MySpace
[08/11/2009|04:24] C:\Program Files\<DIR> NavNet
[08/05/2008|09:43] C:\Program Files\<DIR> NetMeeting
[11/22/2006|12:31] C:\Program Files\<DIR> NetWaiting
[11/22/2006|12:31] C:\Program Files\<DIR> NetZeroInstallers
[06/16/2009|04:42] C:\Program Files\<DIR> NHN USA
[08/16/2005|06:38] C:\Program Files\<DIR> Online Services
[08/05/2008|09:43] C:\Program Files\<DIR> Outlook Express
[08/11/2009|04:25] C:\Program Files\<DIR> Paltalk Messenger
[09/23/2009|07:44] C:\Program Files\<DIR> Panda Security
[07/24/2007|02:55] C:\Program Files\<DIR> Passcape
[12/13/2008|05:55] C:\Program Files\<DIR> PC Registry Cleaner
[12/28/2008|03:08] C:\Program Files\<DIR> Pearson Prentice Hall
[12/31/2006|01:18] C:\Program Files\<DIR> Plato DVD to iPod Converter
[04/01/2007|11:57] C:\Program Files\<DIR> Plustech Inc
[12/31/2006|02:12] C:\Program Files\<DIR> PQDVD
[03/11/2007|10:06] C:\Program Files\<DIR> Project64 1.6
[09/07/2009|10:32] C:\Program Files\<DIR> Qtracker
[01/05/2009|10:44] C:\Program Files\<DIR> QuickTime
[09/25/2008|01:10] C:\Program Files\<DIR> Real
[09/25/2008|01:11] C:\Program Files\<DIR> Real Alternative
[06/15/2009|10:36] C:\Program Files\<DIR> Red Kawa
[08/16/2005|10:58] C:\Program Files\<DIR> RGB
[11/22/2006|12:39] C:\Program Files\<DIR> Roxio
[01/05/2009|10:34] C:\Program Files\<DIR> Safari
[03/07/2009|12:52] C:\Program Files\<DIR> Sector69
[11/22/2006|12:28] C:\Program Files\<DIR> Sigmatel
[10/03/2008|06:02] C:\Program Files\<DIR> Skype
[11/22/2006|12:40] C:\Program Files\<DIR> Sonic
[09/19/2009|09:02] C:\Program Files\<DIR> Spybot - Search & Destroy
[09/23/2009|04:42] C:\Program Files\<DIR> Spyware Doctor
[08/10/2009|06:37] C:\Program Files\<DIR> Stardock
[06/01/2008|09:54] C:\Program Files\<DIR> SUPERAntiSpyware
[04/02/2007|10:23] C:\Program Files\<DIR> Susteen
[11/22/2006|12:25] C:\Program Files\<DIR> Synaptics
[10/09/2008|06:32] C:\Program Files\<DIR> Trend Micro
[12/07/2007|03:55] C:\Program Files\<DIR> tsvstghy
[08/27/2009|12:30] C:\Program Files\<DIR> TuneUp Utilities 2009
[04/05/2008|10:09] C:\Program Files\<DIR> TurboTax
[10/15/2008|10:34] C:\Program Files\<DIR> UnHackMe
[08/16/2005|06:50] C:\Program Files\<DIR> Uninstall Information
[01/26/2008|06:01] C:\Program Files\<DIR> Unity
[12/31/2008|02:54] C:\Program Files\<DIR> V CAST Music with Rhapsody
[06/29/2008|11:57] C:\Program Files\<DIR> Veoh Networks
[12/31/2008|02:49] C:\Program Files\<DIR> Verizon Wireless
[12/31/2006|02:38] C:\Program Files\<DIR> VideoraiPodConverter
[12/11/2008|06:50] C:\Program Files\<DIR> Viewpoint
[03/10/2007|02:52] C:\Program Files\<DIR> VstPlugins
[12/14/2006|08:02] C:\Program Files\<DIR> Windows Media Components
[01/22/2008|12:14] C:\Program Files\<DIR> Windows Media Connect 2
[01/22/2008|11:56] C:\Program Files\<DIR> Windows Media Player
[08/05/2008|09:43] C:\Program Files\<DIR> Windows NT
[08/16/2005|06:37] C:\Program Files\<DIR> Windows Plus
[08/16/2005|06:40] C:\Program Files\<DIR> WindowsUpdate
[03/15/2007|10:33] C:\Program Files\<DIR> WinRAR
[08/11/2009|07:09] C:\Program Files\<DIR> XBox 360 Controller for Windows Software
[08/16/2005|06:43] C:\Program Files\<DIR> xerox
[05/24/2008|11:53] C:\Program Files\<DIR> Yahoo!
[01/07/2009|11:33] C:\Program Files\<DIR> YouTube Downloader
[08/31/2009|03:04] C:\Program Files\<DIR> Zone Labs

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/15/2007|11:10] C:\Program Files\Common Files\<DIR> Adobe
[09/15/2007|11:08] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[04/05/2008|10:13] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[04/08/2007|12:55] C:\Program Files\Common Files\<DIR> AOL
[11/22/2006|12:37] C:\Program Files\Common Files\<DIR> aolshare
[01/05/2009|10:47] C:\Program Files\Common Files\<DIR> Apple
[08/31/2009|02:51] C:\Program Files\Common Files\<DIR> BitDefender
[11/22/2006|12:33] C:\Program Files\Common Files\<DIR> DESIGNER
[09/04/2007|02:11] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[09/04/2007|02:02] C:\Program Files\Common Files\<DIR> HP
[06/28/2008|11:15] C:\Program Files\Common Files\<DIR> INCA Shared
[11/22/2006|12:40] C:\Program Files\Common Files\<DIR> InstallShield
[04/05/2008|10:11] C:\Program Files\Common Files\<DIR> Intuit
[11/22/2006|12:21] C:\Program Files\Common Files\<DIR> Java
[11/22/2006|12:34] C:\Program Files\Common Files\<DIR> L&H
[12/14/2006|08:03] C:\Program Files\Common Files\<DIR> Logitech
[10/02/2008|06:00] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/02/2007|10:29] C:\Program Files\Common Files\<DIR> Motorola Shared
[08/10/2004|07:00] C:\Program Files\Common Files\<DIR> Mozilla Shared
[08/16/2005|06:40] C:\Program Files\Common Files\<DIR> MSSoap
[11/22/2006|12:36] C:\Program Files\Common Files\<DIR> Nullsoft
[08/16/2005|06:33] C:\Program Files\Common Files\<DIR> ODBC
[09/07/2009|05:24] C:\Program Files\Common Files\<DIR> PC Tools
[12/14/2008|06:35] C:\Program Files\Common Files\<DIR> Real
[11/22/2006|12:39] C:\Program Files\Common Files\<DIR> Roxio Shared
[07/03/2007|01:27] C:\Program Files\Common Files\<DIR> Scanner
[08/16/2005|06:40] C:\Program Files\Common Files\<DIR> Services
[10/03/2008|06:01] C:\Program Files\Common Files\<DIR> Skype
[12/11/2008|06:51] C:\Program Files\Common Files\<DIR> Software Update Utility
[11/22/2006|12:40] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/16/2005|06:33] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/10/2009|06:37] C:\Program Files\Common Files\<DIR> Stardock
[05/24/2008|11:53] C:\Program Files\Common Files\<DIR> SureThing Shared
[03/01/2009|02:55] C:\Program Files\Common Files\<DIR> Symantec Shared
[08/05/2008|09:42] C:\Program Files\Common Files\<DIR> System
[11/22/2006|12:39] C:\Program Files\Common Files\<DIR> TiVo Shared
[12/28/2008|03:08] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 18 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Yip\Cookies\[email protected][1].txt
C:\DOCUME~1\Yip\Cookies\yip@advertising[1].txt
C:\DOCUME~1\Yip\Cookies\yip@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 17:58:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\Tasks\At1.job

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Yip\Desktop\L4D.Real.Multi.Crack.rar
C:\DOCUME~1\Yip\Desktop\Everything Else\L4D.Real.Multi.Crack.rar
C:\DOCUME~1\Yip\Desktop\Everything Else\System.Mechanic.Professional._8.5.2.4.Incld.Keygen.rar
C:\DOCUME~1\Yip\Recent\L4D.Real.Multi.Crack.lnk
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip


[F:3][D:27]-> C:\DOCUME~1\Yip\LOCALS~1\Temp
[F:427][D:0]-> C:\DOCUME~1\Yip\Cookies
[F:15][D:4]-> C:\DOCUME~1\Yip\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 09/27/2009|18:04 - Option : [1]

--------------------\\ Scan completed at 18:04:14
  • 0

#12
heir
Posted 28 September 2009 - 02:40 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
The source of your infections is likely related to all the cracks and keygens that I found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

p.s. - i see that i have multiple antiviruses enabled. Do i need to disable?

Not just disable.
There is no point in having more than ONE AV and ONE FW. You won't be more protected. The drawback is that they'll conflict with each other and slows down your system.

Under step 1 where you'll uninstall softwares you should also uninstall so that you'll only have ONE AV and ONE FW.


Step 1.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Ask Toolbar
LimeWire 4.12.6
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Optional removals
Limewire and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.


Step 2.
Install the recovery console:

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it on your desktop as it's originally named.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'No' to exit.


Step 3.
CFScript:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

http://www.geekstogo.com/forum/Google-Redirect-antivirus-wont-start-t253603.html
Collect::
c:\documents and settings\Yip\Application Data\ilohigo.pif
c:\program files\Common Files\omuqywijed.scr
c:\windows\system32\uqywezaleg.dll
c:\windows\jejaqoweh.dat
c:\program files\Common Files\qomexofyxy.exe
c:\documents and settings\Yip\Local Settings\Application Data\ezexuky.com
c:\documents and settings\All Users\Application Data\yhufos.pif
c:\program files\Common Files\umacosapy.dl
c:\windows\kamupas.com
c:\windows\deqyfafa.sys
c:\documents and settings\Yip\Application Data\yjemoheka.bin
c:\program files\Common Files\afelolat.dl
c:\windows\system32\drivers\hnaid.sys 
c:\windows\system32\drivers\7a419377.sys
c:\docume~1\Yip\LOCALS~1\Temp\IQXD0.tmp
C:\WINDOWS\tasks\tpfmkuif.job
File::
C:\WINDOWS\tasks\At1.job
C:\DOCUME~1\Yip\Desktop\L4D.Real.Multi.Crack.rar
C:\DOCUME~1\Yip\Desktop\Everything Else\L4D.Real.Multi.Crack.rar
C:\DOCUME~1\Yip\Desktop\Everything Else\System.Mechanic.Professional._8.5.2.4.Incld.Keygen.rar
C:\DOCUME~1\Yip\Recent\L4D.Real.Multi.Crack.lnk
C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip
Folder::
c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\Viewpoint
C:\DOCUME~1\Yip\APPLIC~1\Viewpoint
C:\DOCUME~1\Yip\APPLIC~1\uTorrent
C:\Program Files\AskBarDis
Registry::
Netsvc::
jvqwcfwm
Driver::
tbhijke
7a419377
Viewpoint Manager Service
GarenaPEngine
jvqwcfwm
Dirlook::
C:\DOCUME~1\Yip\APPLIC~1\cqajeiql
C:\Program Files\efmxmpqt

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 4.
Things I would like to see in your reply:

  • Which P2P softwares were uninstalled in step 1.
  • Which AV and FW softwares were uninstalled.
  • The content of C:\ComboFix.txt from step 3.
  • Confirmation that the files were succesfully uploaded in step 3.

  • 0

#13
helloyip
Posted 28 September 2009 - 07:12 PM

helloyip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Step 1: All p2p services uninstalled
Step 2: Unable to uninstall some due to Safe Mode. Still am unable to get through regular Startup.
Step 3: ComboFix 09-09-25.01 - Yip 09/28/2009 20:24.2.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.591 [GMT -4:00]
Running from: c:\documents and settings\Yip\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Yip\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\docume~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip"
"c:\docume~1\Yip\Desktop\Everything Else\L4D.Real.Multi.Crack.rar"
"c:\docume~1\Yip\Desktop\Everything Else\System.Mechanic.Professional._8.5.2.4.Incld.Keygen.rar"
"c:\docume~1\Yip\Desktop\L4D.Real.Multi.Crack.rar"
"c:\docume~1\Yip\Recent\L4D.Real.Multi.Crack.lnk"
"c:\windows\tasks\At1.job"

file zipped: c:\documents and settings\All Users\Application Data\yhufos.pif
file zipped: c:\documents and settings\Yip\Application Data\ilohigo.pif
file zipped: c:\documents and settings\Yip\Application Data\yjemoheka.bin
file zipped: c:\documents and settings\Yip\Local Settings\Application Data\ezexuky.com
file zipped: c:\program files\Common Files\afelolat.dl
file zipped: c:\program files\Common Files\omuqywijed.scr
file zipped: c:\program files\Common Files\qomexofyxy.exe
file zipped: c:\program files\Common Files\umacosapy.dl
file zipped: c:\windows\deqyfafa.sys
file zipped: c:\windows\jejaqoweh.dat
file zipped: c:\windows\kamupas.com
file zipped: c:\windows\system32\uqywezaleg.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip
c:\docume~1\Yip\APPLIC~1\uTorrent
c:\docume~1\Yip\APPLIC~1\uTorrent\dht.dat
c:\docume~1\Yip\APPLIC~1\uTorrent\innocenthigh_kinzie_full.wmv.torrent
c:\docume~1\Yip\APPLIC~1\uTorrent\resume.dat
c:\docume~1\Yip\APPLIC~1\uTorrent\resume.dat.old
c:\docume~1\Yip\APPLIC~1\uTorrent\rss.dat
c:\docume~1\Yip\APPLIC~1\uTorrent\settings.dat
c:\docume~1\Yip\APPLIC~1\uTorrent\settings.dat.old
c:\docume~1\Yip\Desktop\Everything Else\L4D.Real.Multi.Crack.rar
c:\docume~1\Yip\Desktop\Everything Else\System.Mechanic.Professional._8.5.2.4.Incld.Keygen.rar
c:\docume~1\Yip\Recent\L4D.Real.Multi.Crack.lnk
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\yhufos.pif
c:\documents and settings\Yip\Application Data\ilohigo.pif
c:\documents and settings\Yip\Application Data\yjemoheka.bin
c:\documents and settings\Yip\Favorites\Online Security Guide.lnk
c:\documents and settings\Yip\Local Settings\Application Data\ezexuky.com
c:\program files\Common Files\afelolat.dl
c:\program files\Common Files\omuqywijed.scr
c:\program files\Common Files\qomexofyxy.exe
c:\program files\Common Files\umacosapy.dl
c:\windows\deqyfafa.sys
c:\windows\jejaqoweh.dat
c:\windows\kamupas.com
c:\windows\system32\uqywezaleg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Legacy_JVQWCFWM
-------\Service_7a419377
-------\Service_GarenaPEngine
-------\Service_tbhijke


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-27 21:38 . 2009-09-27 22:04 -------- d-----w- C:\Lop SD
2009-09-23 23:44 . 2009-09-23 23:44 -------- d-----w- c:\program files\Panda Security
2009-09-23 20:48 . 2009-09-23 20:48 -------- d-----w- c:\program files\ESET
2009-09-23 20:48 . 2009-09-23 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-23 20:41 . 2009-09-23 20:41 691712 ----a-w- c:\windows\is-8JH1G.exe
2009-09-20 01:00 . 2009-09-28 02:08 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-11 11:26 . 2009-09-11 11:26 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-11 11:23 . 2009-09-11 11:23 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-11 11:17 . 2009-09-11 11:17 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-09 21:01 . 2009-09-09 21:01 -------- d-----w- c:\program files\ERUNT
2009-09-09 20:31 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 20:31 . 2009-09-28 01:53 -------- d-----w- c:\program files\Malwarebytes Anti-Malwar
2009-09-09 20:31 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 19:02 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-08 02:25 . 2009-09-08 02:32 -------- d-----w- c:\program files\Qtracker
2009-09-08 00:08 . 2009-09-08 00:08 -------- d-----w- c:\documents and settings\Yip\Application Data\AVG8
2009-09-07 23:24 . 2009-09-07 23:24 -------- d-----w- c:\documents and settings\Yip\DoctorWeb
2009-09-07 21:18 . 2009-09-07 21:19 -------- d-----w- c:\documents and settings\Yip\Application Data\GetRightToGo
2009-09-06 23:20 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-09-06 23:20 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-09-06 23:20 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-09-06 23:18 . 2009-09-06 23:18 -------- d-----w- c:\windows\Logs
2009-09-01 16:32 . 2009-09-01 16:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-01 01:27 . 2009-09-01 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-31 19:05 . 2009-09-20 00:17 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-31 19:05 . 2009-08-27 01:09 72584 ----a-w- c:\windows\zllsputility.exe
2009-08-31 19:05 . 2009-08-27 01:08 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-31 19:05 . 2009-08-27 01:08 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-31 19:05 . 2009-08-27 01:08 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-31 19:05 . 2009-08-31 19:05 -------- d-----w- c:\windows\system32\ZoneLabs
2009-08-31 19:04 . 2009-08-31 19:04 -------- d-----w- c:\program files\Zone Labs
2009-08-31 19:04 . 2009-09-29 00:50 -------- d-----w- c:\windows\Internet Logs
2009-08-31 18:50 . 2009-08-31 18:50 132 ----a-w- C:\httpdwl.dat
2009-08-31 18:28 . 2009-08-31 18:28 -------- d-sh--w- c:\documents and settings\Yip\PrivacIE
2009-08-31 18:13 . 2009-09-01 03:42 -------- d-----w- c:\program files\ahtiml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 03:06 . 2008-06-07 15:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-28 03:06 . 2008-06-07 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-28 02:48 . 2007-12-07 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-28 02:41 . 2008-06-07 17:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-28 02:08 . 2007-06-17 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-27 20:11 . 2008-01-16 02:04 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-20 00:59 . 2007-06-17 22:40 -------- d-----w- c:\program files\Lavasoft
2009-09-09 20:32 . 2008-12-14 17:06 -------- d-----w- c:\documents and settings\Yip\Application Data\Malwarebytes
2009-09-09 20:31 . 2008-12-14 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-01 03:43 . 2009-09-01 03:43 3350 ----a-w- c:\program files\kkuvi.txt
2009-08-31 18:51 . 2009-08-27 05:51 -------- d-----w- c:\program files\Common Files\BitDefender
2009-08-31 18:51 . 2009-08-27 05:59 -------- d-----w- c:\program files\BitDefender
2009-08-31 18:50 . 2009-08-27 06:31 81984 ----a-w- c:\windows\system32\bdod.bin
2009-08-27 06:09 . 2009-08-27 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-08-27 06:09 . 2009-03-20 00:55 -------- d-----w- c:\program files\COMODO
2009-08-27 05:58 . 2009-06-02 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-08-27 04:30 . 2009-08-27 04:30 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-27 04:30 . 2009-08-27 04:30 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-27 04:30 . 2009-08-27 04:30 -------- d-----w- c:\documents and settings\Yip\Application Data\TuneUp Software
2009-08-27 04:30 . 2009-08-27 04:29 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-27 04:29 . 2009-08-27 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-08-27 04:28 . 2009-08-27 04:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-27 04:20 . 2009-08-27 04:20 11940 ----a-w- c:\documents and settings\Yip\Local Settings\Application Data\vugol.dll
2009-08-19 04:03 . 2008-10-03 22:02 -------- d-----w- c:\documents and settings\Yip\Application Data\Skype
2009-08-17 21:06 . 2009-08-17 21:06 -------- d-----w- c:\documents and settings\Yip\Application Data\Thinstall
2009-08-17 20:40 . 2009-08-17 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-08-17 20:39 . 2009-08-17 20:39 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-08-17 20:39 . 2009-08-17 20:39 -------- d-----w- c:\documents and settings\Yip\Application Data\iolo
2009-08-17 20:07 . 2008-10-03 22:03 -------- d-----w- c:\documents and settings\Yip\Application Data\skypePM
2009-08-17 17:09 . 2006-12-01 23:20 -------- d-----w- c:\program files\AIM6
2009-08-17 16:59 . 2009-08-17 16:59 -------- d-----w- c:\program files\AIM Toolbar
2009-08-17 16:49 . 2006-12-01 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-08-12 22:56 . 2006-11-22 16:40 -------- d-----w- c:\program files\Google
2009-08-12 00:14 . 2009-08-12 00:14 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-08-11 23:09 . 2009-08-11 23:09 -------- d-----w- c:\program files\XBox 360 Controller for Windows Software
2009-08-11 20:28 . 2006-12-31 05:46 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-11 20:25 . 2008-08-31 06:51 -------- d-----w- c:\documents and settings\Yip\Application Data\Paltalk
2009-08-11 20:25 . 2008-08-31 06:51 -------- d-----w- c:\program files\Paltalk Messenger
2009-08-11 20:24 . 2008-07-02 07:21 -------- d-----w- c:\program files\NavNet
2009-08-10 22:37 . 2009-08-10 22:37 -------- d-----w- c:\program files\Common Files\Stardock
2009-08-10 22:37 . 2007-03-06 03:39 -------- d-----w- c:\program files\Stardock
2007-02-04 18:18 . 2007-02-04 18:18 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-03-05 22:08 . 2009-08-27 06:10 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-09-18 03:11 . 2007-12-23 02:47 2 --shatr- c:\windows\winstart.bat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\docume~1\Yip\APPLIC~1\cqajeiql ----

2009-06-02 02:49 . 2009-06-02 02:49 569 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\localstore.rdf
2009-06-02 02:48 . 2009-06-02 02:48 10054 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\pluginreg.dat
2009-06-02 02:48 . 2009-06-02 02:48 2048 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\webappsstore.sqlite
2009-06-02 02:48 . 2009-06-02 02:48 4096 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\formhistory.sqlite
2009-06-02 02:48 . 2009-06-02 02:49 131072 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\places.sqlite
2009-06-02 02:48 . 2009-06-02 02:49 0 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\places.sqlite-journal
2009-06-02 02:48 . 2009-06-02 02:48 16384 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\key3.db
2009-06-02 02:48 . 2009-06-02 02:50 65536 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\cert8.db
2009-06-02 02:48 . 2009-06-02 02:48 16384 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\secmod.db
2009-06-02 02:48 . 2009-06-02 02:50 2048 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\cookies.sqlite
2009-06-02 02:48 . 2009-06-02 02:48 2048 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\permissions.sqlite
2009-06-02 02:48 . 2009-06-02 02:48 367 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\prefs.js
2009-06-02 02:48 . 2009-06-02 02:48 127820 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\compreg.dat
2009-06-02 02:48 . 2009-06-02 02:48 96173 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\xpti.dat
2009-06-02 02:48 . 2009-06-02 02:48 111 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\profiles.ini
2009-06-02 02:48 . 2009-06-02 02:48 207 ----a-w- c:\docume~1\Yip\APPLIC~1\cqajeiql\Profiles\4hjmm2uq.default\compatibility.ini

---- Directory of c:\program files\efmxmpqt ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-12 176201]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Dancer"="c:\program files\Windows Plus\Dancer\Dancer.exe" [2004-08-10 188416]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 1510640]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 3664944]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

c:\documents and settings\Yip\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 03:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 07:26 AM 96408]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 07:23 AM 108792]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/13/2008 12:43 PM 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/13/2008 12:43 PM 55024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 07:24 AM 735960]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 06:47 PM 205328]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 06:47 PM 290889]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 06:47 PM 585792]
S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 06:47 PM 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 06:47 PM 262215]
S2 tuneup.programstatisticssvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8/27/2009 12:30 AM 604416]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [7/9/2008 12:40 AM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/9/2008 12:40 AM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [7/9/2008 12:40 AM 23680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/13/2008 12:44 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 19:37]

2009-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &aim toolbar search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Yip\Application Data\Mozilla\Firefox\Profiles\0eowsv68.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Yip\Application Data\Mozilla\Firefox\Profiles\0eowsv68.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins001.exe
AddRemove-Viewpoint Manager - c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 20:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(672)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-09-29 20:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 00:58
ComboFix2.txt 2009-09-28 01:05

Pre-Run: 46,375,182,336 bytes free
Post-Run: 46,330,896,384 bytes free

362

Step 4: All the files seemed to be uploaded fine.
  • 0

#14
heir
Posted 29 September 2009 - 10:48 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
What happens when you try to boot into normal mode?


Step 1.
Filescan:



  • Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • c:\windows\is-8JH1G.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Do the same with these:c:\program files\kkuvi.txt
c:\documents and settings\Yip\Local Settings\Application Data\vugol.dll


Post back the results.
  • 0

#15
helloyip
Posted 29 September 2009 - 01:20 PM

helloyip

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
When I start up normally my background brings an Active Desktop screen and then freezes usually 2-3 minutes into startup.
Here r the reports:

VirSCAN.org Scanned Report :
Scanned time : 2009/09/30 02:49:01 (CST)
Scanner results: All Scanners reported not find malware!
File Name : is-8JH1G.exe
File Size : 691712 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 4c34b56d848009434bfe07fda5b583a5
SHA1 : 94b850432a1821fc914f802a9f6b24653aff7b5c
Online report : http://virscan.org/r...be7e03ea59.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090929000129 2009-09-29 4.07 -
AhnLab V3 2009.09.29.06 2009.09.29 2009-09-29 0.89 -
AntiVir 8.2.1.27 7.1.6.54 2009-09-29 0.27 -
Antiy 2.0.18 20090929.2941244 2009-09-29 0.12 -
Arcavir 2009 200909291037 2009-09-29 0.10 -
Authentium 5.1.1 200909290916 2009-09-29 5.06 -
AVAST! 4.7.4 090928-0 2009-09-28 0.06 -
AVG 8.5.288 270.13.114/2402 2009-09-29 0.36 -
BitDefender 7.81008.4289854 7.27971 2009-09-30 3.70 -
CA (VET) 9.0.0.143 31.6.6767 2009-09-29 5.22 -
ClamAV 0.95.2 9850 2009-09-29 0.16 -
Comodo 3.11 2469 2009-09-29 0.73 -
CP Secure 1.3.0.5 2009.09.30 2009-09-30 0.11 -
Dr.Web 4.44.0.9170 2009.09.29 2009-09-29 5.70 -
F-Prot 4.4.4.56 20090929 2009-09-29 4.72 -
F-Secure 7.02.73807 2009.09.29.09 2009-09-29 2.30 -
Fortinet 2.81-3.120 10.888 2009-09-29 0.35 -
GData 19.8137/19.493 20090929 2009-09-29 5.23 -
ViRobot 20090929 2009.09.29 2009-09-29 0.41 -
Ikarus T3.1.01.72 2009.09.29.73820 2009-09-29 4.18 -
JiangMin 11.0.800 2009.09.26 2009-09-26 4.44 -
Kaspersky 5.5.10 2009.09.29 2009-09-29 0.10 -
KingSoft 2009.2.5.15 2009.9.29.22 2009-09-29 0.51 -
McAfee 5.3.00 5756 2009-09-29 3.43 -
Microsoft 1.5101 2009.09.29 2009-09-29 5.57 -
Norman 6.01.09 6.01.00 2009-09-16 0.20 -
Panda 9.05.01 2009.09.29 2009-09-29 1.86 -
Trend Micro 8.700-1004 6.486.03 2009-09-29 0.04 -
Quick Heal 10.00 2009.09.29 2009-09-29 1.45 -
Rising 20.0 21.49.14.00 2009-09-29 0.94 -
Sophos 2.90.1 4.45 2009-09-30 3.47 -
Sunbelt 5421 5421 2009-09-29 1.79 -
Symantec 1.3.0.24 20090929.003 2009-09-29 0.06 -
nProtect 20090929.01 5672855 2009-09-29 7.34 -
The Hacker 6.5.0.2 v00021 2009-09-28 0.70 -
VBA32 3.12.10.11 20090928.1523 2009-09-28 2.43 -
VirusBuster 4.5.11.10 10.112.53/1925201 2009-09-29 3.07 -

VirSCAN.org Scanned Report :
Scanned time : 2009/09/30 03:03:16 (CST)
Scanner results: All Scanners reported not find malware!
File Name : kkuvi.txt
File Size : 3350 byte
File Type : data
MD5 : df48a5e9ec44651f4bdc92ede76a6769
SHA1 : bfc7e7aa4bfd1057e1f1c9b1d0204a65d6ef3d01
Online report : http://virscan.org/r...2df5aea87f.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090929000129 2009-09-29 3.97 -
AhnLab V3 2009.09.29.06 2009.09.29 2009-09-29 0.78 -
AntiVir 8.2.1.27 7.1.6.54 2009-09-29 0.26 -
Antiy 2.0.18 20090929.2941244 2009-09-29 0.12 -
Arcavir 2009 200909291037 2009-09-29 0.02 -
Authentium 5.1.1 200909290916 2009-09-29 1.15 -
AVAST! 4.7.4 090928-0 2009-09-28 0.00 -
AVG 8.5.288 270.13.114/2402 2009-09-29 0.30 -
BitDefender 7.81008.4289854 7.27971 2009-09-30 3.69 -
CA (VET) 9.0.0.143 31.6.6767 2009-09-29 4.42 -
ClamAV 0.95.2 9850 2009-09-29 0.01 -
Comodo 3.11 2469 2009-09-29 0.70 -
CP Secure 1.3.0.5 2009.09.30 2009-09-30 1.82 -
Dr.Web 4.44.0.9170 2009.09.29 2009-09-29 5.42 -
F-Prot 4.4.4.56 20090929 2009-09-29 1.14 -
F-Secure 7.02.73807 2009.09.29.09 2009-09-29 0.04 -
Fortinet 2.81-3.120 10.888 2009-09-29 0.15 -
GData 19.8137/19.493 20090929 2009-09-29 5.21 -
ViRobot 20090929 2009.09.29 2009-09-29 0.41 -
Ikarus T3.1.01.72 2009.09.29.73820 2009-09-29 4.05 -
JiangMin 11.0.800 2009.09.26 2009-09-26 3.63 -
Kaspersky 5.5.10 2009.09.29 2009-09-29 0.02 -
KingSoft 2009.2.5.15 2009.9.29.22 2009-09-29 0.50 -
McAfee 5.3.00 5756 2009-09-29 3.25 -
Microsoft 1.5101 2009.09.29 2009-09-29 5.62 -
Norman 6.01.09 6.01.00 2009-09-16 1.81 -
Panda 9.05.01 2009.09.29 2009-09-29 1.67 -
Trend Micro 8.700-1004 6.488.01 2009-09-29 0.02 -
Quick Heal 10.00 2009.09.29 2009-09-29 1.27 -
Rising 20.0 21.49.14.00 2009-09-29 0.30 -
Sophos 2.90.1 4.45 2009-09-30 3.41 -
Sunbelt 5421 5421 2009-09-29 1.54 -
Symantec 1.3.0.24 20090929.003 2009-09-29 0.04 -
nProtect 20090929.01 5672855 2009-09-29 7.35 -
The Hacker 6.5.0.2 v00021 2009-09-28 0.63 -
VBA32 3.12.10.11 20090928.1523 2009-09-28 1.99 -
VirusBuster 4.5.11.10 10.112.53/1925201 2009-09-29 2.33 -

VirSCAN.org Scanned Report :
Scanned time : 2009/09/30 03:10:44 (CST)
Scanner results: All Scanners reported not find malware!
File Name : vugol.dll
File Size : 11940 byte
File Type : data
MD5 : 4a8183629920aa794277f49b1901474c
SHA1 : f891a8fea3ab74dfc5caaa3919502537370473c6
Online report : http://virscan.org/r...fcd9aa9244.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20090929000129 2009-09-29 4.00 -
AhnLab V3 2009.09.29.06 2009.09.29 2009-09-29 0.78 -
AntiVir 8.2.1.27 7.1.6.54 2009-09-29 0.38 -
Antiy 2.0.18 20090929.2941244 2009-09-29 0.12 -
Arcavir 2009 200909291037 2009-09-29 0.02 -
Authentium 5.1.1 200909290916 2009-09-29 1.17 -
AVAST! 4.7.4 090928-0 2009-09-28 0.00 -
AVG 8.5.288 270.13.114/2402 2009-09-29 0.32 -
BitDefender 7.81008.4289854 7.27971 2009-09-30 3.65 -
CA (VET) 9.0.0.143 31.6.6767 2009-09-29 7.17 -
ClamAV 0.95.2 9850 2009-09-29 0.01 -
Comodo 3.11 2469 2009-09-29 0.70 -
CP Secure 1.3.0.5 2009.09.30 2009-09-30 0.01 -
Dr.Web 4.44.0.9170 2009.09.29 2009-09-29 5.43 -
F-Prot 4.4.4.56 20090929 2009-09-29 1.15 -
F-Secure 7.02.73807 2009.09.29.09 2009-09-29 8.48 -
Fortinet 2.81-3.120 10.888 2009-09-29 0.16 -
GData 19.8137/19.493 20090929 2009-09-29 5.03 -
ViRobot 20090929 2009.09.29 2009-09-29 1.00 -
Ikarus T3.1.01.72 2009.09.29.73820 2009-09-29 4.07 -
JiangMin 11.0.800 2009.09.26 2009-09-26 4.26 -
Kaspersky 5.5.10 2009.09.29 2009-09-29 0.02 -
KingSoft 2009.2.5.15 2009.9.29.22 2009-09-29 0.50 -
McAfee 5.3.00 5756 2009-09-29 3.23 -
Microsoft 1.5101 2009.09.29 2009-09-29 5.41 -
Norman 6.01.09 6.01.00 2009-09-16 1.82 -
Panda 9.05.01 2009.09.29 2009-09-29 1.71 -
Trend Micro 8.700-1004 6.488.01 2009-09-29 0.02 -
Quick Heal 10.00 2009.09.29 2009-09-29 1.15 -
Rising 20.0 21.49.14.00 2009-09-29 0.26 -
Sophos 2.90.1 4.45 2009-09-30 3.40 -
Sunbelt 5421 5421 2009-09-29 1.47 -
Symantec 1.3.0.24 20090929.003 2009-09-29 0.05 -
nProtect 20090929.01 5672855 2009-09-29 6.92 -
The Hacker 6.5.0.2 v00021 2009-09-28 0.64 -
VBA32 3.12.10.11 20090928.1523 2009-09-28 1.98 -
VirusBuster 4.5.11.10 10.112.53/1925201 2009-09-29 2.34 -
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP