Jump to content

Browser Redirects


Recommended Posts

I get redirected every time I click on a link from a search engine. It is actually like a double redirect.

For example, I first get redirected from a random link like http://alliedresearch.com/search.php

It then takes about three seconds before getting to another page such as http://www.leapfish.com/affiliates/default...91-27C71A0E4A7B

The redirects always seem to be different too. I got others such as http://adaptsol.com/search.php, http://agroargentino.com/search.php, and http://1oh1.com/search.php.

__________________________________________________

Well, here's my most recent Malwarebytes log

Malwarebytes' Anti-Malware 1.40

Database version: 2551

Windows 5.1.2600 Service Pack 2

8/24/2009 7:40:09 PM

mbam-log-2009-08-24 (19-40-09).txt

Scan type: Full Scan (C:\|)

Objects scanned: 174032

Time elapsed: 32 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

__________________________________________________

and here is my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:05:00 PM, on 8/25/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Wan You Mei\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html?p=DS

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--

End of file - 7103 bytes

Thanks in advance!

Link to post
Share on other sites

Hello,

Please start by doing this:

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

=

1. Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

3. Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

>

4. Please download & save Malwarebytes Anti-Malware from

http://www.download.com/Malwarebytes-Anti-..._4-10804572.htm or

http://www.besttechie.net/tools/mbam-setup.exe or

http://malwarebytes.gt500.org/mbam.jsp

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

>

5. Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

=

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of MBAM scan log
  • the contents of Eset scan log
  • the contents of OTL.txt
  • the contents of Extras.txt
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Thanks for all the instructions!

Here are the logs

Malwarebytes' Anti-Malware 1.40

Database version: 2551

Windows 5.1.2600 Service Pack 2

8/25/2009 7:00:41 PM

mbam-log-2009-08-25 (19-00-41).txt

Scan type: Quick Scan

Objects scanned: 89490

Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

__________________________________________________

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

# OnlineScanner.ocx=1.0.0.6050

# api_version=3.0.2

# EOSSerial=551bc0be8d58fb41a4a61911fbc2edb6

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-08-26 02:51:46

# local_time=2009-08-25 07:51:46 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=769 25 100 97 99287031250

# scanned=89576

# found=12

# cleaned=12

# scan_time=2222

C:\Documents and Settings\Wan You Mei\Desktop\Hacks\CheatEngine55.exe probably a variant of Win32/Genetik trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Wan You Mei\Local Settings\Temp\UACc678.tmp a variant of Win32/Kryptik.ACC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Cheat Engine\dbk32.sys probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Nexon\MapleStory Dead\MeMS.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Nexon\MapleStory v.55\localhost.exe Win32/PSW.Mapler.AJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Nexon\MapleStory v.55\MyStoryMS.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Nexon\MapleStoryV61\AyeosMS.exe Win32/PSW.Mapler.AJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Nexon\MapleStoryV61\FusionMS.exe Win32/PSW.Mapler.AJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Nexon\MapleStoryV61\localhost.exe Win32/PSW.Mapler.AJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Nexon\MapleStoryV62\MapleStoryV62Legend\localhost.exe Win32/PSW.Mapler.AJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\KbhyMlq9JygGa.vbs VBS/Disabler.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\PwnxHMa.vbs VBS/Disabler.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

__________________________________________________

OTL logfile created on: 8/25/2009 7:56:46 PM - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Wan You Mei\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.07 Mb Total Physical Memory | 242.84 Mb Available Physical Memory | 47.61% Memory free

1.20 Gb Paging File | 0.83 Gb Available in Paging File | 68.99% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.31 Gb Total Space | 22.00 Gb Free Space | 30.85% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: D1DY3181

Current User Name: Wan You Mei

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/03/22 19:55:00 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2005/03/22 19:55:00 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2008/05/15 16:06:57 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2008/05/15 16:19:24 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008/05/15 16:19:00 | 00,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2008/05/15 16:16:59 | 00,349,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2004/08/04 03:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2004/10/14 17:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

PRC - [2004/06/16 04:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2005/03/22 21:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

PRC - [2003/10/31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

PRC - [2006/07/06 09:10:26 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2006/04/26 08:29:50 | 00,237,568 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

PRC - [2004/02/12 14:38:56 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

PRC - [2004/05/12 16:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

PRC - [2008/05/15 16:19:31 | 00,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

PRC - [2006/08/28 22:57:12 | 00,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe

PRC - [2004/05/28 23:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

PRC - [2006/04/12 11:36:56 | 00,176,640 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2004/05/29 00:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

PRC - [2008/06/10 04:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

PRC - [2009/08/25 19:55:54 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wan You Mei\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/12 23:47:58 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2008/05/15 16:06:57 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

SRV - [2005/03/22 19:55:00 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

SRV - [2005/03/22 21:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

SRV - [2008/05/15 16:19:24 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

SRV - [2008/05/15 16:19:00 | 00,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

SRV - [2008/05/15 16:16:59 | 00,349,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2004/08/04 03:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

SRV - [2003/12/17 11:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])

SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2006/04/12 11:36:56 | 00,176,640 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])

SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/05/15 16:13:26 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])

DRV - [2004/08/03 21:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])

DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])

DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])

DRV - [2008/05/15 16:16:06 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

DRV - [2008/05/15 16:18:33 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

DRV - [2008/05/15 16:15:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

DRV - [2008/05/15 16:20:32 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

DRV - [2008/05/15 16:14:11 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

DRV - [2005/03/22 20:00:58 | 01,034,752 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

DRV - [2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [system | Running])

DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])

DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])

DRV - [2006/01/10 12:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])

DRV - [2004/02/10 19:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])

DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

DRV - [2009/07/18 14:43:22 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])

DRV - [2004/06/21 03:40:48 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

DRV - [2004/06/21 03:40:48 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

DRV - [2004/06/21 03:40:48 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

DRV - [2005/01/23 15:05:06 | 00,804,317 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])

DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])

DRV - [2006/03/24 08:32:00 | 00,008,704 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])

DRV - [2006/03/24 08:32:00 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])

DRV - [2006/03/24 08:32:00 | 00,127,488 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])

DRV - [2006/03/24 08:32:00 | 00,013,312 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])

DRV - [2007/11/14 19:01:20 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Nexon\MapleStory v.55\npkcrypt.sys -- (npkcrypt [Auto | Running])

DRV - [2004/08/03 20:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])

DRV - [2002/11/08 17:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [system | Running])

DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])

DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])

DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])

DRV - [2009/04/06 13:19:46 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER [On_Demand | Stopped])

DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2004/09/17 12:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])

DRV - [2004/08/03 21:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])

DRV - [2005/01/27 19:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])

DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])

DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])

DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])

DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])

DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])

DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])

DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0

FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2

FF - prefs.js..extensions.enabledItems: {47e5a66c-0e35-11dc-8314-0800200c9a66}:3.0.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090616

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/22 12:43:25 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/07 22:27:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 00:59:36 | 00,000,000 | ---D | M]

[2009/06/04 12:58:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\mozilla\Extensions

[2009/01/10 14:32:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/06/04 12:58:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\mozilla\Extensions\mozswing@mozswing.org

[2009/08/25 18:43:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\mozilla\Firefox\Profiles\fnjp4ghl.default\extensions

[2009/04/30 19:42:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\mozilla\Firefox\Profiles\fnjp4ghl.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}

[2009/04/30 19:42:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\mozilla\Firefox\Profiles\fnjp4ghl.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}

[2009/06/29 17:35:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\mozilla\Firefox\Profiles\fnjp4ghl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/06/29 17:35:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\mozilla\Firefox\Profiles\fnjp4ghl.default\extensions\nasanightlaunch@example.com

[2009/08/22 12:43:40 | 00,001,137 | ---- | M] () -- C:\Documents and Settings\Wan You Mei\Application Data\Mozilla\FireFox\Profiles\fnjp4ghl.default\searchplugins\dictionarycom.xml

[2009/08/25 18:43:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/08/04 00:59:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008/09/24 18:39:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2009/08/04 00:59:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/08/04 00:59:30 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

[2009/08/04 00:59:33 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2008/12/22 00:39:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2008/12/22 00:39:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2008/12/22 00:39:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2008/12/22 00:39:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2008/12/22 00:39:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2008/12/22 00:39:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2008/12/22 00:39:08 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/01/10 14:31:53 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/01/10 14:31:53 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/01/10 14:31:53 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/01/10 14:31:53 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/01/10 14:31:53 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/01/10 14:31:53 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/01/10 14:31:53 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (2005 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 127.0.0.1 gameguard.mapleglobal.com

O1 - Hosts: 29 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)

O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [steam] c:\program files\steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)

O4 - Startup: C:\Documents and Settings\Wan You Mei\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 119 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab (Windows Live Safety Center Base Module)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/07/29 19:05:09 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2005/02/23 12:39:12 | 00,000,398 | ---- | M] () - C:\AUTOEXEC.UP -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[2009/08/25 19:55:54 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wan You Mei\Desktop\OTL.exe

[2009/08/25 19:04:59 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[2009/08/25 18:52:54 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Wan You Mei\Desktop\ATF-Cleaner.exe

[2009/08/25 18:50:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/08/25 18:49:36 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Wan You Mei\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/25 18:49:32 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Wan You Mei\Desktop\NTREGOPT.lnk

[2009/08/25 18:49:32 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Wan You Mei\Desktop\ERUNT.lnk

[2009/08/25 18:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/08/25 18:33:47 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Wan You Mei\Desktop\erunt-setup.exe

[2009/08/25 17:46:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wan You Mei\Desktop\New Folder

[2009/08/24 00:52:21 | 00,005,703 | ---- | C] () -- C:\Documents and Settings\Wan You Mei\My Documents\Stans Summer Reading.wpd

[2009/08/23 18:18:50 | 01,089,601 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat

[2009/08/22 12:36:01 | 00,000,000 | ---D | C] -- C:\d1af4de26a35536805f6

[2009/08/21 16:26:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images

[2009/08/20 17:44:23 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2009/08/20 17:40:51 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/20 17:40:48 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/08/20 17:40:47 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/08/20 17:40:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/08/18 22:51:59 | 00,000,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg

[2009/08/18 01:41:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard

[2009/08/18 01:41:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3

[2009/08/18 01:41:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2009/08/18 01:30:21 | 00,030,208 | ---- | C] () -- C:\WINDOWS\System32\uacrem.dll

[2009/08/18 01:30:04 | 01,110,399 | ---- | C] () -- C:\WINDOWS\System32\uacmal.db

[2009/08/13 22:31:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2009/08/12 19:16:24 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009/08/12 19:14:59 | 00,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll

[2009/08/11 20:12:01 | 00,102,912 | ---- | C] () -- C:\Documents and Settings\Wan You Mei\Desktop\Lesson Pla Form-IT.doc

[2009/08/08 02:43:05 | 00,000,000 | ---D | C] -- C:\inilog

[2009/08/05 02:11:47 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll

[2009/08/03 14:54:05 | 00,002,481 | ---- | C] () -- C:\Documents and Settings\Wan You Mei\Desktop\Shawty.aup

[2009/08/03 14:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wan You Mei\Desktop\Shawty_data

[2009/07/28 19:48:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wan You Mei\My Documents\Infant Toddler Plan

[2009/07/27 00:35:41 | 05,391,936 | ---- | C] () -- C:\Documents and Settings\Wan You Mei\Desktop\DMX - X Gonna Give It To Ya (Dirty Version).mp3

[2009/06/28 21:34:55 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2009/06/16 22:55:01 | 00,017,908 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini

[2007/03/01 19:17:56 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2006/11/12 16:00:37 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2006/11/06 00:01:47 | 00,001,042 | ---- | C] () -- C:\WINDOWS\_isenv31.ini

[2006/11/06 00:01:47 | 00,000,521 | ---- | C] () -- C:\WINDOWS\_iserr31.ini

[2006/07/06 09:19:06 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/12/07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2005/08/15 22:26:42 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2005/08/02 00:56:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/08/02 00:27:20 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2005/08/02 00:27:12 | 00,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/08/10 11:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 11:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 10:51:28 | 00,000,646 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/10 10:51:26 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[2009/08/25 19:55:54 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wan You Mei\Desktop\OTL.exe

[2009/08/25 18:52:54 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Wan You Mei\Desktop\ATF-Cleaner.exe

[2009/08/25 18:49:36 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Wan You Mei\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/08/25 18:49:32 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Wan You Mei\Desktop\NTREGOPT.lnk

[2009/08/25 18:49:32 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Wan You Mei\Desktop\ERUNT.lnk

[2009/08/25 18:33:48 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Wan You Mei\Desktop\erunt-setup.exe

[2009/08/25 17:05:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/08/25 17:05:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/08/25 17:05:23 | 53,492,5312 | -HS- | M] () -- C:\hiberfil.sys

[2009/08/24 09:46:36 | 00,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk

[2009/08/24 01:21:53 | 00,005,703 | ---- | M] () -- C:\Documents and Settings\Wan You Mei\My Documents\Stans Summer Reading.wpd

[2009/08/23 18:28:18 | 37,778,896 | ---- | M] () -- C:\Documents and Settings\Wan You Mei\Desktop\setupeng.exe

[2009/08/22 19:26:22 | 07,465,728 | ---- | M] () -- C:\Documents and Settings\Wan You Mei\Desktop\Magnetic North We Will Not Be Moved - 9am Productions.mp3

[2009/08/22 19:20:56 | 00,046,392 | ---- | M] () -- C:\Documents and Settings\Wan You Mei\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/08/22 19:19:16 | 00,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/08/22 12:50:57 | 00,503,304 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/08/22 12:50:57 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/08/22 12:50:57 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/08/20 17:40:51 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/20 17:32:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/08/18 23:11:29 | 00,000,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg

[2009/08/18 01:30:21 | 00,030,208 | ---- | M] () -- C:\WINDOWS\System32\uacrem.dll

[2009/08/18 01:30:20 | 01,110,399 | ---- | M] () -- C:\WINDOWS\System32\uacmal.db

[2009/08/17 01:35:17 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/08/13 22:34:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/08/11 20:17:45 | 00,102,912 | ---- | M] () -- C:\Documents and Settings\Wan You Mei\Desktop\Lesson Pla Form-IT.doc

[2009/08/11 03:59:12 | 01,383,902 | -H-- | M] () -- C:\Documents and Settings\Wan You Mei\Local Settings\Application Data\IconCache.db

[2009/08/05 02:11:47 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll

[2009/08/05 02:11:47 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll

[2009/08/03 14:54:05 | 00,002,481 | ---- | M] () -- C:\Documents and Settings\Wan You Mei\Desktop\Shawty.aup

[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/07/29 17:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/07/27 15:40:13 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009/07/27 00:36:23 | 05,391,936 | ---- | M] () -- C:\Documents and Settings\Wan You Mei\Desktop\DMX - X Gonna Give It To Ya (Dirty Version).mp3

========== LOP Check ==========

[2009/08/18 01:41:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2008/12/22 01:37:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2005/08/15 12:43:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2005/08/15 12:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2007/12/20 15:32:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell

[2006/10/21 18:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2005/08/02 00:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit

[2006/10/21 18:53:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2004/08/10 11:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2009/08/18 01:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard

[2009/08/18 23:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2007/08/05 17:36:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2007/01/14 20:10:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)

[2009/07/01 14:35:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Wan You Mei\Application Data

[2007/07/02 21:51:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\acccore

[2006/01/27 14:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Ahead

[2005/09/30 18:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Aim

[2009/08/24 23:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Audacity

[2009/06/30 19:34:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Auslogics

[2007/03/05 19:18:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Corel

[2005/08/15 12:53:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\CyberLink

[2006/10/21 21:20:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Datalayer

[2009/01/21 17:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\godzHell

[2009/07/18 15:28:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Hamachi

[2007/03/04 15:23:01 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\ijji

[2008/05/21 14:56:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\ijjigame

[2007/07/26 12:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Nexon

[2008/08/20 21:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\NJStar

[2006/10/21 20:07:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Nokia

[2007/12/26 14:32:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Nokia Multimedia Player

[2006/10/21 18:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\PC Suite

[2009/05/01 15:51:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Screaming Bee

[2008/03/14 15:54:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Ventrilo

[2007/03/09 19:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Viewpoint

[2009/05/23 10:49:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wan You Mei\Application Data\Xilisoft Corporation

[2004/08/04 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/08/25 17:05:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

__________________________________________________

OTL Extras logfile created on: 8/25/2009 7:56:46 PM - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Wan You Mei\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.07 Mb Total Physical Memory | 242.84 Mb Available Physical Memory | 47.61% Memory free

1.20 Gb Paging File | 0.83 Gb Available in Paging File | 68.99% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 71.31 Gb Total Space | 22.00 Gb Free Space | 30.85% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: D1DY3181

Current User Name: Wan You Mei

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"17133:TCP" = 17133:TCP:*:Enabled:BitComet 17133 TCP

"17133:UDP" = 17133:UDP:*:Enabled:BitComet 17133 UDP

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

"C:\Program Files\Steam\SteamApps\passdapeacepipe\counter-strike\hl.exe" = C:\Program Files\Steam\SteamApps\passdapeacepipe\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Program Files\Steam\SteamApps\passdapeacepipe\condition zero\hl.exe" = C:\Program Files\Steam\SteamApps\passdapeacepipe\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Nexon\MapleStory\Patcher.exe" = C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ???? -- ()

"C:\Nexon\MapleStory\MapleStory.exe" = C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory -- (Wizet)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Steam\SteamApps\rikey916\counter-strike\hl.exe" = C:\Program Files\Steam\SteamApps\rikey916\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Program Files\Steam\SteamApps\passdapeacepipe\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\passdapeacepipe\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()

"C:\Program Files\Steam\SteamApps\passdapeacepipe\day of defeat source\hl2.exe" = C:\Program Files\Steam\SteamApps\passdapeacepipe\day of defeat source\hl2.exe:*:Enabled:hl2 -- ()

"C:\Program Files\Steam\SteamApps\passdapeacepipe\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\passdapeacepipe\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()

"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement

"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition

"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections

"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server

"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan

"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland

"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax

"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects

"{2C927BC2-D402-4781-97BD-920E415847A2}" = 6200Trb

"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload

"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5

"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update

"{508FA22B-AFFC-46CD-9441-2567976574A4}" = Nokia PC Suite

"{588AA47B-9115-44D3-B2E5-4F10BC659D6C}" = Nokia PC Connectivity Solution

"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool

"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext

"{5B8B3C61-BDF7-4882-807E-A30AF1A64A9C}" = 6200

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed

"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon

"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal

"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant

"{80EAC1F5-3067-4E57-A09F-3AF728C59FE5}" = MapleStory

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source

"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1

"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects

"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen

"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2

"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery

"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan

"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update

"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1

"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc

"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director

"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates

"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer

"{B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374}" = MapleStory

"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare

"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C797EAF2-707A-4239-BDF3-F2672314A734}" = First Step Guide

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike

"{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1

"{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}" = Nokia Connectivity Cable Driver

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm

"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations

"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg

"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2

"{F8CA8A19-48E5-4510-BD5C-B148862D8439}" = 6200_Help

"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime

"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour

"010D072E91408D6B7C6FC65489B6D30C027605F5" = Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"AIM_6" = AIM 6

"All ATI Software" = ATI - Software Uninstall Utility

"AOL Instant Messenger" = AOL Instant Messenger

"ATI Display Driver" = ATI Display Driver

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)

"Audiosurf_is1" = Audiosurf Beta

"avast!" = avast! Antivirus

"Cheat Engine 5.5_is1" = Cheat Engine 5.5

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"GameCommClient_is1" = GameComm

"Guild Wars" = Guild Wars

"HijackThis" = HijackThis 2.0.2

"HP Photo & Imaging" = HP Image Zone 4.2

"LimeWire" = LimeWire 5.1.3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NJStar Chinese WP" = NJStar Chinese WP

"PROSet" = Intel® PRO Network Adapters and Drivers

"RealPlayer 6.0" = RealPlayer

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4

"Steam App 240" = Counter-Strike: Source

"Steam App 302" = Day of Defeat: Source Beta

"StreetPlugin" = Learn2 Player (Uninstall Only)

"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell

"WIC" = Windows Imaging Component

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xilisoft DPG Converter" = Xilisoft DPG Converter

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 7/24/2008 4:42:13 AM | Computer Name = D1DY3181 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Wan You Mei\Application Data\Mozilla\Firefox\Profiles\fnjp4ghl.default\prefs-1.js

failed, 0000A413.

Error - 7/24/2008 4:42:13 AM | Computer Name = D1DY3181 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Wan You Mei\Application Data\Mozilla\Firefox\Profiles\fnjp4ghl.default\prefs.js

failed, 0000A413.

Error - 7/24/2008 4:42:17 AM | Computer Name = D1DY3181 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\FONTS\VGASYS.FON failed, 0000A413.

Error - 7/24/2008 4:49:41 AM | Computer Name = D1DY3181 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\system32\avicap32.dll failed, 0000A413.

Error - 7/24/2008 4:49:41 AM | Computer Name = D1DY3181 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\system32\MSVFW32.dll failed, 0000A413.

Error - 7/24/2008 4:49:52 AM | Computer Name = D1DY3181 | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\system32\bthprops.cpl failed, 0000A413.

Error - 8/18/2009 5:00:33 AM | Computer Name = D1DY3181 | Source = avast! | ID = 33554522

Description = Internal error has occurred in module aswar scan function failed!,

function A0000111.

Error - 8/18/2009 9:19:06 PM | Computer Name = D1DY3181 | Source = avast! | ID = 33554522

Description = Internal error has occurred in module aswar scan function failed!,

function A0000111.

Error - 8/18/2009 10:21:26 PM | Computer Name = D1DY3181 | Source = avast! | ID = 33554522

Description = Internal error has occurred in module aswar scan function failed!,

function A0000111.

Error - 8/19/2009 12:35:14 AM | Computer Name = D1DY3181 | Source = avast! | ID = 33554522

Description = Internal error has occurred in module aswar scan function failed!,

function A0000111.

[ Application Events ]

Error - 8/18/2009 4:23:02 AM | Computer Name = D1DY3181 | Source = Application Error | ID = 1000

Description = Faulting application AcroRd32.exe, version 6.0.2.126, faulting module

unknown, version 0.0.0.0, fault address 0x0c0c0c0c.

Error - 8/18/2009 4:30:01 AM | Computer Name = D1DY3181 | Source = Application Error | ID = 1000

Description = Faulting application asrwoxcmen.tmp, version 0.0.0.0, faulting module

unknown, version 0.0.0.0, fault address 0x00177fe8.

Error - 8/18/2009 4:30:29 AM | Computer Name = D1DY3181 | Source = Application Error | ID = 1001

Description = Fault bucket 691334498.

Error - 8/18/2009 8:40:23 PM | Computer Name = D1DY3181 | Source = Application Error | ID = 1000

Description = Faulting application superantispyware.exe, version 4.27.0.1002, faulting

module superantispyware.exe, version 4.27.0.1002, fault address 0x000039e0.

Error - 8/18/2009 8:40:34 PM | Computer Name = D1DY3181 | Source = Application Error | ID = 1000

Description = Faulting application superantispyware.exe, version 4.27.0.1002, faulting

module superantispyware.exe, version 4.27.0.1002, fault address 0x000039e0.

Error - 8/18/2009 8:40:38 PM | Computer Name = D1DY3181 | Source = Application Error | ID = 1001

Description = Fault bucket 1402284941.

Error - 8/18/2009 8:41:43 PM | Computer Name = D1DY3181 | Source = Application Error | ID = 1000

Description = Faulting application superantispyware.exe, version 4.27.0.1002, faulting

module superantispyware.exe, version 4.27.0.1002, fault address 0x000039e0.

Error - 8/18/2009 10:23:05 PM | Computer Name = D1DY3181 | Source = Application Error | ID = 1000

Description = Faulting application DSAgnt.exe, version 2.1.3.176, faulting module

unknown, version 0.0.0.0, fault address 0x02a3cbe0.

Error - 8/19/2009 12:47:23 AM | Computer Name = D1DY3181 | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x0147cbe0.

Error - 8/19/2009 12:50:21 AM | Computer Name = D1DY3181 | Source = Application Error | ID = 1004

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x0147cbe0.

[ System Events ]

Error - 8/22/2009 3:24:51 PM | Computer Name = D1DY3181 | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/22/2009 10:20:10 PM | Computer Name = D1DY3181 | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/22/2009 10:44:34 PM | Computer Name = D1DY3181 | Source = WPDMTPDriver | ID = 80836

Description = MTP WPD Driver has failed to start. Error 0x8007001f.

Error - 8/23/2009 6:10:18 AM | Computer Name = D1DY3181 | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the Netman service.

Error - 8/23/2009 9:16:35 PM | Computer Name = D1DY3181 | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/24/2009 12:32:08 AM | Computer Name = D1DY3181 | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/24/2009 12:09:26 PM | Computer Name = D1DY3181 | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/24/2009 12:56:01 PM | Computer Name = D1DY3181 | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/24/2009 7:45:45 PM | Computer Name = D1DY3181 | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/25/2009 8:06:04 PM | Computer Name = D1DY3181 | Source = Service Control Manager | ID = 7000

Description = The MCSTRM service failed to start due to the following error: %%2

< End of report >

__________________________________________________

Results of screen317's Security Check version 0.98.9

Windows XP Service Pack 2

Out of date service pack!!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Antivirus

Windows Live OneCare safety scanner

Windows Live OneCare safety scanner

``````````````````````````````

Anti-malware/Other Utilities Check:

Out of date Spybot installed!

Ad-Aware

Spybot - Search & Destroy 1.4

Malwarebytes' Anti-Malware

HijackThis 2.0.2

Java 6 Update 7

Java 2 Runtime Environment, SE v1.4.2_03

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 6.0.1

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Alwil Software Avast4 aswUpdSv.exe

Alwil Software Avast4 ashServ.exe

Alwil Software Avast4 ashDisp.exe

Alwil Software Avast4 ashMaiSv.exe

Alwil Software Avast4 ashWebSv.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Link to post
Share on other sites

Your logs showed some peer-to-peer filesharing apps, like LimeWire. I do not recommend their use since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Remove (de-install) LimeWire and any other such filesharing. Then restart the system, and confirm that you have done so.

"File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

The system had a number of trojans (most likely from downloads ! ) and shows signs of a rootkit infection.

=

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

=

RE-Enable your AntiVirus and AntiSpyware applications.

=

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

At this time of posting, the current definitions are # 2697 or later. The latest program version is 1.40

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

=

Reply with copy of C:\Combofix.txt

and the latest MBAM scan log

Link to post
Share on other sites

Thanks again for the help. Sorry I couldn't get back to you as quickly as I could.

ComboFix 09-08-26.05 - Wan You Mei 08/26/2009 17:07.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.222 [GMT -7:00]

Running from: c:\documents and settings\Wan You Mei\Desktop\Combo-Fix.exe

AV: avast! antivirus 4.8.1201 [VPS 081031-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Wan You Mei\Application Data\0200000018d57338619C.manifest

c:\documents and settings\Wan You Mei\Application Data\0200000018d57338619O.manifest

c:\documents and settings\Wan You Mei\Application Data\0200000018d57338619P.manifest

c:\documents and settings\Wan You Mei\Application Data\0200000018d57338619S.manifest

c:\windows\Fonts\WPHV07NB.TTF

c:\windows\GnuHashes.ini

c:\windows\run.log

c:\windows\system32\bszip.dll

c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro

c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk

c:\windows\system32\drivers\kbiwkmvitbxhoy.sys

c:\windows\system32\drivers\UACumqrgsipfx.sys

c:\windows\system32\GroupPolicy000.dat

c:\windows\system32\images

c:\windows\system32\images\i1.gif

c:\windows\system32\images\i2.gif

c:\windows\system32\images\i3.gif

c:\windows\system32\images\j1.gif

c:\windows\system32\images\j2.gif

c:\windows\system32\images\j3.gif

c:\windows\system32\images\jj1.gif

c:\windows\system32\images\jj2.gif

c:\windows\system32\images\jj3.gif

c:\windows\system32\images\l1.gif

c:\windows\system32\images\l2.gif

c:\windows\system32\images\l3.gif

c:\windows\system32\images\pix.gif

c:\windows\system32\images\t1.gif

c:\windows\system32\images\t2.gif

c:\windows\system32\images\up1.gif

c:\windows\system32\images\up2.gif

c:\windows\system32\images\w1.gif

c:\windows\system32\images\w11.gif

c:\windows\system32\images\w2.gif

c:\windows\system32\images\w3.gif

c:\windows\system32\images\w3.jpg

c:\windows\system32\images\wt1.gif

c:\windows\system32\images\wt2.gif

c:\windows\system32\images\wt3.gif

c:\windows\system32\kbiwkmdpcjbkjb.dat

c:\windows\system32\kbiwkmjnpcngae.dll

c:\windows\system32\kbiwkmkrxjqioi.dat

c:\windows\system32\kbiwkmsqlhdade.dll

c:\windows\system32\nerocheck.exe

c:\windows\system32\UAChlesrtxphy.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_kbiwkmlmogmjcv

-------\Legacy_kbiwkmlmogmjcv

-------\Service_UACd.sys

-------\Legacy_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))

.

2009-08-26 02:04 . 2009-08-26 02:04 -------- d-----w- c:\program files\ESET

2009-08-26 01:49 . 2009-08-26 01:49 -------- d-----w- c:\program files\ERUNT

2009-08-22 19:36 . 2009-08-22 19:37 -------- d-----w- C:\d1af4de26a35536805f6

2009-08-21 00:44 . 2009-08-21 00:49 -------- d-----w- c:\program files\Windows Live Safety Center

2009-08-21 00:40 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-21 00:40 . 2009-08-21 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-21 00:40 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-18 08:41 . 2009-08-18 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2009-08-18 08:41 . 2009-08-19 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2009-08-18 08:41 . 2009-08-18 08:41 -------- d-----w- c:\program files\Common Files\iS3

2009-08-18 08:30 . 2009-08-18 08:30 30208 ----a-w- c:\windows\system32\uacrem.dll

2009-08-14 05:31 . 2009-08-14 05:31 -------- d-----w- c:\windows\ServicePackFiles

2009-08-13 02:14 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2009-08-08 09:43 . 2009-08-10 02:06 -------- d-----w- C:\inilog

2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-26 23:49 . 2008-02-16 03:33 -------- d-----w- c:\program files\Steam

2009-08-26 02:26 . 2009-06-29 04:34 -------- d-----w- c:\program files\Cheat Engine

2009-08-25 06:36 . 2009-07-01 21:35 -------- d-----w- c:\documents and settings\Wan You Mei\Application Data\Audacity

2009-08-23 02:20 . 2005-08-16 01:44 46392 -c--a-w- c:\documents and settings\Wan You Mei\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-19 06:11 . 2009-08-19 05:51 480 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2009-08-05 09:11 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-18 22:28 . 2008-08-03 19:58 -------- d-----w- c:\documents and settings\Wan You Mei\Application Data\Hamachi

2009-07-18 21:43 . 2008-08-03 19:57 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-07-17 18:55 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 21:09 . 2005-09-04 05:00 -------- d-----w- c:\documents and settings\Wan You Mei\Application Data\AdobeUM

2009-07-14 06:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-01 21:35 . 2009-07-01 21:35 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2009-07-01 02:34 . 2009-06-30 21:34 -------- d-----w- c:\documents and settings\Wan You Mei\Application Data\Auslogics

2009-06-30 21:33 . 2009-06-30 21:33 -------- d-----w- c:\program files\Auslogics

2009-06-29 04:10 . 2005-08-02 07:46 -------- d-----w- c:\program files\Real

2009-06-29 04:09 . 2009-05-03 03:04 -------- d-----w- c:\program files\Rhapsody

2009-06-29 00:13 . 2005-08-31 23:59 -------- d-----w- c:\program files\Warcraft III

2009-06-26 16:18 . 2004-08-10 17:51 659456 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 16:18 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-16 14:55 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:55 . 2004-08-10 17:51 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-12 11:50 . 2004-08-10 17:51 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:21 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:32 . 2004-08-10 17:51 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 07:42 . 2004-08-10 18:01 655872 ----a-w- c:\windows\system32\mstscax.dll

2009-06-03 19:27 . 2004-08-10 17:51 1290752 ----a-w- c:\windows\system32\quartz.dll

2007-04-09 04:08 . 2007-03-02 02:17 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"Steam"="c:\program files\steam\steam.exe" [2009-07-24 1217784]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

"Aim6"="c:\program files\AIM6\aim6.exe" [2007-04-27 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-06 180269]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\documents and settings\Wan You Mei\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Steam\\SteamApps\\passdapeacepipe\\counter-strike\\hl.exe"=

"c:\\Program Files\\Steam\\SteamApps\\passdapeacepipe\\condition zero\\hl.exe"=

"c:\\StubInstaller.exe"=

"c:\\Nexon\\MapleStory\\Patcher.exe"=

"c:\\Nexon\\MapleStory\\MapleStory.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\SteamApps\\rikey916\\counter-strike\\hl.exe"=

"c:\\Program Files\\Steam\\SteamApps\\passdapeacepipe\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Steam\\SteamApps\\passdapeacepipe\\day of defeat source\\hl2.exe"=

"c:\\Program Files\\Steam\\SteamApps\\passdapeacepipe\\half-life 2 deathmatch\\hl2.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17133:TCP"= 17133:TCP:BitComet 17133 TCP

"17133:UDP"= 17133:UDP:BitComet 17133 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/25/2008 1:57 PM 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/25/2008 1:57 PM 20560]

S3 ba1;ba1;\??\c:\documents and settings\Wan You Mei\Desktop\hack\Working UCE's\BaGay\ba.sys --> c:\documents and settings\Wan You Mei\Desktop\hack\Working UCE's\BaGay\ba.sys [?]

S3 cheetah1;cheetah1;\??\c:\docume~1\WANYOU~1\LOCALS~1\Temp\Rar$EX00.109\cheetah.sys --> c:\docume~1\WANYOU~1\LOCALS~1\Temp\Rar$EX00.109\cheetah.sys [?]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 1:19 PM 23064]

S3 sejt1;sejt1;\??\c:\docume~1\WANYOU~1\LOCALS~1\Temp\Rar$EX01.032\sejt.sys --> c:\docume~1\WANYOU~1\LOCALS~1\Temp\Rar$EX01.032\sejt.sys [?]

S3 XDva010;XDva010;\??\c:\windows\system32\XDva010.sys --> c:\windows\system32\XDva010.sys [?]

S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]

S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]

S3 xp1;xp1;\??\c:\documents and settings\Wan You Mei\Desktop\hack\Working UCE's\XPEngine [zenos' new one]\xp.sys --> c:\documents and settings\Wan You Mei\Desktop\hack\Working UCE's\XPEngine [zenos' new one]\xp.sys [?]

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.dell4me.com/mywaybiz

uInternet Connection Wizard,ShellNext = iexplore

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

FF - ProfilePath - c:\documents and settings\Wan You Mei\Application Data\Mozilla\Firefox\Profiles\fnjp4ghl.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-26 17:18

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

"ImagePath"="\??\c:\documents and settings\Wan You Mei\Desktop\hack\Working UCE's\XPEngine

[zenos' new one]\xp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xp1]

"ImagePath"="\??\c:\documents and settings\Wan You Mei\Desktop\hack\Working UCE's\XPEngine

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-08-27 17:22

ComboFix-quarantined-files.txt 2009-08-27 00:21

Pre-Run: 23,622,176,768 bytes free

Post-Run: 24,151,732,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

212 --- E O F --- 2009-08-26 05:17

__________________________________________________

Malwarebytes' Anti-Malware 1.40

Database version: 2702

Windows 5.1.2600 Service Pack 2

8/26/2009 5:43:18 PM

mbam-log-2009-08-26 (17-43-18).txt

Scan type: Quick Scan

Objects scanned: 87889

Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

The results of MBAM is very encouraging, with the Combofix having removed a TDSS/CLB rootkit infection.

Follow-up:

Please download and run the Trend Micro Sysclean Package on your computer.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.
    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.

How To Use Compressed (Zipped) Folders in Windows XP

Compress and uncompress files (zip files) in Vista

Link to post
Share on other sites

Sorry it took so long but thanks for waiting and your continued help.

/--------------------------------------------------------------\

| Trend Micro System Cleaner |

| Copyright 2009-2010, Trend Micro, Inc. |

| http://www.trendmicro.com |

\--------------------------------------------------------------/

2009-08-27, 21:16:09, Auto-clean mode specified.

2009-08-27, 21:16:10, Initialized Rootkit Driver version 2.2.0.1004.

2009-08-27, 21:16:10, Running scanner "C:\Trend Micro\TSC.BIN"...

2009-08-27, 21:16:37, Scanner "C:\Trend Micro\TSC.BIN" has finished running.

2009-08-27, 21:16:37, TSC Log:

Link to post
Share on other sites

There are 4 files tagged by Sysclean as having viruses. Do you recall whether these were downloads of some sort?

C:\Documents and Settings\Wan You Mei\Application Data\Auslogics\Rescue\One Button Checkup\090630143714093.rsc

C:\Program Files\Nexon\MapleStory Dead\OasisMS.exe

C:\Program Files\Nexon\MapleStory Dead\OasisMS.rar

C:\Program Files\Nexon\MapleStory v.55\HitsuMs.exe

I suggest you consider deleting them.

Link to post
Share on other sites

We can wrap this up, after the following.

Unless you have purchased Malwarebytes' Anti Malware {MBAM}, you should to un-install it.

Go to Control Panel and Add-or-Remove programs.

Look for it and click the line for it. Select Change/Remove to de-install it.

De-install Adobe Reader

De-install ESET Online scan.

OK & Exit out of Control Panel.

Get the latest Adobe Reader version from http://www.adobe.com/products/acrobat/readstep2.html

javaicon.gif get the latest Java run-time

See this topic in the AumHa Security forum

http://aumha.net/viewtopic.php?f=26&t=41698

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combo-fix icon_exclaim.gif), put that name in the RUN box stated just below.

The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after x and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the command box that opens, type or copy/paste combo-fix /u and then click OK.

  • Please double-click OTL.exe otlDesktopIcon.png to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

We are finished here. Best regards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.