antispyware soft trojan

View previous topic View next topic Go down

antispyware soft trojan

Post by dreame277232 on 25th April 2010, 4:42 am

help help help plz this thing is driving me batty

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24481
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware soft trojan

Post by dreame277232 on 25th April 2010, 4:45 am

DDS (Ver_10-03-17.01) - NTFSx86
Run by default at 0:39:58.89 on Sun 04/25/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1322 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100424-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\default\Local Settings\Application Data\asam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\3OD1ZFCQ\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Search panel: {16b80734-7dd7-e746-a8f7-1b5190e9abb4} - c:\windows\system32\ntonwvaneas.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [asam] c:\documents and settings\default\local settings\application data\asam.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSN OptimizedIE8;ENUS)" -"http://www.underdog.be/games/warv43d/"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [asam] c:\documents and settings\default\local settings\application data\asam.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: LegacyDrive = a7be97e2eeb48fa6dc7dc2a74c138ddd2551b211e063feef447a295c74c4fd092c9bba4948fcba20863c519c8cf6f7682d48a99ee83f8cddb18fd49bf488e4bdd845b665c0277e0c18818ad0f04e956d0f1ec05c3413f1d8d14b5f8dee7a7c7ba1312453df611b24921ab636ec99d836fa8220947c6a612af498531efd0d8809dec1a1595f30c1f3db15421d9776a79c52e0d2191ef477ca6ed722d14e6fb594d89c10228f8c3701350f918d077aebeae53fc13db3c1b91cff667142e4ed7a882e02a410be0f7dc4305614ffbc3c03895ae8acc92a0dc23612040b0fa91e654c543807d4ae90af0af02ed628000387c36c437629de45ab16af4b717a9e65ab7dc89267c1d427b6e76f75ba54f8a600357ce810c0e4cd43bd6df2d54659df3bcbe42fb7587af1291b274d28214f6b51609f90df98fa438b7cc05a4f57f5a7e1775589754f562dd392ae020048156d1b224cbe850b5e6344ff265caa2011ef3107259daa5843549799a9e6d544baba7e1a02c20dbb75adc374f75d4a58229b9892bf430a17f9a55903e513bd1341989f5be289917117c587cf823c447826ae12dec0b5b6045b06a3e01ff46e036a35827b21e915f949d85a2fd1fcf97cb23fbccb3a858bb8a5ed9af5ee54e1ede4c01bcda7802b35ec76368fac0a3f649e255c0127a8bb6f7d00e3a60cfb3cfe19dad2e6a5a756d894c9658c0ed50d6d26a78e49b9b25d4c99946f2febedb3adce72e0373d3d72e83767efbb1dd9976ffc5b5f5bfc4afe75095588199d5b6dc2d655d4cf2639eb884c1e7b5c83a0bf6cf986764e82a2370a8ef905695824237061f629271d60589eec912b324b612e0d4cef13ec43890325c3cd3297e8c90eb6c536f9996e83792dbfb0d79ffb7d26cf59ddde5fbfa8c70acd9019381d56e1cfc93da64b2ebf4d11f0803a003e80b84a58949b824e1723f50add243e90686415855f4568ee3ba4adfb3b44007684bcdf46125a6da321f9676ce492376dca68603100821d17375e45a8a7e472285499626b90159eeac1b7591664979aed52bc9eca429077819090faab3c48d83f367f0b62d9af7481d0b5b7c29c91d495e5b0cee389546f9bce8139895e03587ae2b2d6a0d3f50e388d856369a67432707d6d04fa163d09d12592c2bb6803fd9f3a5106ea66ed1c3139ba2218db139772de10c8aa18ea054461ae4c915872451d916f9a77b1c1c8bfa9aadb5b95e378ece4302181ba37b50a9292360f2823cfa296a81692bd8f8ee1e60b7078a967ab1a0e9a2997f31d5442aef9d9a4f224ab72f70dfb4bbdd5764769318201e01c0fb2073845af711d6fead3fb0abbb9801ce177fcc7c361c31efc3fd23717fbb682979daa593b7900d880a7c2ee66b498b47797ecfe06e74d30b54b115439313f69c462c3abfd551663fe1ca54acd62ff039477bc11d99ab53c54787436fef0ea7e6b1960855986b00f89c9b5ddcd35008963e8cdb181093557314fa5885fc38e3c31c65e7e9655b0cd228cbfc119ec6921f1cad3b2151edbcd687041c3509f3a85416270a4dfdc4b7c63716fab3fd786c805703f5285d796e735b856b7d7e6dd3755a7201af052ee7d991d79629f30125f8bfe349748d4c4ea88b2f79769625b350d40a8dda8f821c91b39ceb2ca294b974d4c1bbb68a83eec3e27060bc13c26c96dc90caf36417161bf092e23cc25519cfa1070daadeb3d974bda5bbba8ac7021c0ba7c9eac1169e940cfd3e2d351da69aace9fa49b4f5af84c796b59ad04f961c66fd99fb3f2b131edb55d95ca3f91bc4831c06006343d989330a0aaebbe6c203fe1ef1ef5f069f2f0d770ed117f9271fe8b3d4ca32245dc44f4d843f37dbf4dd6147dc3a06d8f80d4d29fd392affa25b15444dc0ff76a7e25f8d91adf69eee4aacead1fce21b540fe1a73502dac9792a4d3c466528d8c6d63269bee13b93278c5a2f4d7c94f1b4bef9950bdad66113d20710273a2bced91ef250786863a7575524e0e658acc633ad6ccfce4b3e4e5d6184169ba5af61e634d932103acfaa39ebb6ea5be2aedff693dc0a7502a50963049c23b91ff54a728e8cfd6ff7826fb4d95f94d404a7159f9bf6b9cd869da51fb7e668801ac5978140abc16264fbde67a415412677127b95926aa8918978a904d5d4c4f41273111e9b05e7ab920ee3963338c16e5a29b13b4258540afee4204b52ecebcb9dadaa419afc1fb2b73bf62197f5d85f07a30fef367c37635e2d20e67a6b9fdee532b7a386e27dc51aa2800b1669deb587698b01ebf26ca94447caf714ebe06581534847a182fc949134a93dad3f0328e481f3cf1dc6b81e2034541f5137d9d1556064c6e5ef98f8999dd67b9252605b7e6fb8289d53dd0a89bc4f1615eec667cdb9550eb1cb5d561e60ceb0c65520ffead5a94d33fb2a49f2d3381257fd6114ad4c99ac84cc3ca27a694fae9a600b305bacd7298dc1ba8d6baf405461524f62f674b6d4dc830e0c91258946844d8e51b0324671b3729b7525d9705d7bdecefa3fe7b874fe157a51f2f728140f006814ede344f191aeb2fa91d0c9080f0cce01ea059a5cbecc0ca90420e3687eab5a3548032aef4a7ed2ab5fc61baf986497c9f71fb49ce66d7cc463ae82da0efbc19e836cf66ab3248f6517fe3ddad732fc6d3a4f9922aaa0843c2260a19e702cffaf6fbb5176f5d64cd4c0ebbc991ce097025bd817ee01ee8ede5be5a911832488b2075ab198f21fc623bc26b6a6d8d2041433cc67a53194adf9158e06373a94858530e4fe314ea98ac085b9cda11caf03e07c1c6ce5afcb756f9c2c06a72758a9f5a68eefaeff2d4b8a9fcc1abf1fd70c668845bc664dbb2ecb3ebcc008d5cbe96c6fe2d90486860e4c1de999f9978a62a2781b3cd241e627160301daab37babf53707023db4c65da55c788e81b9cc94a5e3c870e9e3f66a35cfc3905fc5c615652e583d91fe26531081e2904558383f63be041f3b10c209528d46d2375aad7314c9936782da8655a202bbef692c001a3bfef24fbc5d7041e33350c04f7050dddfbd4e4f4f7ddabd153ab0505da006f8a543ec16209ad1e85b0d4a48204f0f979aee46f4bb2905b1db011207a292ed0827a410d6597e75139efa5998bbdf3f6af46a39e9742e634bef1eb04985e9afe918ea86f29bc40f4fd754d2e8a759a509b1317bad984235fc7398ba127fcf4a0210340f1bce27f66a1dc3bc7fddc24c74549a482c68ece6d9121ffdc10f485f41d94e6a12d54bdacbce35e1e6a7a2bd7a893b77fa3dc13ce8010ecc0e4463b8d0ad5980bd5f1af8647cd0f069e75e13d84f4e10b8690bf8e47c51e71623e1e7454e7911318b03f53b840d3d7bc8798c0dce76acab36aee981fc53c1b83ce7f39d652d214bed1dfa0c09eb6b633fd15bf0c10e9995fb2e13d7688d4887a91700a1d8513a741a9d660373b9d4acdf8a6d079e18a111cfd9a08a4032cd9b853b6fbc47c3aad5dffa93aea323f72f5e807b159949f374694fbebec9b24b383df7dbaab65a895bb665883cb4c1ad64c24d2dbc6d6da7fce5a465d65d66de70b527801857b8ad335fd30477fef4e15b206b27cb4cb0b73d1fccf6564e0f03f65f4b3eb121660a361c17528dc748659dfbc005f1a8febabcc7686c1a90a53198ec4764f72dadf72dfd270aad945cbce82ee94114bd4b342cdbff2f3802e79acefff0c0afd9a4f22899bed722eb4600a0cbdce4471770fbc69543da67380e9fe39f808f7bdfeefe4482466fc3cf46fdb94cebfa40822bd51700e6413ba31b93b714576cbc917499f4f17f3714e2fa1bb0e776447054de55a2d074ae7bd3ff908cbc336dcfac789c8ae0ec50773eabcb212d4ecf91aab1562a98fa82d258d7d7529a06a800731bcf9baf7ea17668b321d9d7de74a46b86963518994a8cf2f8b057adfa95f146380276920aac5b7dbb806509572d1cf0bee27c8bf859eff2c814786584e631eb23b6f738988064d45e9cfd7a5543adbecc4f72f3df42574c038aa241df044e355dbebc5502ec01a5c37a8f53f478291156bd54e037755d6be2ca9b3d0bb4f4326d0ea22bb1ef37069237dfce3f68e62e00b87a2c1d64b113fb46cdb189aabfc3da5eebae13082b7088bc16d522ce82ee04e5fc47bf6e514638e19fab66846a6eebc67320ac45f4e4c9ee32bbd266520638a96d4501f1e625c0dafcbac5c39b09917778c98c0d5c6afa0cc0572cd39b79f33978fc5a70cb55952f85843410e6ff969c36936fb834e8c6ec2a8f714b3152e309fa2df333b1a8de9d2863901c31f31ff64bec9997823fff8690c79197481e4c6135b5b2f27e24c9c20cbe66e6ef69ab86feaccf91be0a1daf868fa84078e0a8bde33137c1019de71deb25bd8ff812f0433497fb990eb2f02951530f0456c0973d7738dca9c6d69ae2ffb98992bc6232eee85d008076249a2a5340706899b194d50590ccf1abf3e5d421e8114af799a7d4b48a99e40b31ddb0289d95daf1a97b478c75822e2117ba6fe18d752747f6a8819d0294cec3a8a5d92c179a7429eee6576aaf562bc171f5e12ad62c48093d2edfb23993e7f12e4143bd3ca9966797d0ba6d779b54ea5a236ae204ab80d6c5d50196fa15e157d6658105633bd3dac3b8be30bc22c4947394e21b78f4b7f90326e94f7d7fc545437d2559a6b597f6360cbb49e7402aed50952c24348d991ad84c98aeb2446086dafbeff8600fff2be37736795f0b9d18474753fad44c82f19c27931766569e6d3d8825c2c3a501d7c80e9cc01b26618da011712aa3bb98846c971d7fed14bc23c29672854b2970a3e2ce84a85825986094847bee7d4ae5c11a71b5c4f8637cd5cd0f3f795a3b79ce961c60c008246980751b0e32bb71cfe6fdd377ca00fca09ed5ce7968b9a1b0c76839db2a4e99c0a2ab778c51a6acbf83f073b9ebfacd862f6524fba7b92e02625b14326bb9d4a34ac8e300cdb017dd08c5c54b9aba26aa321100bf52d68206538d6f4aa9697e7269bf019e9508b9c673664f3bb20b73d510b08cb24201267d57a1e8924a6fc662d80877198f8c2a7f28a5751c16c68ea05fb1bd81ab3c11e69a5452c45b4238477b2dda73fae1690ba4ce1eb29e54715040be3e8cb7228cff877a75b54ea5ac27f403e3cf57088de03290e93443733c86ad5a5de19bd17758269d0bf8784f34fb32192f3e0ce11af5bb94fc9e18bd06337e5619a474dd87848cab1e038a8299631cc9651b0fdbac10127057114479a33be28ddb77bd8b7144ec814db7becc65bff2818eae2b0c91f59e17822f0ead4d62faa092811528b335f6cc2adc118621d2e6223cf078e7ba530179bcfc5fe4fee403e380223e9292cbe20b37ec98e4ffdd245e7319eadfb34cb1a35eaea8aeb290a605f534b61d13e2d3948838f01f80c23bc33dcaa349ba7298ec8eff12541278d4c8c670f29ff120da91f788b9eeaa51f7a17e48fa239c42528f44d058a5be66c51494bd7df9fe75aca39eff14996dbaa5def55c4f73c294141e13ed616ad4f69eefd1a004d324e7af91efb5f4f95103f478924171f89aa1f8e1cdc1aec1687f092cece738ac89f78f50e45471ff173c730bf9bcbe09a023b5e125b6d821a7a5e997933e4d1e2261b4b82334fdddfa175313e9db9dbf8e2e153bad5a36283030dc06e66c3ea701a648a00ed6f61f37aacbeb33ce56a43a6bac5e17ed158f7f0a062ba100500dfe1e96997b8504a0b5303e839432979c233f84d99f6e50aacd3d111e91d6da48bd9132e827b9c547fe95935a635e9c054c21139ecef9b77150bbd237fcfe764521e50704d539f9a1debbdb06d3b895087eddeee2854d51e249f1d0620f0f69fa5d1f88f4a7dace002b9311291acaa408f8ffd83845c4dec2095d163f799ded3660c7121deaa831bf4af82f3cad81bd516d832ed9885885945054d32864efc065de2667cdce1e6754e70b36647950b9249fe712faba04b94e1ef5cf920a4daf7fde41c5c4a18852a315402c519175cfe5a607ec5442b6928879da09b38555fee20bc7e1d59f008c0e8bbb2528cc89456a5e0b5a9cba644a199cee5826092c4c829101ce3ed11f14cf3dc1bd621c9dfc6f99d414f89168ad73953fc1aad127777db799f3d0a93fcb310fb3bbbba88a993a1d918b8fdc56775623ebbbc75be61fdaa8ac07afbef0ed2cf6760fe8a11d65489c1cd6e7248cab3cec2644776db24f0aab7e51a43224ec6e4dab0d270cf6dde96e13fd5fc81210326b187bc481af68213860113223843b34dc570069ef4ed20ef3abbd8cfa4eecf22cce6fa3aec83b4cc877731a4885e6292121c0d83f585205ba218be3c7447f28d5c6368c49c661d074a5ebffc269d0f33464321c1010a97dd63edbf777704ecac28379591f91212d7f15e33d93500c6d3cecb15443e0fd424b93c582044462dbdca1a9bf5e8bd6b15c576187b6f5c4e2592b02c709428ef35d00686f0bd589646559812f24f65fb865e2d100f1518cfac1e8ee9cc174e235d5dc05011a5406fb6ed453f232c9f2df4e0aac76c1760d71fbac5bf8570741a66bb2c9b1a437e885d0fef96730106a58ce21b63c10ce933b8e236c68216011a03cfdaeb580ebf9cc8a1db004104743592ce6cdc7f78049b25a2d038521564c995195bd7259bcbdf0a5d2d3e173ba5ebbbca1a339965314999d08d2089880705b5a52faffe5803633d6502974fd57dd394bd762e1f14b13eac63f1a63e96537a4a8e6bc3ca1f6dc2b27ab2651e80fde4d27cc732aad1f0704a3f3a80efcc0f931904eb50c11d5443a40628cd3617c0935ec082004856ab06f2eedebb5bc6564e8871268f166c892d5db4d9a368a036e1df0c784f651186edcf27cafc118891fcde4f2bea77423c3093762b27e5ab5c3658d9bd0470bf97268d457679c3d4c385cab3718199c300ed0e73f57df44cb05170e55ed124865c0c7dec5785b2eeef63ac7c0e9677176f110cf6dd80466feb211ab2786e48db77e4ab283a47594f355a28fc0f3f838fbdbb4f1529783ba8f542f4a61967e5f5f2a57524a5c27ee926b83821c3a0f3543489e9a1de29b85ff98a71c43ed833197485231cfbb5656121517e33c65fcf40650a6f8345623136c5665c04855f3bbaa7bdf1e505ef8caa8834008e522a170522adb0ae685c1b4199da5c4f71f11ee73ffb767fdbcab4a57e5d03ba4c5dc904bc1dad11cd933244634dc3ff9502aade333dcc454ff5cd8a0c742aec4a11a334dfd676e7635e7b49164191ba87cfd3063931bed2c7ec6e592a1a2c2eb0564f13eabd99c60212ad95c529d5e2118a22003363bc31939a1833ce98d0ef4f8f84232e576394221c583fb71a6b23993eb1c8c24d2dc32c1911a436c328c2c32a13d5e0b048e47024a7a8296071e4b5f7f7835f5006f1f0d76c21364e5392752e329dcde78fde0954bd897d6941da83fc585bc65706f82c86577f7051a49e44e51b7a818f40a37134496635f32915bfd0d2671845ec4201510bc4d90d50bcd08c474287547d3e59ca934ad65863a0b3c6d7f891ef987aa4eee586e9d6cdc27e9698688e45d38ff163f654425b17232557763d74b2eb3c7163b83b57001f7444057de1a64399136aebd1d842c49a4afad04003798808aaac37fe4dab84cb7f00adbbb1352316f18226b0ca59501b7962a4cfa9fd24675334791d1a5a0bcf68e22c17e6e5ad26996685512459e2d61114a3b4388cf245718fb55ea2c9445269834befa863757cf8dd2b374b844c836b1dcb781c50357a3981f86d218b6bd71afd7e78fbdb674b14596a9d1e6ec3aa60ec11a266a589249a1119011418d42c7f913e4870a32d7fef8a8f27385831ce604df861b3319cea7a1d8b5c3184ff74dcf6d13d3ea54f5a8410ed137627b5298d98ef461afb9aebf30a6d5c5f1283d031271a15bc1854510ffeed920a7b2a1d4ac82d395a23440018073373ebca4b6a78e176e832413846b36c20288544910b8f80523eb5e1471cc9618a8a4d737df7c1666cd82d7e839af4411b1a67c507fde2d6cd903650e589aa580abe437b48d06c288f4661c488c585fdd7563fa3fc5e65c9b6a0ce55197d1f25741e6bf0822a78bbb044df79a3c65b0b175804d46af2d7a69862457cbb8c41bd4e2c0fdef8a155429623ffdfacbacfd6299716738163b80bf4989227b9578195e43eba06596f3bea9322b313fe3fe49889a699c10be02fab6c73aa40e08dfb803cce4f0c1a5658cd101e68d86fedc2499806e6a10807c5164a6e1dbe21bf58a52985617d7c4e96616bce71bba9af36d25773c2f432e258b28d187c697685bc37592cfc97d6f998534be8c53204369b9356cf734903356386846907241667150620d99c38a53cf43df129814274908c93abed906b7e8baf88af70be96c3fa504a43a091ccea64a0c2b4d5a09e937737aa41eb6092c2212fa89be68bb3cfbedbdc8e3cf8371391bf84467de0657b88a6452c79cb02e377cbd3da5a52e6bdb0544c347a7f4c635ab8f3d9615e5b8e8125771dc1fb8f59560edacaf9509698049b7409d4cd897a0646e802940b94623ad9f46490c5101e8042c6fe674dd9503acc9595fdcac963ccc806c06cea0d990f12d8efba178b1fbaf8b02adea2b69d97c6b043910de6916914c8ca634a9e399b847c8efec4a1e0c735c370ec4a3f55e74f03085b83a5842254a5cd9bbb7caad22153711336ae15cbae1933b7bc3c94c9573a215e85fd7c13f832fb6aba4e29c3e56c5439d7ec042120f81dedc17722dcaffe97a080e9fec38306463c4f611a373ddbdb43bd3348856f7a4df98a19a6800a22d298dcd792053b5502bcdd9b92b25753e6752923caefd52fcb25f182022c317e3d6e820a24da7b89b5ad56ef51a6b6b0129e44bc016e72ba51426049cf286374a4d80699704c7906aec2b4eb3c5bd7eaf6d340d67548f0cb37a30fc031df2f98760f8b90fb384c903a86df316fb1462d6cf9a08813a503d1b046fa9bdac0a6330ac405abafeb6f538df44f66dd3efa49ae918294f40f23980ca39f4db50220e59b78d2d14ec8182925896dbfcfc453ec9f3864f5f1e8223ca6455f7a6051222402b0748f8c243d1ea8a5699cd6b58e91a082da7719606c939ef2b0f87e2f8f242ce26d7846f4c8943f7a6e6306114d8df02f466882961d6cecf48d6eb5f1b0d7a5c699ca499c1a594e6c70e2aee8682f46008b95a4d24fa18d198def1f65756a2d524ef16fe6055d81b2116cdcf83a923e443af85a68a78918a06c98b143ff6dd53f729a9947df5643f292d47389b00924eb5dacf71fc385a1f41bb2120807ba973089d5188dc28dbaf5a1428d11aa4435e19f6a18617d9a8ac3dde6d1803b2c2ec51ab7059e4a0c112f4feb242011418c63959bfae2dbe13681fc79836db658d31a41a798d6f5d061e4f40121b31500423c9bd5c7dccbb8ea460271103d06eb3fd85ab2f30320f01fb4e86793dc7970f60f58cf697ccd4f3e86357a5705c61e5cc2e754bf6e20ac23a5ff70e5b302db1e187a410b48296d2eaaeec89dec9f59482cd5e43f6295f3d5952321fde7ac966239fc08fbfc8917c1a8c071a82d3f5417be027dc56d190994905dce7022da5057e7db130523ef0249c2c0590a18501c7b55f72b85b3e9c20aee606fe006e3947c096c4dca15a83b9f8c8216f660edcd4b8d788f90bd8d75c34a5d75f5fcabcf9f517eae0acc43b08b75a94e98cb146eb84128b2cd23349c8b5a2ea58f26768b882e5a70d8802080785883b64cfca54b6408a22652b1abcf794c25c8fa06271b44a58ef5458a4ea098d4a639a21f862b6c56ee9443cec0957ed5f5aa4864f960c39b91697bc04f20895366ab594688595a177f79bb7fd48423180336945e84c62ce37e6464e74348b33e8aed8598db717d1c47ccce1461fa64b5d1554cdd254cc9afb2c92a41190b29a6b0be074f179d710ddbc4082bfb0d6abc460c80d377a5edd4800e05a0d41b45ec608c63365132ca74ec60a635b21b47823f0133b7c414a533e1b99104a6d81fea7cb4529bbbc420005aa4ca417bc820236f074bf87a793d72364e5856dd1fe62a3032bd0b4fef099527cb5d447eabc090cb4569498c2574f7642c76b1aa9da9f75f42285c7340440b54969639bd9eeb50e23f5fd5a17d474f873612714bfdaeb809b28930e9b65663d569bcf19bacf575ca23ed1d9abe6d41b43486f49026d174c3e27e434da99fdd85ef951bd4d95893ab2143ad9fdff5eff0df27f05d08e69484d85777fbf29d8b359f5ec5619fb4832ef7b01a021b427faeefa8f537109d665c999a2ca77322b6f0742fb47f36df13cc4248c6b7a7966902e32ffbff61cbc5609a1302f249dfb991a2c6eae8a144a988e01d63e03acf4c50808dc57b3256e240255c6a7158d122b9a0ea08d88443b4310eeb89dd07fcc4b4bc4202096c8a81553f53091e37b38e8d8f50121a94ae8fcaad2f3cf333bbbaa013faa28e1d0a571983030067503b6b7d8bc2bb9f156f0f8ca44f7ae88aa2735edcd021922c88572b4814f71dcdc0638032ff7ef85f5fc14b6c6a31222868c1619dd131e6ce82f52f7712f9a984dd633637217a0cb66ef37e3c6181f478b38b2f48d58265d45976dbad72059a4505904df2c5d6f771bad690e0422b3744b276178502483fe383d0552ef3dd4bc6dcd425539eaac18a32c965a3c78cda6c1e8ba6149692b722aca43c0c1c06e53092d9ab56ca2a59fd92211d11629ff4258ec5b7911e3543b09850f66b0529c1db2172925cd6e758fdf848898441fa1cd5edf717375dac38625c2f00abfc6aead7be0b4e05a1fa544c655da62756d629c90fe4763151f13ab797e939c92acdb8bb5bb8a281b0b50f98a61ad073139fbd6d35eae9b28b7dbaa8064f72ea909e11c136ac4236a3239757b242b83de9451f139dea69b8073e4216b7f9da326ca86c94adc16070c65501fb4dcdce751655d00
IE: &Search - [You must be registered and logged in to see this link.]
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\progra~1\icq\ICQ.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\[You must be registered and logged in to see this link.]
DPF: {01113300-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - [You must be registered and logged in to see this link.]
DPF: {31435657-9980-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - [You must be registered and logged in to see this link.]
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - [You must be registered and logged in to see this link.]
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - [You must be registered and logged in to see this link.]
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - [You must be registered and logged in to see this link.]
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - [You must be registered and logged in to see this link.]
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - [You must be registered and logged in to see this link.]
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\default\applic~1\mozilla\firefox\profiles\e25uzwt3.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\default\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-26 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-22 114768]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-22 138680]
R2 EAPPkt;LevelOne EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-12-12 38144]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2008-7-25 18944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-11 47640]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-2-17 668912]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-22 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-22 352920]
S2 gupdate1ca42a8f378235a;Google Update Service (gupdate1ca42a8f378235a);c:\program files\google\update\GoogleUpdate.exe [2009-10-1 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 RTL8187B;LevelOne WNC-0301USB;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 S3GIGP;S3GIGP;c:\windows\system32\drivers\s3gigpm.sys --> c:\windows\system32\drivers\S3gIGPm.sys [?]

=============== Created Last 30 ================

2010-04-25 04:29:49 1172 ---ha-w- C:\aaw7boot.cmd
2010-04-25 04:18:27 0 d-----w- c:\program files\Spyware Doctor
2010-04-25 04:18:27 0 d-----w- c:\program files\common files\PC Tools
2010-04-24 20:24:27 25 ----a-w- c:\windows\herjek.config
2010-04-15 16:27:42 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-12 02:34:25 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-04-12 02:34:25 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-04-12 02:34:25 28984 ----a-w- c:\windows\system32\LMIport.dll
2010-04-12 02:34:19 87352 ----a-w- c:\windows\system32\LMIinit.dll
2010-04-12 02:34:17 1024 ----a-w- C:\.rnd
2010-04-12 02:34:08 0 d-----w- c:\program files\LogMeIn
2010-04-12 02:24:09 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-28 16:21:56 0 d-----w- c:\program files\common files\xing shared
2010-03-27 16:48:52 0 d-----w- c:\program files\Hotbar

==================== Find3M ====================

2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 20:41:21 69 ----a-w- c:\documents and settings\default\jagex_runescape_preferences2.dat
2010-03-04 20:38:18 0 ----a-w- c:\documents and settings\default\jagex__preferences3.dat
2010-03-04 20:34:13 41 ----a-w- c:\documents and settings\default\jagex_runescape_preferences.dat
2010-03-01 14:20:24 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-10-12 14:33:46 1236 ----a-w- c:\program files\INSTALL.LOG
2008-08-23 00:14:41 62464 --sha-w- c:\windows\system32\fusigoka.dll

============= FINISH: 0:40:40.00 ===============

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24481
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware soft trojan

Post by dreame277232 on 25th April 2010, 4:47 am

sorry if i jumped ahead but have had this issue with another type before and knew to run the dds hope that is ok

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24481
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware soft trojan

Post by dreame277232 on 25th April 2010, 5:09 am

sorry forgot i had to re-register and need to post the otl and extras logs so here they are

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24481
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware soft trojan

Post by dreame277232 on 25th April 2010, 5:09 am

OTL logfile created on: 4/25/2010 1:02:03 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 148.82 Gb Free Space | 63.91% Space Free | Partition Type: NTFS
Drive D: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEFAULT-2A526BA
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/25 01:01:29 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
PRC - [2010/04/24 16:22:57 | 000,061,696 | ---- | M] () -- C:\Documents and Settings\default\Local Settings\Application Data\asam.exe
PRC - [2010/03/28 12:21:32 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/03/01 10:20:19 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/01 10:20:19 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/18 11:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2009/11/18 11:50:32 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2009/11/18 11:50:30 | 004,269,296 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/01/21 15:19:54 | 000,092,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/25 14:34:50 | 000,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2008/07/18 14:08:22 | 001,306,624 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 08:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe


========== Modules (SafeList) ==========

MOD - [2010/04/25 01:01:29 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
MOD - [2010/03/17 16:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/02/19 00:31:16 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 03:09:59 | 002,504,280 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/rswin_3653.dll -- (Akamai)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/01 10:20:19 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/18 11:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/25 14:34:50 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/06/26 09:19:48 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/23 22:56:53 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/03/23 22:56:53 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/02/18 15:44:00 | 006,308,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/01/13 20:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 20:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 20:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 20:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 11:42:55 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MS1000.sys -- (MS1000)
DRV - [2008/01/18 16:16:28 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016obex.sys -- (a016obex)
DRV - [2008/01/18 16:16:26 | 000,110,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdm.sys -- (a016mdm)
DRV - [2008/01/18 16:16:26 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV - [2008/01/18 16:16:24 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdfl.sys -- (a016mdfl)
DRV - [2008/01/18 16:16:22 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV - [2007/11/01 02:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/17 08:12:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/10/17 21:22:00 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/login.php"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..keyword.URL: "http://hb.bingstart.com/s/?src=FF-Address&site=Bing&cfg=2-137-0-FTMV\n&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 12:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 12:25:27 | 000,000,000 | ---D | M]

[2008/10/30 20:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Mozilla\Extensions
[2010/04/25 00:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\extensions
[2009/10/26 15:01:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/20 11:07:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/20 16:50:17 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\searchplugins\icqplugin.xml
[2010/04/25 00:40:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/11/22 20:44:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [asam] C:\Documents and Settings\default\Local Settings\Application Data\asam.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [asam] C:\Documents and Settings\default\Local Settings\Application Data\asam.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla\4.0 ( File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DriveConfiguration = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LegacyDrive = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([[You must be registered and logged in to see this link.] http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} [You must be registered and logged in to see this link.] (PogoWebLauncher Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} [You must be registered and logged in to see this link.] (PowerLoader Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} [You must be registered and logged in to see this link.] (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} [You must be registered and logged in to see this link.] (MJLauncherCtrl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} [You must be registered and logged in to see this link.] (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} [You must be registered and logged in to see this link.] (CPlayFirstddfotgControl Object)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} [You must be registered and logged in to see this link.] (View22RTEv4 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} [You must be registered and logged in to see this link.] (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.255.0.130 207.255.0.131
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\default\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\default\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/05 22:55:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/01 12:23:41 | 000,000,148 | R--- | M] () - D:\AUTORUN.inf -- [ UDF ]
O32 - AutoRun File - [2007/07/03 22:32:31 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007/07/03 22:32:31 | 000,634,880 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007/07/03 22:23:42 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Madden08.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/25 01:01:28 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2010/04/25 00:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Local Settings\Application Data\Threat Expert
[2010/04/25 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/25 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/24 16:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Local Settings\Application Data\cfoheprnv
[2010/04/15 12:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/15 12:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/11 22:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010/04/11 22:34:25 | 000,083,288 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/04/11 22:34:25 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2010/04/11 22:34:25 | 000,028,984 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/04/11 22:34:19 | 000,087,352 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/04/11 22:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2010/04/11 22:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Local Settings\Application Data\Deployment
[2010/04/11 22:24:09 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys
[2010/04/11 22:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Local Settings\Application Data\LogMeIn Hamachi
[2010/04/11 22:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/03/30 13:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 13:37:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 13:37:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 13:37:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/28 12:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/27 12:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hotbar
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/25 01:01:29 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2010/04/25 01:00:17 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FD6265BC-5D6F-4D84-A120-2882DCA353A3}.job
[2010/04/25 00:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/25 00:34:39 | 000,001,172 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/04/25 00:18:41 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/25 00:18:41 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/25 00:18:40 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/25 00:13:54 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/25 00:13:51 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
[2010/04/25 00:13:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 00:13:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/25 00:13:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/25 00:12:57 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\default\NTUSER.DAT
[2010/04/25 00:12:23 | 000,000,555 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/25 00:12:23 | 000,000,294 | -HS- | M] () -- C:\boot.ini
[2010/04/25 00:12:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/24 23:50:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\default\ntuser.ini
[2010/04/24 16:24:27 | 000,000,025 | ---- | M] () -- C:\WINDOWS\herjek.config
[2010/04/24 16:22:57 | 000,061,696 | ---- | M] () -- C:\Documents and Settings\default\Local Settings\Application Data\syssvc.exe
[2010/04/24 16:22:57 | 000,061,696 | ---- | M] () -- C:\Documents and Settings\default\Local Settings\Application Data\asam.exe
[2010/04/24 13:03:34 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/23 20:39:15 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\default\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 20:38:42 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/23 09:20:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/22 21:27:02 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/22 12:15:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/22 11:49:42 | 000,551,978 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Aurora 017.jpg
[2010/04/21 23:23:35 | 000,023,985 | ---- | M] () -- C:\Documents and Settings\default\Desktop\ben.jpg
[2010/04/21 02:41:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/04/20 19:05:32 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/18 12:23:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
[2010/04/15 12:18:58 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/15 03:04:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 00:17:04 | 000,045,991 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Summer Of 2009.jpg
[2010/04/11 22:43:09 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/03/31 22:40:58 | 000,008,072 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Gay_or_Lesbian_relationships[1].rtf
[2010/03/28 12:22:23 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/03/28 12:22:16 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/03/28 12:22:06 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/03/28 12:22:06 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/03/28 12:21:34 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/25 00:29:49 | 000,001,172 | -H-- | C] () -- C:\aaw7boot.cmd
[2010/04/24 16:24:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\herjek.config
[2010/04/24 16:23:57 | 000,061,696 | ---- | C] () -- C:\Documents and Settings\default\Local Settings\Application Data\asam.exe
[2010/04/24 16:22:56 | 000,061,696 | ---- | C] () -- C:\Documents and Settings\default\Local Settings\Application Data\syssvc.exe
[2010/04/22 11:49:27 | 000,551,978 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Aurora 017.jpg
[2010/04/21 23:23:33 | 000,023,985 | ---- | C] () -- C:\Documents and Settings\default\Desktop\ben.jpg
[2010/04/15 12:28:26 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/15 00:17:03 | 000,045,991 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Summer Of 2009.jpg
[2010/04/11 22:34:17 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/03/31 22:03:14 | 000,008,072 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Gay_or_Lesbian_relationships[1].rtf
[2010/03/28 12:22:25 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
[2010/03/28 12:22:24 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
[2010/03/28 12:22:23 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/01/11 00:11:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/11/28 22:47:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hammerhead.INI
[2009/03/24 21:22:42 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\msdrve.dll
[2009/03/24 21:22:40 | 000,010,816 | ---- | C] () -- C:\WINDOWS\vmoptver.dll
[2009/03/23 22:56:53 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/03/23 22:56:53 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/03/12 19:14:20 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/03/12 19:14:17 | 000,010,287 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/03/12 19:14:01 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/02/18 15:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/02/18 15:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/02/18 15:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/02/18 15:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/12 12:32:11 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/11/23 00:34:14 | 000,030,976 | ---- | C] () -- C:\WINDOWS\rascntrl.dll
[2008/11/23 00:34:14 | 000,023,104 | ---- | C] () -- C:\WINDOWS\System32\svcprmpt.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/22 20:14:41 | 000,062,464 | -HS- | C] () -- C:\WINDOWS\System32\fusigoka.dll
[2008/04/22 17:46:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/04 20:08:44 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/04 20:08:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/29 11:42:55 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2008/02/28 10:02:04 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\rlph.dll
[2008/02/08 13:53:02 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\nsq38D.dll
[2008/02/07 18:37:23 | 000,021,699 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/06 00:00:01 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/01/31 18:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5466F106
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59BDDCD5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86FB3865
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
< End of report >

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24481
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware soft trojan

Post by dreame277232 on 25th April 2010, 5:10 am

OTL Extras logfile created on: 4/25/2010 1:02:03 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 148.82 Gb Free Space | 63.91% Space Free | Partition Type: NTFS
Drive D: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEFAULT-2A526BA
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:0.0.0.0/255.255.255.255:Disabled:DHCP Discovery Service
"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe" = C:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe:*:Enabled:Updater -- ()
"C:\Program Files\EA SPORTS\Madden NFL 08\mainapp.exe" = C:\Program Files\EA SPORTS\Madden NFL 08\mainapp.exe:*:Enabled:Madden NFL 08 -- (EA - Salt Lake)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Disabled:CyberLink PowerDVD -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Disabled:LimeWire -- (FrostWire Group)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Disabled:Nero ProductSetup -- (Nero AG)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\ToGo Game\Pearl Harbor Zero Hour\phz.exe" = C:\Program Files\ToGo Game\Pearl Harbor Zero Hour\phz.exe:*:Enabled:phz -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"D:\Installation\Setupx.exe" = D:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ -- (ICQ Inc.)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"D:\MAINAPP.EXE" = D:\MAINAPP.EXE:*:Enabled:Madden NFL 08 -- (EA - Salt Lake)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"c:\documents and settings\default\local settings\application data\asam.exe" = c:\documents and settings\default\local settings\application data\asam.exe:*:Enabled:enable -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01C51FED-7345-4FA3-8585-3A7E0DEE177E}" = Cafe Mahjongg
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{099B8AB0-8D8C-4260-8944-048BC4DF2AEB}" = Slingo Casino Pak
"{09B4AB39-BBB5-4AC6-BBB2-04D0933551A3}" = Risk II
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{12001695-DFDD-4830-8FEC-AE41350F4537}" = Mahjong Match
"{147A3730-95E1-4C78-8D25-D40F543D367D}" = Mystery Solitaire Secret Island
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18080EEE-62C4-4748-8AF6-463E27972E82}" = Pacific Heroes
"{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 19
"{285FF95D-CD8D-4912-8760-520BCCC0533D}" = Poker Pop
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2B1FAD4C-BC2D-491F-9C72-0E68FACE5E87}" = Mystic Inn
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3134052E-B1F0-465C-B320-5042095B1033}" = Nero 7 Essentials
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.11
"{318A48AA-3F88-4F48-ABE5-97EAD373A156}" = Mahjong Roadshow
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37068DD0-7134-4592-8D74-513AF19576CE}" = Swashbucks ToGo
"{37DB52D6-81CA-4A83-AB53-6CB83E3FBB20}" = Mahjongg Artifacts
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3FA757B9-AF49-4181-B118-1B2F6D1A22E4}" = Phlinx To Go
"{41726B34-34F8-4370-861B-0537AA03B71F}" = Poppit To Go
"{423BAA77-80B7-450B-B117-0D05B6256ED8}" = Super Granny 3
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46457ADB-2BC8-4A61-A3BC-73C437F116A9}" = Tumble Bees To Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C746EFE-1A04-4CBF-81F0-BF5F01866B58}" = Mahjong Quest 2
"{51A11709-4EEB-4F0A-98D2-7570AC9C5E48}" = World Class Solitaire
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CD03E9B-8CDD-4340-BFBB-226AD3855CCE}" = Saints & Sinners Bingo
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60640F82-BD49-4143-8F3C-ABAD4B3CCBA4}" = Cribbage Quest
"{63686BEF-04CA-461C-B364-53BBC322F7BF}" = Sherlock Holmes Nemesis
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F983E89-9ACD-49B8-BD70-740656C32FF9}" = XAvenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F3CCE2-11E5-4F7A-BA73-05E290111D4F}" = Dream Vacation Solitaire
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{807EE825-F479-4D56-968A-E0EB8782B35B}" = Great Escapes Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112930333}" = Lottso! Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114780403}" = Word Riot Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115189690}" = Hells Kitchen
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115286387}" = Operation Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11562057}" = PICTUREKA! MUSEUM MAYHEM
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116400883}" = Way To Go! Bowling
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116436960}" = Word Whomp( TM) Underground
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{84513064-E6B2-4A59-8D1A-D1C21C056534}" = Tiks Texas Holdem
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{909C54DD-67A4-4F67-BB7C-1C3D680FB043}" = Jewel Quest Solitaire 2
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96E8B28A-91A1-45FF-AB22-6048750F69A8}" = Pearl Harbor Zero Hour
"{978A17E2-F2CB-4B7E-93CB-EAC8348F3FC5}" = Betrapped
"{97F1B581-7E32-462B-9B2B-DA81A130CAA7}" = Luxor Mahjong
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB01C16-6499-443F-9174-88DA4DE8111A}" = slingo
"{9cf77345-ac1f-46e5-83ff-79676bee4d6b}" = RelevantKnowledge
"{9D59EBA3-372A-43A6-B8A4-FB62EE46AFCA}" = Hammerhead Pool To Go
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{A007E733-1157-42B4-ACD3-7446C8888677}" = MaddenAmp
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F8350E-8528-4A42-AE32-E7B07AE94026}" = Slingo Quest
"{C2FC2A7F-991C-4891-94D9-36103426F03D}" = Daycare Nightmare
"{C42D9736-6170-4CC9-8F4A-EE1D1EF0D4C9}" = Mahjong World
"{C61E6E4A-1089-4A8E-A56C-12117665DD46}" = Catan - The Computer Game
"{C6613692-367E-445C-B59D-8D3DEA1A5491}" = War Chess
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D074862B-6583-482E-8644-98CED1F414CD}" = 5 Realms of Cards
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D35E63FE-01DE-417C-8899-80E81F4FB5CE}" = Mahjong Escape Ancient Japan
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D56EB9B4-7E82-4BA6-B303-B22E92223DAD}" = Risk
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFE52B1B-DFF8-412C-BB32-B9FB7DDE2A76}" = Casino Island To Go
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E7B1537C-8EBF-48C5-9855-6C6C1BFFD0A8}" = Word Whomp To Go
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA3769D9-71CC-43A1-8C7D-C66BEF9E0277}" = Jewel Quest Solitaire
"{FC1C2427-5954-451C-9ED8-A92D48ED7E07}" = CSI-Hard Evidence
"{FC59446C-922E-46EC-804B-A1F5BCCA0794}" = Harvest Mania To Go
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FEC3D4D5-AC0E-4D78-81B0-C666E41E81BB}" = Word Jong To Go
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"{FFAE7076-D2CF-4A2E-8F4D-057ECDCD4BFB}" = Shape Shifter
"10 Days Under The Sea v1.00" = 10 Days Under The Sea v1.00
"7 Wonders Treasures Of Seven v1.0.0" = 7 Wonders Treasures Of Seven v1.0.0
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdssiteGames" = Adssite Games Collection
"AdssiteSocial" = Socialnetworking Helper Adssite
"Akamai" = Akamai NetSession Interface
"Alex Gordon_is1" = Alex Gordon
"Alice Greenfingers 2 v1.0.0" = Alice Greenfingers 2 v1.0.0
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"Blood Ties 1.00" = Blood Ties 1.00
"Burn My Files_is1" = Burn My Files
"BW Loader 1.79.0" = BW Loader 1.79.0
"ContextProgram" = ContextProgram
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Diner Dash Family Style v1.0.5.103o" = Diner Dash Family Style v1.0.5.103o
"Diner Dash Flo Through Time v1.0.0" = Diner Dash Flo Through Time v1.0.0
"Dr Lynch Grave Secrets_is1" = Dr Lynch Grave Secrets
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Fairy Godmother Tycoon 1.00" = Fairy Godmother Tycoon 1.00
"Fashion Solitaire 1.00" = Fashion Solitaire 1.00
"FBrowsingAdvisor_is1" = FBrowsingAdvisor
"Finders Keepers 1.00" = Finders Keepers 1.00
"FrostWire" = FrostWire 4.20.3
"Game Cam" = Game Cam 2.1
"Google Chrome" = Google Chrome
"Governor of Poker 1.00" = Governor of Poker 1.00
"HijackThis" = HijackThis 2.0.2
"Hospital Hustle v1.0.0" = Hospital Hustle v1.0.0
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Jewel Quest III 1.00" = Jewel Quest III 1.00
"Luxor Quest For The Afterlife v1.0.0" = Luxor Quest For The Afterlife v1.0.0
"Mahjongg Artifacts Chapter 2 1.00" = Mahjongg Artifacts Chapter 2 1.00
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Mystery of Unicorn Castle 1.00" = Mystery of Unicorn Castle 1.00
"Mystery PI New York v1.0.0" = Mystery PI New York v1.0.0
"Mystery Stories-Island of Hope 1.00" = Mystery Stories-Island of Hope 1.00
"National Geographic Herods Lost Tomb v1.0.0" = National Geographic Herods Lost Tomb v1.0.0
"NBC Heads Up Poker 1.00" = NBC Heads Up Poker 1.00
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PFPortChecker" = PFPortChecker 1.0.28
"Poker For Dummies 1.00" = Poker For Dummies 1.00
"Poker Superstars III 1.00" = Poker Superstars III 1.00
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.10
"RealPlayer 12.0" = RealPlayer
"Restoring Rhonda v1.0.0" = Restoring Rhonda v1.0.0
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Scrapbook Paige v1.01a" = Scrapbook Paige v1.01a
"Sherlock Holmes-The Mystery of the Persian Carpet 1.00" = Sherlock Holmes-The Mystery of the Persian Carpet 1.00
"Slingo Quest Hawaii 1.00" = Slingo Quest Hawaii 1.00
"Slingo Supreme 1.0.0.103" = Slingo Supreme 1.0.0.103
"Sweet Tooth To Go 1.1" = Sweet Tooth To Go 1.1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The Pini Society 1.00" = The Pini Society 1.00
"The Poppit Show 1.3.41o" = The Poppit Show 1.3.41o
"The Sims Carnival BumperBlast 1.00" = The Sims Carnival BumperBlast 1.00
"The Sims Carnival SnapCity 1.00" = The Sims Carnival SnapCity 1.00
"Tri Peaks 2-Quest For The Ruby Ring" = Tri Peaks 2-Quest For The Ruby Ring
"Trillian" = Trillian
"UnityWebPlayer" = Unity Web Player
"Update Service" = Update Service
"Verizon Help and Support" = Verizon Help and Support Tool
"Videora iPod Converter" = Videora iPod Converter 3.07
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 5.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zuma Deluxe RA" = Zuma Deluxe RA

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = absoƖute Poker
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/6/2009 7:54:47 AM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.] failed, 0000A413.

Error - 11/7/2009 11:01:47 AM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.]
failed, 0000A413.

Error - 11/7/2009 11:33:28 AM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.]
failed, 0000A413.

Error - 11/7/2009 1:28:50 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.] failed, 0000A413.

Error - 11/7/2009 2:17:48 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.]
failed, 0000A413.

Error - 11/7/2009 5:57:39 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.] failed, 0000A413.


Error - 11/8/2009 8:36:26 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.]
failed, 0000A413.

Error - 11/10/2009 7:31:02 AM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.]
failed, 0000A413.

Error - 11/15/2009 12:01:07 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.] failed, 0000A413.

Error - 11/17/2009 5:28:38 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
[You must be registered and logged in to see this link.] failed, 0000A413.

[ Application Events ]
Error - 3/15/2010 9:05:43 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application mainapp.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2010 12:23:28 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2010 4:41:53 PM | Computer Name = DEFAULT-2A526BA | Source = Google Update | ID = 20
Description =

Error - 3/19/2010 4:16:38 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 5:53:48 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 11:07:58 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 11:08:00 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2010 6:09:56 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/11/2010 10:23:35 PM | Computer Name = DEFAULT-2A526BA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 4/14/2010 2:33:46 AM | Computer Name = DEFAULT-2A526BA | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting
module ycpfoundation.dll, version 9.0.0.54871, fault address 0x00026cf0.

[ System Events ]
Error - 4/24/2010 11:52:09 PM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/24/2010 11:53:18 PM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 4/24/2010 11:53:44 PM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 4/25/2010 12:00:23 AM | Computer Name = DEFAULT-2A526BA | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer WebEx Document Loader share
name Printer.

Error - 4/25/2010 12:00:29 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/25/2010 12:09:04 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/25/2010 12:14:24 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/25/2010 12:31:21 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/25/2010 12:31:51 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 4/25/2010 12:31:51 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053


< End of report >

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24481
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware soft trojan

Post by dreame277232 on 25th April 2010, 5:13 am

ok i unticked the tssd.exe files in startup so that i could get on the internet otherwise i couldnt surf i also had to untick use a proxy server for LAN in internet options this dang thing is driving me nuts son picked it up today i think keeps using the scare tactic of infection found blah blah blah just really need this fixed so husband can go to his work site and check on work....am a little afraid to go anywhere banking, work, etc. so would really appreciate a fast response if possible...thank you in advance Smile

dreame277232
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-04-25
OS OS : windows xp
Points Points : 24481
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antispyware soft trojan

Post by Belahzur on 25th April 2010, 9:06 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [asam] C:\Documents and Settings\default\Local Settings\Application Data\asam.exe ()
    O4 - HKCU..\Run: [asam] C:\Documents and Settings\default\Local Settings\Application Data\asam.exe ()
    [2010/04/24 16:23:57 | 000,061,696 | ---- | C] () -- C:\Documents and Settings\default\Local Settings\Application Data\asam.exe
    [2010/04/24 16:22:56 | 000,061,696 | ---- | C] () -- C:\Documents and Settings\default\Local Settings\Application Data\syssvc.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved aimmediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum