Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Help!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please Help!!!

Unread postby MatthewV » March 27th, 2010, 12:41 pm

Hi Dakeyras, thanks for assisting me, I'll try my best not to make it difficult for you.
MatthewV
Regular Member
 
Posts: 27
Joined: March 3rd, 2010, 10:53 pm
Advertisement
Register to Remove

Re: Please Help!!!

Unread postby Dakeyras » March 27th, 2010, 7:39 pm

Hi. :)

Hi Dakeyras, thanks for assisting me, I'll try my best not to make it difficult for you.
You're welcome!

I see from researching the prior logs your machine is compromised and a reformat and reinstallation of the Windows operating system was advised. My humble opinion is this is still the most prudent course of action.

The actual Internet Explorer in use is badly out of date and so is the Service Pack, these salient facts plus the prior use of Peer to Peer applications undoubtedly were one of the vectors for malware to gain a foothold.

OK I am prepared to try and attempt to clean your machine but if I deem the situation a lost cause I will advise the only course of action is a reformat and reinstallation of the Windows operating system. So lets proceed as follows shall we:-

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract it to the Desktop.

From within the newly created tdsskiller folder move TDSSKiller.exe to the desktop and delete the tdsskiller folder.

Click on Start >> Run... >> copy in the following text, and press Enter:
Code: Select all
"%userprofile%\desktop\TDSSKiller.exe" -l report.txt -v
A Command Window will appear, follow the prompts.
There will be a log on your desktop when the scan is completed with the name report.
Copy and paste the contents of this log into your next reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Please Help!!!

Unread postby MatthewV » March 28th, 2010, 10:43 pm

Here is the log...

19:41:42:937 3284 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
19:41:42:937 3284 ================================================================================
19:41:42:937 3284 SystemInfo:

19:41:42:937 3284 OS Version: 5.1.2600 ServicePack: 2.0
19:41:42:937 3284 Product type: Workstation
19:41:42:937 3284 ComputerName: LIFEBOOK
19:41:42:937 3284 UserName: Administrator
19:41:42:937 3284 Windows directory: C:\WINDOWS
19:41:42:937 3284 Processor architecture: Intel x86
19:41:42:937 3284 Number of processors: 2
19:41:42:937 3284 Page size: 0x1000
19:41:42:937 3284 Boot type: Normal boot
19:41:42:937 3284 ================================================================================
19:41:42:953 3284 UnloadDriverW: NtUnloadDriver error 2
19:41:42:953 3284 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
19:41:43:015 3284 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
19:41:43:031 3284 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:41:43:031 3284 wfopen_ex: Trying to KLMD file open
19:41:43:031 3284 wfopen_ex: File opened ok (Flags 2)
19:41:43:031 3284 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
19:41:43:031 3284 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:41:43:031 3284 wfopen_ex: Trying to KLMD file open
19:41:43:031 3284 wfopen_ex: File opened ok (Flags 2)
19:41:43:031 3284 Initialize success
19:41:43:031 3284
19:41:43:031 3284 Scanning Services ...
19:41:43:109 3284 Raw services enum returned 357 services
19:41:43:125 3284
19:41:43:125 3284 Scanning Kernel memory ...
19:41:43:125 3284 Devices to scan: 3
19:41:43:125 3284
19:41:43:125 3284 Driver Name: Disk
19:41:43:125 3284 IRP_MJ_CREATE : BA8EEC30
19:41:43:125 3284 IRP_MJ_CREATE_NAMED_PIPE : 804F4544
19:41:43:125 3284 IRP_MJ_CLOSE : BA8EEC30
19:41:43:125 3284 IRP_MJ_READ : BA8E8D9B
19:41:43:125 3284 IRP_MJ_WRITE : BA8E8D9B
19:41:43:125 3284 IRP_MJ_QUERY_INFORMATION : 804F4544
19:41:43:125 3284 IRP_MJ_SET_INFORMATION : 804F4544
19:41:43:125 3284 IRP_MJ_QUERY_EA : 804F4544
19:41:43:125 3284 IRP_MJ_SET_EA : 804F4544
19:41:43:125 3284 IRP_MJ_FLUSH_BUFFERS : BA8E9366
19:41:43:125 3284 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4544
19:41:43:125 3284 IRP_MJ_SET_VOLUME_INFORMATION : 804F4544
19:41:43:125 3284 IRP_MJ_DIRECTORY_CONTROL : 804F4544
19:41:43:125 3284 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4544
19:41:43:125 3284 IRP_MJ_DEVICE_CONTROL : BA8E944D
19:41:43:125 3284 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA8ECFC3
19:41:43:125 3284 IRP_MJ_SHUTDOWN : BA8E9366
19:41:43:125 3284 IRP_MJ_LOCK_CONTROL : 804F4544
19:41:43:125 3284 IRP_MJ_CLEANUP : 804F4544
19:41:43:125 3284 IRP_MJ_CREATE_MAILSLOT : 804F4544
19:41:43:125 3284 IRP_MJ_QUERY_SECURITY : 804F4544
19:41:43:125 3284 IRP_MJ_SET_SECURITY : 804F4544
19:41:43:125 3284 IRP_MJ_POWER : BA8EAEF3
19:41:43:125 3284 IRP_MJ_SYSTEM_CONTROL : BA8EFA24
19:41:43:125 3284 IRP_MJ_DEVICE_CHANGE : 804F4544
19:41:43:125 3284 IRP_MJ_QUERY_QUOTA : 804F4544
19:41:43:125 3284 IRP_MJ_SET_QUOTA : 804F4544
19:41:43:187 3284 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
19:41:43:187 3284
19:41:43:187 3284 Driver Name: Disk
19:41:43:187 3284 IRP_MJ_CREATE : BA8EEC30
19:41:43:187 3284 IRP_MJ_CREATE_NAMED_PIPE : 804F4544
19:41:43:187 3284 IRP_MJ_CLOSE : BA8EEC30
19:41:43:187 3284 IRP_MJ_READ : BA8E8D9B
19:41:43:187 3284 IRP_MJ_WRITE : BA8E8D9B
19:41:43:187 3284 IRP_MJ_QUERY_INFORMATION : 804F4544
19:41:43:187 3284 IRP_MJ_SET_INFORMATION : 804F4544
19:41:43:187 3284 IRP_MJ_QUERY_EA : 804F4544
19:41:43:187 3284 IRP_MJ_SET_EA : 804F4544
19:41:43:187 3284 IRP_MJ_FLUSH_BUFFERS : BA8E9366
19:41:43:187 3284 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4544
19:41:43:187 3284 IRP_MJ_SET_VOLUME_INFORMATION : 804F4544
19:41:43:187 3284 IRP_MJ_DIRECTORY_CONTROL : 804F4544
19:41:43:187 3284 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4544
19:41:43:187 3284 IRP_MJ_DEVICE_CONTROL : BA8E944D
19:41:43:187 3284 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA8ECFC3
19:41:43:187 3284 IRP_MJ_SHUTDOWN : BA8E9366
19:41:43:187 3284 IRP_MJ_LOCK_CONTROL : 804F4544
19:41:43:187 3284 IRP_MJ_CLEANUP : 804F4544
19:41:43:187 3284 IRP_MJ_CREATE_MAILSLOT : 804F4544
19:41:43:187 3284 IRP_MJ_QUERY_SECURITY : 804F4544
19:41:43:187 3284 IRP_MJ_SET_SECURITY : 804F4544
19:41:43:187 3284 IRP_MJ_POWER : BA8EAEF3
19:41:43:187 3284 IRP_MJ_SYSTEM_CONTROL : BA8EFA24
19:41:43:187 3284 IRP_MJ_DEVICE_CHANGE : 804F4544
19:41:43:187 3284 IRP_MJ_QUERY_QUOTA : 804F4544
19:41:43:187 3284 IRP_MJ_SET_QUOTA : 804F4544
19:41:43:187 3284 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
19:41:43:187 3284
19:41:43:187 3284 Driver Name: iaStor
19:41:43:187 3284 IRP_MJ_CREATE : BA644186
19:41:43:187 3284 IRP_MJ_CREATE_NAMED_PIPE : 804F4544
19:41:43:187 3284 IRP_MJ_CLOSE : BA644186
19:41:43:187 3284 IRP_MJ_READ : 804F4544
19:41:43:187 3284 IRP_MJ_WRITE : 804F4544
19:41:43:187 3284 IRP_MJ_QUERY_INFORMATION : 804F4544
19:41:43:187 3284 IRP_MJ_SET_INFORMATION : 804F4544
19:41:43:187 3284 IRP_MJ_QUERY_EA : 804F4544
19:41:43:187 3284 IRP_MJ_SET_EA : 804F4544
19:41:43:187 3284 IRP_MJ_FLUSH_BUFFERS : 804F4544
19:41:43:187 3284 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4544
19:41:43:187 3284 IRP_MJ_SET_VOLUME_INFORMATION : 804F4544
19:41:43:187 3284 IRP_MJ_DIRECTORY_CONTROL : 804F4544
19:41:43:187 3284 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4544
19:41:43:187 3284 IRP_MJ_DEVICE_CONTROL : BA647896
19:41:43:187 3284 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA647B58
19:41:43:187 3284 IRP_MJ_SHUTDOWN : 804F4544
19:41:43:187 3284 IRP_MJ_LOCK_CONTROL : 804F4544
19:41:43:187 3284 IRP_MJ_CLEANUP : 804F4544
19:41:43:187 3284 IRP_MJ_CREATE_MAILSLOT : 804F4544
19:41:43:187 3284 IRP_MJ_QUERY_SECURITY : 804F4544
19:41:43:187 3284 IRP_MJ_SET_SECURITY : 804F4544
19:41:43:187 3284 IRP_MJ_POWER : BA64CE66
19:41:43:187 3284 IRP_MJ_SYSTEM_CONTROL : BA64CFC6
19:41:43:187 3284 IRP_MJ_DEVICE_CHANGE : 804F4544
19:41:43:187 3284 IRP_MJ_QUERY_QUOTA : 804F4544
19:41:43:187 3284 IRP_MJ_SET_QUOTA : 804F4544
19:41:43:328 3284 C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: 1
19:41:43:328 3284
19:41:43:328 3284 Completed
19:41:43:328 3284
19:41:43:328 3284 Results:
19:41:43:328 3284 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
19:41:43:328 3284 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:41:43:328 3284 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:41:43:328 3284
19:41:43:343 3284 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
19:41:43:343 3284 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
19:41:43:343 3284 KLMD(ARK) unloaded successfully
MatthewV
Regular Member
 
Posts: 27
Joined: March 3rd, 2010, 10:53 pm

Re: Please Help!!!

Unread postby Dakeyras » March 29th, 2010, 5:54 am

Hi. :)

Reset Host File:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
Code: Select all
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Image

Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • Malwarebytes' Anti-MalwareLog.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Please Help!!!

Unread postby MatthewV » March 29th, 2010, 8:55 pm

Hi, this machine is currently doing very fine. It no longer crashes or lags. Also, my search pages are no longer being redirected. I cannot detect any further recurring symptoms.

Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2010-3-29 17:41:30
mbam-log-2010-03-29 (17-41-30).txt

Scan type: Quick scan
Objects scanned: 102623
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpyware Pro (Rogue.AntiSpywarePro) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\LocalService32 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\LocalService32\41.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService32\48.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService32\48.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService32\49.music.snd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService32\49.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService32\50.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService32\51.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService32\52.keymaker.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService32\53.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService32\54.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService32\55.unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\.security (Rogue.Multiple) -> Quarantined and deleted successfully.


Here is the new RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-29 17:54:06
Microsoft Windows XP Professional Service Pack 2
System drive C: has 63 GB (56%) free of 113 GB
Total RAM: 2038 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:21, on 2010-3-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
C:\WINDOWS\V0540Mon.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: TV Net Toolbar - {dc89854f-22db-4380-a6be-27c10f101d44} - C:\Program Files\TV_Net\tbTV_1.dll
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBIEBuddy - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: TV Net Toolbar - {dc89854f-22db-4380-a6be-27c10f101d44} - C:\Program Files\TV_Net\tbTV_1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: TV Net Toolbar - {dc89854f-22db-4380-a6be-27c10f101d44} - C:\Program Files\TV_Net\tbTV_1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Live! Central] "C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" /mode2
O4 - HKLM\..\Run: [V0540Mon.exe] C:\WINDOWS\V0540Mon.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Google Pinyin 2 Autoupdater] "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=zh-CN
O4 - HKCU\..\Run: [UpdateFlow.Verizon] C:\Program Files\Verizon\McciBrowser.exe -AppKey=Verizon -URL=file://C:\Program Files\Verizon\OfflineUpdate\redirector.htm
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.3; Avant Browser; .NET CLR 1.1.4322; .NET CLR 2.0.50727; CIBA; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Creative AutoUpdate v1.10.10)" -"http://www.cartoonnetwork.com/games/eds/totheedstreme/index.html"
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: 1è?è?eé?′ê°?o?×÷°?.lnk
O4 - Global Startup: 谷歌金山词霸合作版.lnk = C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: 写入日志 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 在 Windows Live Writer 中写入日志(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 金山词霸浏览器栏 - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O9 - Extra 'Tools' menuitem: 金山词霸浏览器栏 - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCo ... taller.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 13665 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-15 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2009-12-01 111976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A412E581-59B2-485E-834F-C5F0C0268C79}]
CBBrowerBuddy Class - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll [2008-09-27 183408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-05 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-06 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2010-01-26 1303888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc89854f-22db-4380-a6be-27c10f101d44}]
TV Net Toolbar - C:\Program Files\TV_Net\tbTV_1.dll [2010-02-17 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-15 878352]

{dc89854f-22db-4380-a6be-27c10f101d44} - TV Net Toolbar - C:\Program Files\TV_Net\tbTV_1.dll [2010-02-17 2349080]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-05 279664]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2010-01-26 1303888]
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-12-31 2349080]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-02 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-02 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-08 794713]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2006-07-12 90112]
"LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2006-11-17 80688]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2005-11-01 242688]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2005-11-01 61440]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-28 89541]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"SpiralFrog"=C:\Program Files\SpiralFrog\Spiralfrog.exe [2008-10-21 204088]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]
"Live! Central"=C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe [2008-05-08 438399]
"V0540Mon.exe"=C:\WINDOWS\V0540Mon.exe [2008-03-03 28672]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2010-03-17 1565696]
"VerizonServicepoint.exe"=C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2009-03-12 2303216]
"Google Pinyin 2 Autoupdater"=C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2010-02-05 1193456]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-01-19 18790432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-14 39408]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"Aim"=C:\Program Files\AIM\aim.exe [2010-03-08 3972440]
"UpdateFlow.Verizon"=C:\Program Files\Verizon\McciBrowser.exe [2010-03-17 1048576]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2009-05-28 2356088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [2009-06-05 468408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
1è?è?eé?′ê°?o?×÷°?.lnk - C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe
谷歌金山词霸合作版.lnk - C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-28 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-02 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-03-29 17:31:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2010-03-29 17:31:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-29 17:31:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-29 17:22:48 ----SHD---- C:\RECYCLER
2010-03-28 19:39:09 ----A---- C:\TDSSKiller.2.2.8.1_28.03.2010_19.39.09_log.txt
2010-03-28 19:37:30 ----A---- C:\TDSSKiller.2.2.8.1_28.03.2010_19.37.30_log.txt
2010-03-25 17:17:13 ----D---- C:\Program Files\Common Files\Software Update Utility
2010-03-22 19:50:48 ----SD---- C:\ComboFix
2010-03-17 16:44:02 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2010-03-17 16:42:58 ----D---- C:\Program Files\Microsoft Sync Framework
2010-03-17 16:42:18 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-03-17 16:42:07 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-03-17 16:41:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2010-03-15 19:26:54 ----D---- C:\Program Files\DVDVideoSoft
2010-03-15 19:26:54 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-03-11 23:06:45 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-03-11 23:06:45 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-03-11 23:06:35 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-03-11 23:06:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-03-11 23:06:25 ----D---- C:\WINDOWS\Logs
2010-03-11 23:06:25 ----D---- C:\Program Files\Heroes of Newerth
2010-03-10 18:26:51 ----D---- C:\WINDOWS\temp
2010-03-10 18:12:32 ----A---- C:\Boot.bak
2010-03-10 18:12:27 ----RASHD---- C:\cmdcons
2010-03-10 18:09:25 ----A---- C:\WINDOWS\zip.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\SWSC.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\SWREG.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\sed.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\PEV.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\MBR.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\grep.exe
2010-03-10 18:09:14 ----D---- C:\WINDOWS\ERDNT
2010-03-10 18:09:02 ----D---- C:\Qoobox
2010-03-09 22:37:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-09 20:50:45 ----D---- C:\rsit
2010-03-07 16:09:05 ----D---- C:\Program Files\AIM Toolbar
2010-03-07 16:09:05 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
2010-03-07 16:08:56 ----D---- C:\Documents and Settings\Administrator\Application Data\acccore
2010-03-07 16:08:25 ----D---- C:\Program Files\AIM Search
2010-03-07 16:08:25 ----D---- C:\Documents and Settings\All Users\Application Data\AIM
2010-03-07 16:08:19 ----D---- C:\Program Files\AIM
2010-03-07 16:08:16 ----D---- C:\Program Files\Common Files\AOL

======List of files/folders modified in the last 1 months======

2010-03-29 17:47:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-29 17:46:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2010-03-29 17:45:27 ----D---- C:\Program Files\SpiralFrog
2010-03-29 17:44:43 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2010-03-29 17:44:15 ----D---- C:\WINDOWS
2010-03-29 17:43:13 ----D---- C:\WINDOWS\system32\drivers
2010-03-29 17:42:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-29 17:41:30 ----D---- C:\WINDOWS\system32
2010-03-29 17:31:25 ----D---- C:\Program Files
2010-03-29 17:25:39 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2010-03-29 17:08:09 ----D---- C:\Program Files\Avant Browser
2010-03-28 13:18:11 ----D---- C:\$AVG8.VAULT$
2010-03-28 12:36:25 ----D---- C:\Program Files\Garena
2010-03-26 17:13:51 ----D---- C:\Program Files\World of Warcraft
2010-03-25 17:17:13 ----D---- C:\Program Files\Common Files
2010-03-24 20:54:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-22 20:55:47 ----D---- C:\Program Files\DivX
2010-03-22 19:54:31 ----D---- C:\WINDOWS\AppPatch
2010-03-22 17:37:20 ----D---- C:\Program Files\Verizon
2010-03-21 23:23:56 ----SHD---- C:\WINDOWS\Installer
2010-03-21 23:23:56 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-03-21 23:23:56 ----D---- C:\Config.Msi
2010-03-21 23:23:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-03-21 23:05:54 ----D---- C:\Program Files\Common Files\Motive
2010-03-17 21:08:30 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-17 21:07:29 ----RSD---- C:\WINDOWS\assembly
2010-03-17 17:09:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-17 16:44:03 ----D---- C:\Program Files\Common Files\System
2010-03-17 16:43:52 ----HD---- C:\WINDOWS\inf
2010-03-17 16:43:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-17 16:43:26 ----D---- C:\Program Files\Windows Live
2010-03-17 16:42:59 ----D---- C:\WINDOWS\WinSxS
2010-03-17 16:42:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-17 16:42:19 ----D---- C:\WINDOWS\system32\DirectX
2010-03-10 18:37:54 ----SD---- C:\WINDOWS\Tasks
2010-03-10 18:33:48 ----A---- C:\WINDOWS\system.ini
2010-03-10 18:27:29 ----D---- C:\WINDOWS\system32\config
2010-03-10 18:12:32 ----RASH---- C:\boot.ini
2010-03-10 18:08:53 ----D---- C:\WINDOWS\Prefetch
2010-03-09 22:38:54 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-03-09 22:37:13 ----A---- C:\WINDOWS\imsins.BAK
2010-03-09 22:37:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-09 22:37:06 ----D---- C:\Program Files\Movie Maker
2010-03-09 22:36:47 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-03 18:09:44 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2010-03-01 22:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-28 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-10 108552]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-28 1160320]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-03-22 488992]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-01 161792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-02 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-01-19 5818400]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual; C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-08 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-04-09 59392]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys [2008-05-07 145952]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ESC3F.tmp []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-04-19 99200]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 V0540Afx;Creative Camera VF0540 Audio Effects Driver; C:\WINDOWS\system32\DRIVERS\V0540Afx.sys [2008-02-14 160256]
S3 V0540Dev;Creative Camera VF0540 Driver; C:\WINDOWS\system32\DRIVERS\V0540Vid.sys [2008-04-27 272512]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-03-17 319488]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe [2010-03-12 261632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live 家庭安全设置服务; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-14 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------

Thank you. :D
MatthewV
Regular Member
 
Posts: 27
Joined: March 3rd, 2010, 10:53 pm

Re: Please Help!!!

Unread postby Dakeyras » March 30th, 2010, 3:21 am

Hi. :)

Hi, this machine is currently doing very fine. It no longer crashes or lags. Also, my search pages are no longer being redirected. I cannot detect any further recurring symptoms.
OK thanks for the update.

Thank you. :D
You're welcome!

Take your time with the below. After this we will still have some way to go with the malware removal process and I advise you see this through until I give the all clear. :thumbup:

Note: For the time being limit online activity to a minimal if possible. Do not install any new software and or make any changes to the computer unless advised to by myself, thank you.

Upload a Suspicious File:

Note: Internet Explorer is the browser to use for best results.

  • Please go to VirSCAN.org free on-line scan service.
  • Copy and paste the following file path into the "Suspicious files to scan" box at the top of the page:


    C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply. (Ctrl & V)

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 8.1.2
DVDVideoSoft Toolbar
Java(TM) 6 Update 2
Java(TM) 6 Update 3
LiveUpdate 3.2 (Symantec Corporation)
TV_Net Toolbar


To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Next:

Please download OTM to your Desktop.

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dc89854f-22db-4380-a6be-27c10f101d44}"=-
[-HKEY_CLASSES_ROOT\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"=-
[-HKEY_CLASSES_ROOT\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc89854f-22db-4380-a6be-27c10f101d44}]
[-HKEY_CLASSES_ROOT\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[-HKEY_CLASSES_ROOT\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dc89854f-22db-4380-a6be-27c10f101d44}"=-
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"=-
[-HKEY_CLASSES_ROOT\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}]
[-HKEY_CLASSES_ROOT\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
[-HKEY_CLASSES_ROOT\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345}]
[-HKEY_CLASSES_ROOT\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}]

:Files
C:\Program Files\DVDVideoSoft
C:\Program Files\TV_Net
C:\Program Files\Common Files\DVDVideoSoft
C:\Program Files\Common Files\Symantec Shared
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\WildTangent

:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • File Submission Results.
  • OTM Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Please Help!!!

Unread postby MatthewV » March 30th, 2010, 9:29 pm

Hi, this machine is still doing fine. I've detected no problems so far.

Here is the scan results for "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll"

VirSCAN.org Scanned Report :
Scanned time : 2009/12/27 19:33:00 (PST)
Scanner results: Scanners did not find malware!
File Name : GoogleToolbar_32.dll
File Size : 279664 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : ce18bafcf08340ac9a31044b86fa5fed
SHA1 : aeab8d164b4f60ae7fd3166e953ba9bb60751957
Online report : http://virscan.org/report/15af685b671ec ... 29897.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091228020243 2009-12-28 4.18 -
AhnLab V3 2009.12.26.00 2009.12.26 2009-12-26 1.30 -
AntiVir 8.2.1.122 7.10.2.76 2009-12-28 0.31 -
Antiy 2.0.18 20091228.3543253 2009-12-28 0.12 -
Arcavir 2009 200912270015 2009-12-27 0.10 -
Authentium 5.1.1 200912280133 2009-12-28 1.96 -
AVAST! 4.7.4 091227-1 2009-12-27 0.02 -
AVG 8.5.288 270.14.121/2589 2009-12-27 0.36 -
BitDefender 7.81008.4789889 7.29644 2009-12-28 4.17 -
CA (VET) 35.1.0 7197 2009-12-24 5.12 -
ClamAV 0.95.2 10225 2009-12-27 0.06 -
Comodo 3.13 3390 2009-12-28 0.92 -
CP Secure 1.3.0.5 2009.12.28 2009-12-28 0.08 -
Dr.Web 4.44.0.9170 2009.12.27 2009-12-27 8.10 -
F-Prot 4.4.4.56 20091227 2009-12-27 2.20 -
F-Secure 7.02.73807 2009.12.28.03 2009-12-28 9.31 -
Fortinet 11.315- 11.315 2009-12-27 0.19 -
GData 19.9579/19.647 20091228 2009-12-28 7.22 -
ViRobot 20091226 2009.12.26 2009-12-26 0.41 -
Ikarus T3.1.01.79 2009.12.28.74845 2009-12-28 4.22 -
JiangMin 13.0.900 2009.12.27 2009-12-27 5.26 -
Kaspersky 5.5.10 2009.12.28 2009-12-28 0.11 -
KingSoft 2009.2.5.15 2009.12.27.22 2009-12-27 0.66 -
McAfee 5.3.00 5844 2009-12-27 3.32 -
Microsoft 1.5302 2009.12.28 2009-12-28 6.60 -
Norman 6.01.09 6.01.00 2009-12-26 4.00 -
Panda 9.05.01 2009.12.27 2009-12-27 2.45 -
Trend Micro 9.000-1003 6.724.07 2009-12-28 0.06 -
Quick Heal 10.00 2009.12.26 2009-12-26 1.35 -
Rising 20.0 22.28.00.01 2009-12-28 1.10 -
Sophos 3.03.0 4.49 2009-12-28 2.75 -
Sunbelt 3.9.2388.2 5584 2009-12-27 2.14 -
Symantec 1.3.0.24 20091227.004 2009-12-27 0.06 -
nProtect 20091228.01 6724572 2009-12-28 4.28 -
The Hacker 6.5.0.3 v00115 2009-12-27 0.78 -
VBA32 3.12.12.0 20091225.2239 2009-12-25 2.36 -
VirusBuster 4.5.11.10 10.118.11/2003832 2009-12-27 2.48 -

I've removed all the listed items except "LiveUpdate 3.2 (Symantec Corporation)" which was not present in the list of programs. I'll have the OTM and new RSIT log posted soon.
MatthewV
Regular Member
 
Posts: 27
Joined: March 3rd, 2010, 10:53 pm

Re: Please Help!!!

Unread postby MatthewV » March 30th, 2010, 9:44 pm

Here is the OTM log...

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{dc89854f-22db-4380-a6be-27c10f101d44} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc89854f-22db-4380-a6be-27c10f101d44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{dc89854f-22db-4380-a6be-27c10f101d44} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc89854f-22db-4380-a6be-27c10f101d44}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990301-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3C9D-426D-81DF-AAB636FA4345}\ not found.
========== FILES ==========
File/Folder C:\Program Files\DVDVideoSoft not found.
File/Folder C:\Program Files\TV_Net not found.
C:\Program Files\Common Files\DVDVideoSoft\Dll folder moved successfully.
C:\Program Files\Common Files\DVDVideoSoft folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\latest-hub-webauth.sql folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymcData folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SPManifests folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Help folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\COH folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Shared folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\zoovet folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\xangotango folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\wonderpetssavethepuppy folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\wildtribe folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\WebDriverConfig folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\wanderingwillows folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\virtualfamilies folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\UserLog folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\turtleodyssey folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\totemtribe folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\thepriceisright folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\thegameoflife folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\tastyplanet folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\spongebobobstacleodyssey2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\saintsandsinnersbingo folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\poshboutique folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\pollypridepetdetective folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\polartubing folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\pizzafrenzy folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\passporttoperfume folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\ouba folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\kuros folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\krabbyquest folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\igglepopdeluxe folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\geneforge3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\gardendreams folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\GameData folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\flowerparadise folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\fishtycoon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\fishingcraze folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\fishdom folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\fashiondash folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\farmfrenzy folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\fairlyoddroachrampage folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\escapefromparadise2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\eets folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\dressuprush folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\doracandyland folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\doggiedash folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\cookingacademy2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\cookingacademy folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\butterflyescape folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\birdsonawire folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 23924552 bytes
->Temporary Internet Files folder emptied: 339419353 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2198 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49635 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 347.00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 03302010_183451

Files moved on Reboot...
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFBF8.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_ae4.dat moved successfully.

Registry entries deleted on Reboot...


Here is the new RSIT log...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-30 18:42:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 63 GB (56%) free of 113 GB
Total RAM: 2038 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:57, on 2010-3-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\SpiralFrog\Spiralfrog.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
C:\WINDOWS\V0540Mon.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBIEBuddy - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Live! Central] "C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" /mode2
O4 - HKLM\..\Run: [V0540Mon.exe] C:\WINDOWS\V0540Mon.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Google Pinyin 2 Autoupdater] "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=zh-CN
O4 - HKCU\..\Run: [UpdateFlow.Verizon] C:\Program Files\Verizon\McciBrowser.exe -AppKey=Verizon -URL=file://C:\Program Files\Verizon\OfflineUpdate\redirector.htm
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.3; Avant Browser; .NET CLR 1.1.4322; .NET CLR 2.0.50727; CIBA; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Creative AutoUpdate v1.10.10)" -"http://www.cartoonnetwork.com/games/eds/totheedstreme/index.html"
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: 1è?è?eé?′ê°?o?×÷°?.lnk
O4 - Global Startup: 谷歌金山词霸合作版.lnk = C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: 写入日志 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 在 Windows Live Writer 中写入日志(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 金山词霸浏览器栏 - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O9 - Extra 'Tools' menuitem: 金山词霸浏览器栏 - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCo ... taller.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 11980 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-15 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2009-12-01 111976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A412E581-59B2-485E-834F-C5F0C0268C79}]
CBBrowerBuddy Class - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll [2008-09-27 183408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-05 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-06 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2010-01-26 1303888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-15 878352]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-05 279664]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2010-01-26 1303888]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-02 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-02 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-08 794713]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2006-07-12 90112]
"LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2006-11-17 80688]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2005-11-01 242688]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2005-11-01 61440]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-28 89541]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"SpiralFrog"=C:\Program Files\SpiralFrog\Spiralfrog.exe [2008-10-21 204088]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]
"Live! Central"=C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe [2008-05-08 438399]
"V0540Mon.exe"=C:\WINDOWS\V0540Mon.exe [2008-03-03 28672]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2010-03-17 1565696]
"VerizonServicepoint.exe"=C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2009-03-12 2303216]
"Google Pinyin 2 Autoupdater"=C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2010-02-05 1193456]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-01-19 18790432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-14 39408]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"Aim"=C:\Program Files\AIM\aim.exe [2010-03-08 3972440]
"UpdateFlow.Verizon"=C:\Program Files\Verizon\McciBrowser.exe [2010-03-17 1048576]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [2009-06-05 468408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
1è?è?eé?′ê°?o?×÷°?.lnk - C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe
谷歌金山词霸合作版.lnk - C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-28 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-02 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-03-30 18:34:51 ----D---- C:\_OTM
2010-03-30 18:31:32 ----D---- C:\Program Files\ERUNT
2010-03-29 17:31:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2010-03-29 17:31:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-29 17:31:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-29 17:22:48 ----SHD---- C:\RECYCLER
2010-03-28 19:39:09 ----A---- C:\TDSSKiller.2.2.8.1_28.03.2010_19.39.09_log.txt
2010-03-28 19:37:30 ----A---- C:\TDSSKiller.2.2.8.1_28.03.2010_19.37.30_log.txt
2010-03-25 17:17:13 ----D---- C:\Program Files\Common Files\Software Update Utility
2010-03-22 19:50:48 ----SD---- C:\ComboFix
2010-03-17 16:44:02 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2010-03-17 16:42:58 ----D---- C:\Program Files\Microsoft Sync Framework
2010-03-17 16:42:18 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-03-17 16:42:07 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-03-17 16:41:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2010-03-11 23:06:45 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-03-11 23:06:45 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-03-11 23:06:35 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-03-11 23:06:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-03-11 23:06:25 ----D---- C:\WINDOWS\Logs
2010-03-11 23:06:25 ----D---- C:\Program Files\Heroes of Newerth
2010-03-10 18:26:51 ----D---- C:\WINDOWS\temp
2010-03-10 18:12:32 ----A---- C:\Boot.bak
2010-03-10 18:12:27 ----RASHD---- C:\cmdcons
2010-03-10 18:09:25 ----A---- C:\WINDOWS\zip.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\SWSC.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\SWREG.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\sed.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\PEV.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\MBR.exe
2010-03-10 18:09:25 ----A---- C:\WINDOWS\grep.exe
2010-03-10 18:09:14 ----D---- C:\WINDOWS\ERDNT
2010-03-10 18:09:02 ----D---- C:\Qoobox
2010-03-09 22:37:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-09 20:50:45 ----D---- C:\rsit
2010-03-07 16:09:05 ----D---- C:\Program Files\AIM Toolbar
2010-03-07 16:09:05 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
2010-03-07 16:08:56 ----D---- C:\Documents and Settings\Administrator\Application Data\acccore
2010-03-07 16:08:25 ----D---- C:\Program Files\AIM Search
2010-03-07 16:08:25 ----D---- C:\Documents and Settings\All Users\Application Data\AIM
2010-03-07 16:08:19 ----D---- C:\Program Files\AIM
2010-03-07 16:08:16 ----D---- C:\Program Files\Common Files\AOL

======List of files/folders modified in the last 1 months======

2010-03-30 18:40:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-30 18:40:25 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2010-03-30 18:39:00 ----D---- C:\Program Files\SpiralFrog
2010-03-30 18:38:19 ----D---- C:\WINDOWS
2010-03-30 18:37:42 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2010-03-30 18:37:09 ----D---- C:\Program Files
2010-03-30 18:35:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 18:35:07 ----D---- C:\Program Files\Common Files
2010-03-30 18:22:01 ----SHD---- C:\WINDOWS\Installer
2010-03-30 18:21:54 ----D---- C:\Config.Msi
2010-03-30 18:21:45 ----D---- C:\WINDOWS\system32
2010-03-30 18:15:54 ----D---- C:\WINDOWS\WinSxS
2010-03-30 18:15:12 ----D---- C:\Program Files\Adobe
2010-03-30 18:15:11 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-03-30 18:15:10 ----D---- C:\Program Files\Common Files\Adobe
2010-03-30 18:04:27 ----D---- C:\$AVG8.VAULT$
2010-03-30 17:59:43 ----HD---- C:\WINDOWS\inf
2010-03-30 17:59:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-30 17:55:23 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2010-03-29 17:43:13 ----D---- C:\WINDOWS\system32\drivers
2010-03-29 17:08:09 ----D---- C:\Program Files\Avant Browser
2010-03-28 12:36:25 ----D---- C:\Program Files\Garena
2010-03-26 17:13:51 ----D---- C:\Program Files\World of Warcraft
2010-03-24 20:54:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-22 20:55:47 ----D---- C:\Program Files\DivX
2010-03-22 19:54:31 ----D---- C:\WINDOWS\AppPatch
2010-03-22 17:37:20 ----D---- C:\Program Files\Verizon
2010-03-21 23:05:54 ----D---- C:\Program Files\Common Files\Motive
2010-03-17 21:08:30 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-17 21:07:29 ----RSD---- C:\WINDOWS\assembly
2010-03-17 17:09:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-17 16:44:03 ----D---- C:\Program Files\Common Files\System
2010-03-17 16:43:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-17 16:43:26 ----D---- C:\Program Files\Windows Live
2010-03-17 16:42:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-17 16:42:19 ----D---- C:\WINDOWS\system32\DirectX
2010-03-10 18:37:54 ----SD---- C:\WINDOWS\Tasks
2010-03-10 18:33:48 ----A---- C:\WINDOWS\system.ini
2010-03-10 18:27:29 ----D---- C:\WINDOWS\system32\config
2010-03-10 18:12:32 ----RASH---- C:\boot.ini
2010-03-10 18:08:53 ----D---- C:\WINDOWS\Prefetch
2010-03-09 22:38:54 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-03-09 22:37:13 ----A---- C:\WINDOWS\imsins.BAK
2010-03-09 22:37:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-09 22:37:06 ----D---- C:\Program Files\Movie Maker
2010-03-01 22:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-28 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-28 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-10 108552]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-28 1160320]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-03-22 488992]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-01 161792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-02 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-01-19 5818400]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual; C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-08 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-04-09 59392]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys [2008-05-07 145952]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ESC3F.tmp []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-04-19 99200]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 V0540Afx;Creative Camera VF0540 Audio Effects Driver; C:\WINDOWS\system32\DRIVERS\V0540Afx.sys [2008-02-14 160256]
S3 V0540Dev;Creative Camera VF0540 Driver; C:\WINDOWS\system32\DRIVERS\V0540Vid.sys [2008-04-27 272512]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-03-17 319488]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe [2010-03-12 261632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live 家庭安全设置服务; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-14 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------
MatthewV
Regular Member
 
Posts: 27
Joined: March 3rd, 2010, 10:53 pm

Re: Please Help!!!

Unread postby MatthewV » March 30th, 2010, 9:49 pm

Also, is it okay for me to download the newest version of Adobe Reader right now? My family uses this program frequently, so please let me know.

Thank You :D
MatthewV
Regular Member
 
Posts: 27
Joined: March 3rd, 2010, 10:53 pm

Re: Please Help!!!

Unread postby Dakeyras » March 31st, 2010, 9:27 am

Hi. :)

Also, is it okay for me to download the newest version of Adobe Reader right now? My family uses this program frequently, so please let me know.
I would rather you did not actually, remember what I advised prior:-
Note: For the time being limit online activity to a minimal if possible. Do not install any new software and or make any changes to the computer unless advised to by myself, thank you.
I will further add please keep family members of the computer for the time being. As otherwise this will hinder the malware removal process, this is a minor inconvenience and in the long run will be worth it. By all means show them this post and explain I have advised this for the time being.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >>ERUNT >> ERUNT.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

FixPolicies:

Please download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here.

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box should briefly appear and then close.
  • Leave FixPolicies on your desktop please until I otherwsie advise, thank you.

Reset SP2 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On(recommended) >> OK.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform a Quick Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

F-Secure Blacklight:

Please download Blacklight from here to your desktop.

or

Link to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
and save it to your desktop from there.

Go to Start-->Run, copy in the following text, and press Enter:
"%userprofile%\desktop\fsbl.exe" /expert
Accept the license agreement.
Click > scan, wait for it to finish, then click Close

There will be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • Malwarebytes Anti-Malware Log.
  • Blacklight Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Please Help!!!

Unread postby MatthewV » March 31st, 2010, 7:57 pm

Ok, I will notify my family to limit their time on this machine, thank you for replying.

Here is the Malwarebytes log...

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3939

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2010-3-31 16:46:10
mbam-log-2010-03-31 (16-46-10).txt

Scan type: Quick scan
Objects scanned: 103140
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the Backlight log...

03/31/10 16:49:47 [Info]: BlackLight Engine 2.2.1092 initialized
03/31/10 16:49:47 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/31/10 16:49:48 [Note]: 7019 4
03/31/10 16:49:48 [Note]: 7005 0
03/31/10 16:49:59 [Note]: 7006 0
03/31/10 16:49:59 [Note]: 7022 0
03/31/10 16:49:59 [Note]: 7011 432
03/31/10 16:49:59 [Note]: 7035 0
03/31/10 16:49:59 [Note]: 7026 0
03/31/10 16:49:59 [Note]: 7026 0
03/31/10 16:49:59 [Note]: FSRAW library version 1.7.1024
03/31/10 16:56:49 [Note]: 7007 0
MatthewV
Regular Member
 
Posts: 27
Joined: March 3rd, 2010, 10:53 pm

Re: Please Help!!!

Unread postby Dakeyras » April 1st, 2010, 5:04 am

Hi. :)

Ok, I will notify my family to limit their time on this machine, thank you for replying.
Fair enough but still better they leave well alone for the time being as it is a minor inconvenience. :thumbup:

New Adobe Reader Installation:

  • Go here and click on AdbeRdr930_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to JDK 6 Update 19 (JDK or JRE). Click on Download JRE.
  • Select Windows from the drop-down list for Platform.
  • Check (tick) Java SE Runtime Environment 6u19 with JavaFX 1 License Agreement box and click on Continue.
  • Click on jre-6u19-windows-i586.exe link to download it and save this to a convenient location.
  • Double click on jre-6u19-windows-i586.exe to install Java.

Note: Do not accept the Carbonite online backup trial if it's offered.

Next:

Run TFC(Temp File Cleaner) again please as outlined here.

Run Kaspersky Online AV Scanner:

Go to this Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • Kaspersky report.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Please Help!!!

Unread postby MatthewV » April 2nd, 2010, 1:05 am

Hi, my computer is working properly and everything is in the right place. I've followed all the instructions you requested up to the Kapersky scanner. I didn't have any problems but I didn't think it would take so long...
Anyway, I should have the Kapersky log by tomorrow, just wanted to let you know. Thanks!
MatthewV
Regular Member
 
Posts: 27
Joined: March 3rd, 2010, 10:53 pm

Re: Please Help!!!

Unread postby Dakeyras » April 2nd, 2010, 5:24 am

OK thanks for the update and you're welcome! :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Please Help!!!

Unread postby MatthewV » April 3rd, 2010, 1:40 am

Here is the Kapersky report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, April 2, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, April 02, 2010 23:17:44
Records in database: 3913813
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 97256
Threats found: 5
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 03:25:33


File name / Threat / Threats count
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\awesome god hillsong.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Documents and Settings\Administrator\My Documents\LimeWire\Saved\love story jin.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Program Files\WE Unlimited\WE Unlimited.exe Infected: Trojan.Win32.Autoit.adw 1
C:\Program Files\WE Unlimited\WEU Game Patch.exe Infected: Trojan.Win32.Autoit.adw 1
C:\Program Files\YesTrader\RemoteAssist\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 1
C:\Program Files\YesTrader\RemoteAssist\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

Selected area has been scanned.
MatthewV
Regular Member
 
Posts: 27
Joined: March 3rd, 2010, 10:53 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware