Free Malware Removal Forum

by **Jishi** » March 5th, 2009, 7:54 pm

I kept getting the rundll error when I boot my compute up. I've tried the deleting the entry in registry manually, but it kept coming back =\.

Anyhelp would be greatly appreciated. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:08 PM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - e:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CamWizard] C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
O4 - HKLM\..\Run: [LogitechRegisterVideoApplications] "C:\Program Files\Logitech\Video\InstallHelper.exe" /register /runnow
O4 - HKLM\..\Run: [AWMON] "E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [CPM937d0ee6] Rundll32.exe "c:\windows\system32\wiwijadu.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7118 bytes

by **peku006** » March 9th, 2009, 12:51 pm

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Scan With ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus

Please include the C:\ComboFix.txt in your next reply for further review.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006

by **Jishi** » March 9th, 2009, 8:06 pm

Hi peku006, thanks for replying to my post.
Here's my log from combofix and hijackThis.

Edit: Sorry, I am running on XP with the Asian language pack install and I notice some of the content below are in Chinese. I'm not sure whether if you understand them or not. If you need a new log in English, please tell me how to change the language. Thanks!

ComboFix 09-03-06.02 - JsL 2009-03-09 20:00:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2047.1561 [GMT -4:00]
执行位置: c:\documents and settings\JsL\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* 成功创造新还原点
.

((((((((((((((((((((((((( 2009-02-09 至 2009-03-09 的新的档案 )))))))))))))))))))))))))))))))
.

2009-03-05 17:51 . 2009-03-05 17:51 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 10:43 . 2009-03-05 16:52 122 --a------ c:\windows\wininit.ini
2009-03-04 02:37 . 2009-03-04 02:41 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-04 02:31 . 2009-03-09 19:51 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-04 02:31 . 2009-03-04 02:31 <DIR> d-------- c:\program files\AVG
2009-03-04 02:31 . 2009-03-04 05:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-04 02:31 . 2009-03-04 02:31 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-04 02:31 . 2009-03-04 02:31 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-04 02:31 . 2009-03-04 02:31 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-24 23:37 . 2009-02-24 23:37 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-02-24 23:37 . 2009-02-24 23:37 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-02-24 23:22 . 2009-02-24 23:37 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-24 23:19 . 2009-02-24 23:20 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-24 23:02 . 2009-02-24 23:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-24 22:52 . 2009-02-24 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM
2009-02-24 22:51 . 2009-02-24 22:51 <DIR> d-------- c:\program files\Bonjour
2009-02-24 22:46 . 2009-02-24 22:46 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-18 23:50 . 2009-02-18 23:50 <DIR> d-------- c:\documents and settings\JsL\Application Data\AdobeUM
2009-02-14 15:09 . 2009-02-14 15:09 4,444 --a------ c:\windows\system32\pid.PNF
2009-02-14 15:02 . 2009-02-14 15:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-13 21:53 . 2009-02-13 21:53 <DIR> d-------- c:\program files\SSH Communications Security
2009-02-13 21:13 . 2009-02-25 01:11 <DIR> d-------- c:\documents and settings\JsL\Application Data\SSH
2009-02-11 01:35 . 2009-02-11 01:35 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-11 01:32 . 2009-02-11 01:32 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-10 18:29 . 2009-02-10 18:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-10 17:47 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-10 17:47 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-10 17:47 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-09 20:17 . 2009-02-09 20:17 <DIR> d-------- c:\program files\Common Files\Thunder Network
2009-02-09 20:17 . 2009-02-09 20:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Thunder Network
2009-02-09 20:12 . 2009-02-09 20:12 <DIR> d-------- c:\windows\SxsCaPendDel
2009-02-09 20:09 . 2007-04-09 14:23 28,040 --a------ c:\windows\system32\mdimon.dll
2009-02-09 20:09 . 2009-02-09 20:09 376 --a------ c:\windows\ODBC.INI
2009-02-09 20:07 . 2009-02-09 20:07 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-02-09 20:07 . 2009-02-09 20:07 <DIR> d-------- c:\program files\Common Files\L&H
2009-02-09 20:06 . 2009-02-09 20:07 <DIR> d-------- c:\windows\SHELLNEW
2009-02-09 20:06 . 2009-02-15 23:46 <DIR> d-------- c:\program files\Microsoft Works
2009-02-09 20:05 . 2009-02-09 20:05 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-09 19:18 . 2009-03-09 00:58 <DIR> d-------- c:\documents and settings\JsL\Tracing
2009-02-09 19:17 . 2009-02-09 19:17 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-09 19:17 . 2006-11-29 14:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-02-09 19:16 . 2009-02-09 19:16 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-09 19:16 . 2009-02-09 19:16 <DIR> d-------- c:\program files\Microsoft
2009-02-09 19:15 . 2009-02-20 21:39 <DIR> d-------- c:\program files\Windows Live
2009-02-09 19:12 . 2009-02-09 19:12 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-09 19:01 . 2009-02-09 19:01 <DIR> d-------- c:\windows\system32\scripting
2009-02-09 19:01 . 2009-02-09 19:01 <DIR> d-------- c:\windows\system32\en
2009-02-09 19:01 . 2009-02-09 19:01 <DIR> d-------- c:\windows\system32\bits
2009-02-09 19:01 . 2009-02-09 19:01 <DIR> d-------- c:\windows\l2schemas
2009-02-09 19:00 . 2009-02-09 19:00 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-09 18:52 . 2009-03-05 14:24 2,841 --a------ c:\windows\system32\cid_store.dat
2009-02-09 18:52 . 2009-03-05 14:22 26 --a------ c:\windows\system32\xlhcc.dat
2009-02-09 18:52 . 2009-02-09 18:52 20 --a------ c:\windows\system32\pub_store.dat
2009-02-09 18:49 . 2008-05-29 10:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-02-09 18:48 . 2009-02-09 18:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-09 18:47 . 2009-02-09 18:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-09 18:41 . 2008-12-20 19:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-09 18:41 . 2007-04-17 05:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-09 18:41 . 2007-03-08 01:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-09 18:41 . 2008-12-20 19:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-09 18:41 . 2008-12-20 19:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-09 18:41 . 2008-12-20 19:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-09 18:41 . 2008-12-20 19:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-09 18:41 . 2008-12-20 19:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-09 18:41 . 2008-12-19 05:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-09 18:36 . 2009-02-09 18:49 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-02-09 18:34 . 2009-02-09 18:34 <DIR> d-------- c:\documents and settings\JsL\Application Data\TuneUp Software
2009-02-09 18:27 . 2007-03-07 19:51 129,784 --------- c:\windows\system32\pxafs.dll
2009-02-09 18:27 . 2007-03-07 19:51 43,528 --------- c:\windows\system32\drivers\PxHelp20.sys
2009-02-09 18:27 . 2007-03-07 19:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-09 18:27 . 2007-03-07 19:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-02-09 18:21 . 2008-04-13 13:39 689,152 --a--c--- c:\windows\system32\dllcache\xpsp3res.dll
2009-02-09 18:21 . 2008-06-13 07:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-02-09 18:21 . 2008-06-13 07:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-09 18:20 . 2008-08-14 06:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 18:20 . 2008-08-14 06:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 18:20 . 2008-08-14 05:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 18:20 . 2008-08-14 05:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 18:20 . 2008-09-15 08:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-09 18:20 . 2008-04-11 15:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-09 18:20 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-09 18:20 . 2008-10-15 12:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-09 18:20 . 2008-12-11 06:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-09 18:20 . 2008-05-08 10:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-09 18:19 . 2009-02-24 18:36 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-09 18:17 . 2009-02-09 18:17 <DIR> d-------- c:\documents and settings\JsL\Application Data\ATI
2009-02-09 18:17 . 2008-04-13 14:39 5,504 --a--c--- c:\windows\system32\drivers\mstee.sys
2009-02-09 18:17 . 2008-04-13 14:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2009-02-09 18:11 . 2009-02-09 18:11 <DIR> d-------- c:\documents and settings\JsL\Application Data\Lavasoft
2009-02-09 18:09 . 2009-02-09 18:09 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-09 18:09 . 2009-02-09 18:09 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-09 18:07 . 2009-02-09 18:07 <DIR> d-------- c:\program files\Common Files\ATI Technologies
2009-02-09 18:07 . 2009-03-04 10:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 18:05 . 2009-02-09 18:05 <DIR> d-------- c:\documents and settings\JsL\Application Data\Media Player Classic
2009-02-09 18:05 . 2009-02-09 18:05 <DIR> d-------- c:\documents and settings\JsL\Application Data\Ahead
2009-02-09 18:05 . 2009-03-04 02:18 116 --a------ c:\windows\NeroDigital.ini
2009-02-09 18:04 . 2009-02-09 18:04 <DIR> d-------- c:\windows\system32\URTTemp
2009-02-09 18:03 . 2006-02-08 17:44 1,114,674 -ra------ c:\windows\system32\drivers\ativcaxx.cpa
2009-02-09 18:03 . 2006-03-17 16:37 520,192 --------- c:\windows\system32\ati2sgag.exe
2009-02-09 18:03 . 2006-03-21 23:42 307,200 -ra------ c:\windows\system32\atiiiexx.dll
2009-02-09 18:03 . 2006-02-13 16:29 121,995 -ra------ c:\windows\system32\atiicdxx.dat
2009-02-09 18:03 . 2005-10-14 11:10 58,560 -ra------ c:\windows\system32\drivers\ativckxx.vp
2009-02-09 18:03 . 2006-03-22 00:12 27,504 -ra------ c:\windows\system32\drivers\ativvpxx.vp
2009-02-09 18:03 . 2006-01-25 21:48 6,005 -ra------ c:\windows\system32\atifglpf.xml
2009-02-09 18:03 . 2006-02-08 17:44 929 -ra------ c:\windows\system32\drivers\ativcaxx.vp
2009-02-09 18:02 . 2009-02-09 18:06 <DIR> d-------- c:\program files\ATI Technologies
2009-02-09 17:58 . 2005-04-20 07:32 2,916,352 --------- c:\windows\UNNMP.exe
2009-02-09 17:58 . 2006-03-22 07:55 47,867 --------- c:\windows\UNNMP.cfg
2009-02-09 17:56 . 2009-02-09 17:56 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-09 17:56 . 2005-07-29 11:12 2,977,792 --------- c:\windows\UNNeroVision.exe
2009-02-09 17:56 . 2006-03-22 07:55 179,261 --------- c:\windows\UNNeroVision.cfg
2009-02-09 17:56 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-02-09 17:56 . 2001-03-08 19:30 24,064 --------- c:\windows\system32\msxml3a.dll
2009-02-09 17:55 . 2009-02-09 17:55 <DIR> d-------- c:\program files\Common Files\Ahead
2009-02-09 17:55 . 2009-02-09 17:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-02-09 17:55 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-02-09 17:55 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-02-09 17:55 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-02-09 17:55 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-02-09 17:55 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-02-09 17:55 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-02-09 17:55 . 2001-06-26 08:15 38,912 --------- c:\windows\system32\picn20.dll
2009-02-09 17:52 . 2009-02-09 17:52 0 --a------ c:\windows\nsreg.dat
2009-02-09 17:51 . 2009-02-09 17:51 <DIR> d-------- c:\program files\Combined Community Codec Pack
2009-02-09 17:49 . 2009-02-09 17:49 <DIR> d-------- c:\program files\Common Files\LogiShared

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 07:45 --------- d-----w c:\documents and settings\JsL\Application Data\MSNInstaller
2009-02-09 07:30 --------- d-----w c:\program files\microsoft frontpage
2009-02-07 00:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 23:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
.

------- Sigcheck -------

2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 06:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 07:51 361600 4afb3b0919649f95c1964aa1fad27d73 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-09 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-04 02:31 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CPM937d0ee6"=Rundll32.exe "c:\windows\system32\wiwijadu.dll",a

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Garena\\Garena.exe"=
"e:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=
"e:\\Program Files\\Counter Strike Condition Zero\\czero.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-04 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-04 107912]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-04 298264]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2009-02-09 34048]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
‘计划任务’ 文件夹里的内容

2009-03-09 c:\windows\Tasks\1-Click Maintenance.job
- e:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 10:09]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CPM937d0ee6 - c:\windows\system32\wiwijadu.dll
HKLM-Run-LVCOMSX - c:\windows\system32\LVCOMSX.EXE
HKLM-Run-CamWizard - c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
HKLM-Run-LogitechRegisterVideoApplications - c:\program files\Logitech\Video\InstallHelper.exe
MSConfigStartUp-CPM937d0ee6 - c:\windows\system32\wiwijadu.dll

.
------- 而外的扫描 -------
.
uStart Page = about:blank
mStart Page = hxxp://www.930930.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: 使用网际快车下载 - e:\program files\FlashGet\jc_link.htm
IE: 使用网际快车下载全部链接 - e:\program files\FlashGet\jc_all.htm
IE: 使用迅雷下载 - e:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - e:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\program files\Thunder Network\Thunder\Thunder.exe
FF - ProfilePath - c:\documents and settings\JsL\Application Data\Mozilla\Firefox\Profiles\vo4mjyd3.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 20:01:13
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程。。。

扫描被隐藏的启动组。。。

扫描被隐藏的文件。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
.
完成时间: 2009-03-09 20:02:19
ComboFix-quarantined-files.txt 2009-03-10 00:02:17
ComboFix2.txt 2009-03-05 20:34:08

Pre-Run: 6,963,695,616 bytes free
Post-Run: 6,966,575,104 bytes free

277 --- E O F --- 2009-02-25 03:45:28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:47 PM, on 3/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - e:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6486 bytes

by **peku006** » March 10th, 2009, 4:13 am

Hi Jishi
no problem with Chinese... :lol:

1 - Remove bad HijackThis entries

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

2 - Download anf Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.

Double-click OTMoveIt3.exe.
Copy the lines in the codebox below.

Code: Select all

:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CPM937d0ee6"=-

:Commands
[EmptyTemp]

Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3

3 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with

1. the OTMoveIt3 log
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log

Thanks peku006

by **Jishi** » March 10th, 2009, 7:36 am

Hi peku006, I'll paste the OTMoveIt3 log here first since the window prompted to reboot after scanning.

Edit: updated =)

========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\CPM937d0ee6 deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JsL\LOCALS~1\Temp\etilqs_e7uKzdAbMSYMrFKt5Co7 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JsL\LOCALS~1\Temp\Perflib_Perfdata_9b4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JsL\LOCALS~1\Temp\Perflib_Perfdata_cfc.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JsL\LOCALS~1\Temp\Perflib_Perfdata_d04.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\JsL\Local Settings\Application Data\Mozilla\Firefox\Profiles\vo4mjyd3.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JsL\Local Settings\Application Data\Mozilla\Firefox\Profiles\vo4mjyd3.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JsL\Local Settings\Application Data\Mozilla\Firefox\Profiles\vo4mjyd3.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JsL\Local Settings\Application Data\Mozilla\Firefox\Profiles\vo4mjyd3.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JsL\Local Settings\Application Data\Mozilla\Firefox\Profiles\vo4mjyd3.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JsL\Local Settings\Application Data\Mozilla\Firefox\Profiles\vo4mjyd3.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03102009_073251

Malwarebytes' Anti-Malware 1.34
Database version: 1831
Windows 5.1.2600 Service Pack 3

3/10/2009 8:42:54 AM
mbam-log-2009-03-10 (08-42-54).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 236235
Time elapsed: 1 hour(s), 2 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm937d0ee6 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:34 AM, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - e:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CamWizard] C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
O4 - HKLM\..\Run: [LogitechRegisterVideoApplications] "C:\Program Files\Logitech\Video\InstallHelper.exe" /register /runnow
O4 - HKLM\..\Run: [AWMON] "E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [CPM937d0ee6] Rundll32.exe "c:\windows\system32\wiwijadu.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6909 bytes

by **peku006** » March 10th, 2009, 11:27 am

Hi Jishi

1 - Remove bad HijackThis entries

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

2 - Clean temp files

ATF (Atribune Temp File) CleanerÂ© by Atribune

ATF Cleaner.exe

Under Main choose:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

Empty Selected

if you use Firefox:

Firefox

Select All

Empty Selected

NOTE:

NO

if you use Opera:

Opera

Select All

Empty Selected

NOTE:

NO

Exit

Main menu

3 - F-Secure Online Scan

Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page.
You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
Click on Accept to accept the License Agreement.
Click on Custom Scan.
- Under Virus Scan Options, select the Scan whole system option.
- Under Other Scan Options, select these options:
  - Scan all files
  - Scan whole system for rootkits
  - Scan whole system for spyware
  - Scan inside archives
  - Use advanced heuristics
Click Start.
It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
Click on I want decide item by item.
Under Actions, select None for all infections found.
Click Next.
Click on Show Report.
Please copy and paste this report in your next reply.
Click Finish.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with

1. the F-Secure online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006

by **Jishi** » March 11th, 2009, 12:53 am

Hi peku, I didnt get those options you listed after scanning with F-Secure. There's only the Show Report button.

Im still getting that same error at startup.

peku006 wrote:[*]Click on I want decide item by item.
[*]Under Actions, select None for all infections found.
[*]Click Next.
[*]Click on Show Report.

I just notice I misspelled RUNDLL with RUNDELL :lol:

Scanning Report
Tuesday, March 10, 2009 23:00:30 - 00:20:38

Computer name: JISHI
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ E:\
Result: 0 malware found
Statistics
Scanned:

* Files: 286258
* System: 3371
* Not scanned: 52

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* x��#�AGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* C:\Program Files\Common Files\Adobe\Installers\Adobe Illustrator CS3 13.0.log.gz\Adobe Illustrator CS3 13.0.log
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\JSL\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\JSL\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\JSL\LOCAL SETTINGS\TEMP\ETILQS_0JHAFA8ULKNBPNWKP6V0
* C:\DOCUMENTS AND SETTINGS\JSL\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_244.DAT
* C:\DOCUMENTS AND SETTINGS\JSL\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_330.DAT
* C:\DOCUMENTS AND SETTINGS\JSL\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_958.DAT
* C:\DOCUMENTS AND SETTINGS\JSL\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\JSL\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\JSL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VO4MJYD3.DEFAULT\PARENT.LOCK
* C:\DOCUMENTS AND SETTINGS\JSL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VO4MJYD3.DEFAULT\PLACES.SQLITE-JOURNAL
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass1.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass1.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass1.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass1.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip\uhakulej.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search &2��<

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Hydra: 3.6.8511, 2009-03-11
* F-Secure AVP: 7.0.171, 2009-03-10
* F-Secure Pegasus: 1.20.0, 1969-11-31
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:13 AM, on 3/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - e:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CamWizard] C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
O4 - HKLM\..\Run: [LogitechRegisterVideoApplications] "C:\Program Files\Logitech\Video\InstallHelper.exe" /register /runnow
O4 - HKLM\..\Run: [AWMON] "E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [CPM937d0ee6] Rundll32.exe "c:\windows\system32\wiwijadu.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7035 bytes

by **peku006** » March 11th, 2009, 11:48 am

Hi Jishi

1 - Remove bad HijackThis entries

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

After that, Reboot.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006

by **Jishi** » March 11th, 2009, 11:08 pm

Peku, those 2 items are still there after checking and rebooting. =|

By the way, are these files safe? What for?

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass1.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass1.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass1.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass1.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.ini
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip\uhakulej.ini

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:19 PM, on 3/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - e:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CamWizard] C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe
O4 - HKLM\..\Run: [LogitechRegisterVideoApplications] "C:\Program Files\Logitech\Video\InstallHelper.exe" /register /runnow
O4 - HKLM\..\Run: [AWMON] "E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [CPM937d0ee6] Rundll32.exe "c:\windows\system32\wiwijadu.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - e:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7061 bytes

by **peku006** » March 12th, 2009, 3:58 am

Hi Jishi

By the way, are these files safe?

When files are in the recycle folder they are already "out of" your system, but you can delete them

Go to below folder and delete everything inside.. Don't delete the folder itself.. Just leave it empty..
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery

Please download OTScanIt2 from Geeks to Go or Bleeping Computer. Save it to your desktop.

Double click on OTScanIt2.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
Under Rookit Search, select Yes.
Click on Run Scan at the top left hand corner.
When done, Notepad will open. Please post this log in your next reply.

Thanks peku006

by **Jishi** » March 12th, 2009, 1:15 pm

Hi peku,

There are more than 100000 characters in this log, so i separated it into 2 posts.

[code]
OTScanIt2 logfile created on: 3/12/2009 1:05:35 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\JsL\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 66.85% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 6.31 Gb Free Space | 43.10% Space Free | Partition Type: NTFS
Drive D: | 183.60 Gb Total Space | 113.35 Gb Free Space | 61.74% Space Free | Partition Type: NTFS
Drive E: | 34.63 Gb Total Space | 29.18 Gb Free Space | 84.26% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JISHI
Current User Name: JsL
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
ad-watch.exe -> E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> [2004/09/16 17:15:00 | 00,538,112 | ---- | M] (Lavasoft Sweden)
ati2evxx.exe -> %SystemRoot%\system32\Ati2evxx.exe -> [2006/03/21 23:48:54 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> %SystemRoot%\system32\Ati2evxx.exe -> [2006/03/21 23:48:54 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
avgnsx.exe -> %ProgramFiles%\AVG\AVG8\avgnsx.exe -> [2009/03/04 02:31:31 | 00,594,200 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2009/03/04 02:31:31 | 00,485,144 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/03/04 02:31:30 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\cli.exe -> [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.)
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\cli.exe -> [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.)
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\cli.exe -> [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/03/05 15:42:24 | 00,307,704 | ---- | M] (Mozilla Corporation)
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP)
inetinfo.exe -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
khalmnpr.exe -> %CommonProgramFiles%\Logitech\KhalShared\KHALMNPR.EXE -> [2007/04/11 16:32:22 | 00,056,080 | ---- | M] (Logitech Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/02/19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> [2007/04/23 05:00:00 | 00,692,224 | ---- | M] (Logitech Inc.)
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> [2005/05/19 21:11:06 | 00,925,696 | R--- | M] (Analog Devices, Inc.)
tcpsvcs.exe -> %SystemRoot%\system32\tcpsvcs.exe -> [2001/08/23 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(6to4) IPv6 Helper Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\6to4svc.dll -> [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Ati2evxx.exe -> [2006/03/21 23:48:54 | 00,405,504 | ---- | M] (ATI Technologies Inc.)
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [2006/03/17 16:37:00 | 00,520,192 | ---- | M] ()
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/03/04 02:31:30 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/02/24 22:46:35 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IISADMIN) IIS Admin [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
(LPDSVC) TCP/IP Print Server [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\tcpsvcs.exe -> [2001/08/23 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MSFtpsvc) FTP Publishing [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(p2pgasvc) Peer Networking Group Authentication [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\p2pgasvc.dll -> [2008/04/13 20:12:02 | 00,105,472 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP)
(SimpTcp) Simple TCP/IP Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\tcpsvcs.exe -> [2001/08/23 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
(SMTPSVC) Simple Mail Transfer Protocol (SMTP) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
(TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\TuneUpDefragService.exe -> [2009/02/09 18:49:16 | 00,355,584 | ---- | M] (TuneUp Software GmbH)
(UxTuneUp) TuneUp Theme Extension [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\uxtuneup.dll -> [2008/05/29 10:28:54 | 00,028,416 | ---- | M] (TuneUp Software GmbH)
(W3SVC) World Wide Web Publishing [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ADIHdAud.sys -> [2005/10/05 05:21:10 | 00,141,312 | R--- | M] (Analog Devices, Inc.)
(AEAudioService) AEAudio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AEAudio.sys -> [2005/03/04 08:53:00 | 00,127,872 | R--- | M] (Andrea Electronics Corporation)
(AtcL001) NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\atl01_xp.sys -> [2006/07/18 21:52:18 | 00,034,048 | R--- | M] (Attansic Technology corporation.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ati2mtag.sys -> [2006/03/21 23:56:22 | 01,522,688 | ---- | M] (ATI Technologies Inc.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgldx86.sys -> [2009/03/04 02:31:39 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\System32\Drivers\avgmfx86.sys -> [2009/03/04 02:31:39 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgtdix.sys -> [2009/03/04 02:31:44 | 00,107,912 | ---- | M] (AVG Technologies CZ, s.r.o.)
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HdAudio.sys -> [2004/10/27 16:21:30 | 00,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZid412.sys -> [2006/04/12 06:04:39 | 00,049,664 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZipr12.sys -> [2006/04/12 06:04:39 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZius12.sys -> [2006/04/12 06:04:39 | 00,021,568 | ---- | M] (HP)
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\L8042Kbd.sys -> [2007/04/11 16:32:30 | 00,020,496 | ---- | M] (Logitech Inc.)
(L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\L8042mou.Sys -> [2007/04/11 16:32:38 | 00,063,248 | ---- | M] (Logitech Inc.)
(LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\LMouKE.Sys -> [2007/04/11 16:33:06 | 00,079,376 | ---- | M] (Logitech Inc.)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ASACPI.sys -> [2004/08/12 22:56:20 | 00,005,810 | R--- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\System32\drivers\scdemu.sys -> [2008/11/02 04:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Senfilt.sys -> [2005/08/11 01:49:28 | 00,393,088 | R--- | M] (Sensaura)
(Tcpip6) Microsoft IPv6 Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\DRIVERS\tcpip6.sys -> [2008/06/20 07:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.930930.com ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.930930.com ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://cache.lianmeng.com/googlego.php?sid=1008094 ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://cache.lianmeng.com/googlego.php?sid=1008094 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\JsL\Application Data\Mozilla\FireFox\Profiles\vo4mjyd3.default\prefs.js ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.7" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7 ->
< HOSTS File > (301855 bytes and 10456 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com
127.0.0.1 http://www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 http://www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 http://www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 http://www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 http://www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 http://www.10sek.com
127.0.0.1 http://www.1-2005-search.com
127.0.0.1 1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{01443AEC-0FD1-40fd-9C87-E93D1494C233} [HKLM] -> e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [ThunderAtOnce Class] -> [2008/12/24 13:54:36 | 00,142,600 | ---- | M] (Thunder Networking Technologies,LTD)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2004/12/14 02:56:50 | 00,063,136 | ---- | M] (Adobe Systems Incorporated)
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKLM] -> E:\Program Files\FlashGet\Jccatch.dll [IeCatch5 Class] -> [2006/05/16 16:19:42 | 00,081,920 | ---- | M] (FlashGet)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/03/04 02:31:31 | 01,078,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> E:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 16:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{889D2FEB-5411-4565-8998-1DD2C5261283} [HKLM] -> e:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [Thunder Browser Helper] -> [2008/12/24 13:54:36 | 00,128,464 | ---- | M] (Thunder Networking Technologies,LTD)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 16:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{F156768E-81EF-470C-9057-481BA8380DBA} [HKLM] -> E:\Program Files\FlashGet\getflash.dll [gFlash Class] -> [2006/09/12 11:50:56 | 00,126,976 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" [HKLM] -> E:\Program Files\FlashGet\fgiebar.dll [FlashGet Bar] -> [2005/06/07 12:06:10 | 00,086,016 | ---- | M] (Amaze Soft)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ATICCC" -> %ProgramFiles%\ATI Technologies\ATI.ACE\cli.exe ["C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay] -> [2006/01/02 18:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.)
"AWMON" -> E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe ["E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"] -> [2004/09/16 17:15:00 | 00,538,112 | ---- | M] (Lavasoft Sweden)
"CamWizard" -> %CommonProgramFiles%\Logitech\QCDRV\BIN\CamWizard.exe [C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe] -> File not found
"CPM937d0ee6" -> %SystemRoot%\system32\wiwijadu.DLL [Rundll32.exe "c:\windows\system32\wiwijadu.dll",a] -> File not found
"High Definition Audio Property Page Shortcut" -> %SystemRoot%\system32\HDAShCut.exe [HDAShCut.exe] -> [2004/10/27 16:21:30 | 00,061,952 | ---- | M] (Windows (R) Server 2003 DDK provider)
"HP Software Update" -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"IMJPMIG8.1" -> %SystemRoot%\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2004/08/03 22:32:00 | 00,208,952 | ---- | M] (Microsoft Corporation)
"Logitech Hardware Abstraction Layer" -> %SystemRoot%\KHALMNPR.EXE [KHALMNPR.EXE] -> [2007/04/11 16:32:22 | 00,056,080 | ---- | M] (Logitech Inc.)
"LogitechRegisterVideoApplications" -> %ProgramFiles%\Logitech\Video\InstallHelper.exe ["C:\Program Files\Logitech\Video\InstallHelper.exe" /register /runnow] -> File not found
"LVCOMSX" -> %SystemRoot%\system32\LVCOMSX.EXE [C:\WINDOWS\system32\LVCOMSX.EXE] -> File not found
"NeroFilterCheck" -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 11:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"PHIME2002A" -> %SystemRoot%\system32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2004/08/03 22:32:16 | 00,455,168 | ---- | M] (Microsoft Corporation)
"PHIME2002ASync" -> [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> File not found
"SoundMAXPnP" -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> [2005/05/19 21:11:06 | 00,925,696 | R--- | M] (Analog Devices, Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> [2007/04/23 05:00:00 | 00,692,224 | ---- | M] (Logitech Inc.)
< JsL Startup Folder > -> C:\Documents and Settings\JsL\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoStartBanner" -> [01 [binary data]] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000] -> [2008/10/13 12:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
使用网际快车下载 -> E:\Program Files\FlashGet\jc_link.htm [E:\Program Files\FlashGet\jc_link.htm] -> [2006/10/27 12:43:18 | 00,001,898 | ---- | M] ()
使用网际快车下载全部链接 -> E:\Program Files\FlashGet\jc_all.htm [E:\Program Files\FlashGet\jc_all.htm] -> [2000/02/06 12:06:06 | 00,000,575 | ---- | M] ()
使用迅雷下载 -> e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm [e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm] -> [2008/12/24 14:09:30 | 00,004,207 | ---- | M] ()
使用迅雷下载全部链接 -> e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm [e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm] -> [2008/12/24 14:09:30 | 00,001,673 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}:Exec [HKLM] -> e:\Program Files\Thunder Network\Thunder\Thunder.exe [Button: 启动迅雷5] -> [2008/12/24 13:53:18 | 00,050,640 | ---- | M] (Thunder Networking Technologies,LTD)
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}:Exec [HKLM] -> e:\Program Files\Thunder Network\Thunder\Thunder.exe [Menu: 启动迅雷5] -> [2008/12/24 13:53:18 | 00,050,640 | ---- | M] (Thunder Networking Technologies,LTD)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> E:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Program Files\FlashGet\flashget.exe [Button: FlashGet] -> [2006/09/11 18:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec [HKLM] -> E:\Program Files\FlashGet\flashget.exe [Menu: &FlashGet] -> [2006/09/11 18:01:40 | 01,400,832 | ---- | M] (FlashGet.com)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> E:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 16:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5440 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5441 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/ ... ontrol.cab [Reg Error: Key error.] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> http://support.f-secure.com/ols/fscax.cab [F-Secure Online Scanner 3.3] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{C7F82F92-340D-4926-ADF2-73A61F1064F4} -> () ->
{E081B11E-BBB9-48BA-9415-DAFCF333B83F} -> (Attansic L1 Gigabit Ethernet 10/100/1000Base-T Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\Ati2evxx.dll -> [2006/03/21 23:50:10 | 00,061,440 | ---- | M] (ATI Technologies Inc.)
avgrsstarter -> %SystemRoot%\system32\avgrsstx.dll -> [2009/03/04 02:31:44 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> Reg Error: Key error. [SSODL] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/03/04 02:31:31 | 00,594,200 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/03/04 02:31:30 | 01,057,048 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2006/02/15 11:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/04/21 00:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/04/21 01:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/04/20 22:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/04/21 00:43:46 | 00,087,640 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/04/21 01:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2006/02/16 23:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2006/02/19 06:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2006/02/17 01:19:34 | 00,192,512 | ---- | M] ()
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2006/02/19 06:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2006/02/19 05:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/04/21 01:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation)
"E:\Program Files\Counter Strike Condition Zero\czero.exe" -> E:\Program Files\Counter Strike Condition Zero\czero.exe [E:\Program Files\Counter Strike Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher] -> [2004/03/20 05:54:04 | 00,086,016 | ---- | M] (Valve)
"E:\Program Files\Garena\Garena.exe" -> E:\Program Files\Garena\Garena.exe [E:\Program Files\Garena\Garena.exe:*:Enabled:Garena] -> [2009/01/31 18:24:56 | 03,316,496 | ---- | M] (Garena Interactive PTE LTD)
"E:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe" -> E:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe [E:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder] -> [2009/01/12 20:45:56 | 02,381,264 | ---- | M] (Thunder Networking Technologies,LTD)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2009/02/09 03:29:43 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

[Files/Folders - Created Within 30 Days]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
pakegafi -> %SystemRoot%\System32\pakegafi -> [2099/01/01 12:00:00 | 00,006,456 | -H-- | C] ()
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/03/12 13:04:28 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/12 13:03:50 | 00,661,370 | ---- | C] ()
fsaua.data -> %SystemDrive%\fsaua.data -> [2009/03/10 22:43:36 | 00,000,000 | ---D | C]
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/03/10 07:32:52 | 00,000,000 | -HSD | C]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [2009/03/10 07:32:51 | 00,000,000 | ---D | C]
OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe -> [2009/03/10 07:32:00 | 00,348,160 | ---- | C] (OldTimer Tools)
Malwarebytes -> %AppData%\Malwarebytes -> [2009/03/10 07:24:08 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/03/10 07:24:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/03/10 07:24:07 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/03/10 07:24:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/03/10 07:24:04 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/03/10 07:24:03 | 00,000,000 | ---D | C]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/03/10 07:23:35 | 02,876,720 | ---- | C] (Malwarebytes Corporation )
temp -> %SystemRoot%\temp -> [2009/03/09 20:02:21 | 00,000,000 | ---D | C]
SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2009/03/09 19:59:39 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> %SystemRoot%\SWREG.exe -> [2009/03/09 19:59:39 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> %SystemRoot%\SWSC.exe -> [2009/03/09 19:59:39 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> %SystemRoot%\sed.exe -> [2009/03/09 19:59:39 | 00,098,816 | ---- | C] ()
fdsv.exe -> %SystemRoot%\fdsv.exe -> [2009/03/09 19:59:39 | 00,089,504 | ---- | C] (Smallfrogs Studio)
grep.exe -> %SystemRoot%\grep.exe -> [2009/03/09 19:59:39 | 00,080,412 | ---- | C] ()
zip.exe -> %SystemRoot%\zip.exe -> [2009/03/09 19:59:39 | 00,068,096 | ---- | C] ()
VFIND.exe -> %SystemRoot%\VFIND.exe -> [2009/03/09 19:59:39 | 00,049,152 | ---- | C] ()
NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2009/03/09 19:59:39 | 00,029,696 | ---- | C] (NirSoft)
ComboFix -> %SystemDrive%\ComboFix -> [2009/03/09 19:59:35 | 00,000,000 | ---D | C]
Qoobox -> %SystemDrive%\Qoobox -> [2009/03/09 19:59:33 | 00,000,000 | ---D | C]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/03/09 19:54:50 | 02,933,448 | R--- | C] ()
Quests.html -> %UserProfile%\Desktop\Quests.html -> [2009/03/06 20:37:26 | 00,150,423 | ---- | C] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/03/05 17:51:58 | 00,001,734 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/03/05 17:51:56 | 00,000,000 | ---D | C]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2009/03/05 17:51:46 | 00,812,344 | ---- | C] (Trend Micro Inc.)
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/03/05 16:29:18 | 00,000,211 | ---- | C] ()
cmldr -> %SystemDrive%\cmldr -> [2009/03/05 16:29:16 | 00,260,272 | ---- | C] ()
cmdcons -> %SystemDrive%\cmdcons -> [2009/03/05 16:29:16 | 00,000,000 | RHSD | C]
ERDNT -> %SystemRoot%\ERDNT -> [2009/03/05 16:28:10 | 00,000,000 | ---D | C]
wininit.ini -> %SystemRoot%\wininit.ini -> [2009/03/04 10:43:25 | 00,000,122 | ---- | C] ()
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [2009/03/04 02:37:06 | 00,000,000 | -H-D | C]
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2009/03/04 02:31:44 | 00,107,912 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2009/03/04 02:31:44 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2009/03/04 02:31:39 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2009/03/04 02:31:39 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.)
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2009/03/04 02:31:36 | 34,005,013 | ---- | C] ()
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2009/03/04 02:31:36 | 06,061,540 | ---- | C] ()
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2009/03/04 02:31:36 | 00,401,372 | ---- | C] ()
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2009/03/04 02:31:36 | 00,033,747 | ---- | C] ()
Avg -> %SystemRoot%\System32\drivers\Avg -> [2009/03/04 02:31:36 | 00,000,000 | ---D | C]
AVG -> %ProgramFiles%\AVG -> [2009/03/04 02:31:29 | 00,000,000 | ---D | C]
avg8 -> %AllUsersProfile%\Application Data\avg8 -> [2009/03/04 02:31:28 | 00,000,000 | ---D | C]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [2009/02/24 23:37:36 | 00,023,392 | ---- | C] ()
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [2009/02/24 23:37:36 | 00,016,832 | ---- | C] ()
spmsg.dll -> %SystemRoot%\System32\spmsg.dll -> [2009/02/24 23:22:38 | 00,017,272 | ---- | C] (Microsoft Corporation)
Windows Media Connect 2 -> %ProgramFiles%\Windows Media Connect 2 -> [2009/02/24 23:22:15 | 00,000,000 | ---D | C]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2009/02/24 23:19:33 | 00,000,000 | -H-- | C] ()
UMDF -> %SystemRoot%\System32\drivers\UMDF -> [2009/02/24 23:19:30 | 00,000,000 | ---D | C]
Version Cue -> D:\My Documents\Version Cue -> [2009/02/24 23:04:56 | 00,000,000 | ---D | C]
FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [2009/02/24 23:02:04 | 00,000,000 | ---D | C]
ALM -> %AllUsersProfile%\Application Data\ALM -> [2009/02/24 22:52:28 | 00,000,000 | ---D | C]
Bonjour -> %ProgramFiles%\Bonjour -> [2009/02/24 22:51:42 | 00,000,000 | ---D | C]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared -> [2009/02/24 22:46:35 | 00,000,000 | ---D | C]
AdobeUM -> %AppData%\AdobeUM -> [2009/02/18 23:50:04 | 00,000,000 | ---D | C]
Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [2009/02/16 20:58:23 | 00,000,000 | ---D | C]
pid.PNF -> %SystemRoot%\System32\pid.PNF -> [2009/02/14 15:09:51 | 00,004,444 | ---- | C] ()
Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [2009/02/14 15:02:56 | 00,000,000 | ---D | C]
SSH Secure File Transfer Client.lnk -> %AllUsersProfile%\Desktop\SSH Secure File Transfer Client.lnk -> [2009/02/13 21:53:25 | 00,001,931 | ---- | C] ()
SSH Secure Shell Client.lnk -> %AllUsersProfile%\Desktop\SSH Secure Shell Client.lnk -> [2009/02/13 21:53:25 | 00,000,985 | ---- | C] ()
SSH Communications Security -> %ProgramFiles%\SSH Communications Security -> [2009/02/13 21:53:25 | 00,000,000 | ---D | C]
SSH -> %AppData%\SSH -> [2009/02/13 21:13:09 | 00,000,000 | ---D | C]
Microsoft CAPICOM 2.1.0.2 -> %ProgramFiles%\Microsoft CAPICOM 2.1.0.2 -> [2009/02/11 01:35:25 | 00,000,000 | ---D | C]
MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 -> [2009/02/11 01:32:45 | 00,000,000 | ---D | C]
HP Product Assistant -> %AllUsersProfile%\Application Data\HP Product Assistant -> [2009/02/10 18:29:41 | 00,000,000 | ---D | C]
mucltui.dll -> %SystemRoot%\System32\mucltui.dll -> [2009/02/10 17:47:07 | 00,268,648 | ---- | C] (Microsoft Corporation)
muweb.dll -> %SystemRoot%\System32\muweb.dll -> [2009/02/10 17:47:07 | 00,208,744 | ---- | C] (Microsoft Corporation)
mucltui.dll.mui -> %SystemRoot%\System32\mucltui.dll.mui -> [2009/02/10 17:47:07 | 00,027,496 | ---- | C] (Microsoft Corporation)

[Files/Folders - Modified Within 30 Days]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\Documents and Settings\JsL\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\JsL\Local Settings\Temp\*.tmp ->
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/12 13:03:51 | 00,661,370 | ---- | M] ()
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2009/03/12 13:02:02 | 34,005,013 | ---- | M] ()
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2009/03/12 13:02:02 | 00,033,747 | ---- | M] ()
Perflib_Perfdata_f20.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_f20.dat -> [2009/03/12 13:01:11 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_f28.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_f28.dat -> [2009/03/12 13:01:10 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_97c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_97c.dat -> [2009/03/12 13:00:57 | 00,016,384 | ---- | M] ()
1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [2009/03/12 13:00:42 | 00,000,482 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/03/12 13:00:33 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/03/12 13:00:31 | 00,002,048 | --S- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/03/12 03:59:39 | 06,553,600 | ---- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/03/12 03:59:39 | 00,000,178 | -HS- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/03/12 03:59:28 | 04,798,396 | -H-- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/03/11 23:13:42 | 01,572,664 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/03/11 23:11:50 | 00,001,374 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/03/11 23:10:50 | 00,005,747 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/03/11 23:10:50 | 00,005,333 | ---- | M] ()
perf.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat -> [2009/03/11 00:49:50 | 00,000,128 | ---- | M] ()
fsusscr.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> [2009/03/10 23:00:17 | 00,928,392 | ---- | M] (F-Secure Corporation)
fsusscr.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> [2009/03/10 23:00:17 | 00,928,392 | ---- | M] (F-Secure Corporation)
fsmart.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> [2009/03/10 23:00:17 | 00,147,456 | ---- | M] (F-Secure Corporation)
fsmart.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> [2009/03/10 23:00:17 | 00,147,456 | ---- | M] (F-Secure Corporation)
fssm32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> [2009/03/10 23:00:11 | 00,561,280 | ---- | M] (F-Secure Corp.)
fssm32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> [2009/03/10 23:00:11 | 00,561,280 | ---- | M] (F-Secure Corp.)
fm4av.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> [2009/03/10 23:00:11 | 00,482,448 | ---- | M] ()
fm4av.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> [2009/03/10 23:00:11 | 00,482,448 | ---- | M] ()
fsgk32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> [2009/03/10 23:00:11 | 00,440,960 | ---- | M] (F-Secure Corp.)
fsgk32.exe -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> [2009/03/10 23:00:11 | 00,440,960 | ---- | M] (F-Secure Corp.)
AVPFPI0.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> [2009/03/10 23:00:11 | 00,154,304 | ---- | M] (Kaspersky Lab)
AVPFPI0.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> [2009/03/10 23:00:11 | 00,154,304 | ---- | M] (Kaspersky Lab)
fsepx32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsepx32.dll -> [2009/03/10 23:00:11 | 00,150,144 | ---- | M] (F-Secure Corporation)
fsepx32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsepx32.dll -> [2009/03/10 23:00:11 | 00,150,144 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> [2009/03/10 23:00:11 | 00,120,456 | ---- | M] (F-Secure Corporation)
fpinor.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> [2009/03/10 23:00:11 | 00,120,456 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsuss.dll -> [2009/03/10 23:00:11 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsuss.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuss.dll -> [2009/03/10 23:00:11 | 00,113,288 | ---- | M] (F-Secure Corporation)
fsgkiapi.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> [2009/03/10 23:00:11 | 00,100,456 | ---- | M] (F-Secure Corp.)
fsgkiapi.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> [2009/03/10 23:00:11 | 00,100,456 | ---- | M] (F-Secure Corp.)
avpproxy.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> [2009/03/10 23:00:11 | 00,084,672 | ---- | M] (F-Secure Corporation)
avpproxy.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> [2009/03/10 23:00:11 | 00,084,672 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> [2009/03/10 23:00:11 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsbl.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> [2009/03/10 23:00:11 | 00,068,224 | ---- | M] (F-Secure Corporation)
fsedb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat -> [2009/03/10 22:59:58 | 02,304,026 | ---- | M] ()
fsedb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat -> [2009/03/10 22:59:58 | 02,304,026 | ---- | M] ()
fsecr32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> [2009/03/10 22:59:58 | 01,079,944 | ---- | M] (F-Secure Corporation)
fsecr32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> [2009/03/10 22:59:58 | 01,079,944 | ---- | M] (F-Secure Corporation)
fsupdllb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> [2009/03/10 22:59:58 | 00,422,594 | ---- | M] ()
fsupdllb.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> [2009/03/10 22:59:58 | 00,422,594 | ---- | M] ()
fsblu.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> [2009/03/10 22:59:27 | 00,731,784 | ---- | M] (F-Secure Corporation)
fsbld.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> [2009/03/10 22:59:27 | 00,731,784 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> [2009/03/10 22:59:21 | 00,651,264 | ---- | M] (F-Secure Corporation)
fssubmit.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> [2009/03/10 22:59:21 | 00,651,264 | ---- | M] (F-Secure Corporation)
Nse_w32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> [2009/03/10 22:59:13 | 00,588,856 | ---- | M] (Norman ASA)
Nse_w32.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [2009/03/10 22:59:13 | 00,588,856 | ---- | M] (Norman ASA)
ext.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat -> [2009/03/10 22:58:36 | 00,000,449 | ---- | M] ()
ext.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat -> [2009/03/10 22:58:36 | 00,000,449 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat -> [2009/03/10 22:58:35 | 00,000,243 | ---- | M] ()
sae.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat -> [2009/03/10 22:58:35 | 00,000,243 | ---- | M] ()
sai.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat -> [2009/03/10 22:58:34 | 00,001,348 | ---- | M] ()
sai.dat -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat -> [2009/03/10 22:58:34 | 00,001,348 | ---- | M] ()
OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe -> [2009/03/10 07:32:00 | 00,348,160 | ---- | M] (OldTimer Tools)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/03/10 07:24:07 | 00,000,696 | ---- | M] ()
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/03/10 07:23:38 | 02,876,720 | ---- | M] (Malwarebytes Corporation )
system.ini -> %SystemRoot%\system.ini -> [2009/03/09 20:01:14 | 00,000,227 | ---- | M] ()
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/03/09 19:54:53 | 02,933,448 | R--- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/03/09 01:45:41 | 00,023,552 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/03/08 14:59:52 | 00,512,626 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/03/08 14:59:52 | 00,433,512 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/03/08 14:59:52 | 00,070,696 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/03/08 14:55:36 | 00,002,262 | ---- | M] ()
Quests.html -> %UserProfile%\Desktop\Quests.html -> [2009/03/06 20:37:26 | 00,150,423 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2009/03/05 17:51:58 | 00,001,734 | ---- | M] ()
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2009/03/05 17:51:47 | 00,812,344 | ---- | M] (Trend Micro Inc.)
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/03/05 17:03:50 | 00,301,855 | R--- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/03/05 16:53:39 | 00,000,638 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/03/05 16:53:39 | 00,000,281 | RHS- | M] ()
wininit.ini -> %SystemRoot%\wininit.ini -> [2009/03/05 16:52:20 | 00,000,122 | ---- | M] ()
hosts.20090305-160349.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090305-160349.backup -> [2009/03/05 16:31:58 | 00,000,027 | ---- | M] ()
Boot.bak -> %SystemDrive%\Boot.bak -> [2009/03/05 15:38:58 | 00,000,211 | ---- | M] ()
cid_store.dat -> %SystemRoot%\System32\cid_store.dat -> [2009/03/05 14:24:06 | 00,002,841 | ---- | M] ()
xlhcc.dat -> %SystemRoot%\System32\xlhcc.dat -> [2009/03/05 14:22:54 | 00,000,026 | ---- | M] ()
pakegafi -> %SystemRoot%\System32\pakegafi -> [2009/03/04 05:33:14 | 00,006,456 | -H-- | M] ()
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2009/03/04 02:31:44 | 00,107,912 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2009/03/04 02:31:44 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2009/03/04 02:31:39 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2009/03/04 02:31:39 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.)
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2009/03/04 02:31:36 | 06,061,540 | ---- | M] ()
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2009/03/04 02:31:36 | 00,401,372 | ---- | M] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/03/04 02:18:02 | 00,000,116 | ---- | M] ()
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [2009/02/24 23:37:36 | 00,023,392 | ---- | M] ()
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [2009/02/24 23:37:36 | 00,016,832 | ---- | M] ()
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [2009/02/24 23:20:47 | 00,316,640 | ---- | M] ()
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2009/02/24 23:19:33 | 00,000,000 | -H-- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/02/24 23:02:54 | 00,072,304 | ---- | M] ()
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2009/02/16 14:21:08 | 00,008,206 | ---- | M] ()
pid.PNF -> %SystemRoot%\System32\pid.PNF -> [2009/02/14 15:09:51 | 00,004,444 | ---- | M] ()
SSH Secure File Transfer Client.lnk -> %AllUsersProfile%\Desktop\SSH Secure File Transfer Client.lnk -> [2009/02/13 21:53:25 | 00,001,931 | ---- | M] ()
SSH Secure Shell Client.lnk -> %AllUsersProfile%\Desktop\SSH Secure Shell Client.lnk -> [2009/02/13 21:53:25 | 00,000,985 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
daas_s.dll -> %UserProfile%\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> [2008/02/27 15:59:28 | 00,495,616 | ---- | M] (F-Secure Corporation)

by **Jishi** » March 12th, 2009, 1:16 pm

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\x8254\x9cc0]
"Order"=hex:08,00,00,00,02,00,00,00,76,01,00,00,01,00,00,00,03,00,00,00,7a,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Deleted items\000C53BF-00000012.eml:OEStandardProperty 1600 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Deleted items\05CC0104-00000016.eml:OEStandardProperty 1966 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Deleted items\3357205B-00000017.eml:OEStandardProperty 1568 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Deleted items\407916F5-00000013.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Deleted items\475754F4-00000010.eml:OEStandardProperty 1686 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Deleted items\59075A91-00000015.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Deleted items\74EE1981-00000011.eml:OEStandardProperty 1778 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Deleted items\75384EBA-00000014.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Drafts\59995F43-00000001.eml:OEStandardProperty 1208 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Drafts\6F673C81-00000002.eml:OEStandardProperty 1108 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Drafts\79D13C74-00000003.eml:OEStandardProperty 1196 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\00891BCE-00000079.eml:OEStandardProperty 1150 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\009F2E2C-00000034.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\00A71BC6-0000004D.eml:OEStandardProperty 1114 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\02346C1A-0000002C.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\023A6C14-000000B9.eml:OEStandardProperty 1266 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\023E0E2B-00000098.eml:OEStandardProperty 1166 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\02764790-00000095.eml:OEStandardProperty 926 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\02C77FE6-00000059.eml:OEStandardProperty 1168 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\046E737F-00000076.eml:OEStandardProperty 1150 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\04A154F0-00000018.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\05F4738D-0000007A.eml:OEStandardProperty 1300 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\06685AD7-0000008F.eml:OEStandardProperty 1308 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\06883ACB-00000062.eml:OEStandardProperty 1168 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\074C6DAC-000000B0.eml:OEStandardProperty 1104 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\08DB2771-00000032.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0A037607-00000003.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\33FE675D-00000029.eml:OEStandardProperty 1328 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\34FE247B-000000C1.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\3598174B-0000000C.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\35E34584-00000097.eml:OEStandardProperty 1166 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\363D5535-00000054.eml:OEStandardProperty 1138 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\373A7082-00000061.eml:OEStandardProperty 1180 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\38A62D85-00000023.eml:OEStandardProperty 1224 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\38AF07F1-0000006A.eml:OEStandardProperty 1226 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\38F17F62-0000003D.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4C006E72-000000AB.eml:OEStandardProperty 1166 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4CEF4651-0000009D.eml:OEStandardProperty 1292 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4DB47CBC-00000038.eml:OEStandardProperty 1156 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4E246DA0-000000A9.eml:OEStandardProperty 1242 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4E951569-000000AA.eml:OEStandardProperty 1298 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4EB74B65-000000CD.eml:OEStandardProperty 1190 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4F6C628D-00000074.eml:OEStandardProperty 1210 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4FAE0641-000000B7.eml:OEStandardProperty 1308 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\506438C2-000000AF.eml:OEStandardProperty 1104 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\217F0908-00000026.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\23B06406-00000004.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\24081B9B-0000007C.eml:OEStandardProperty 1240 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\248A1DA7-0000001C.eml:OEStandardProperty 1162 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\25360F33-0000005A.eml:OEStandardProperty 1162 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\25B52129-000000A8.eml:OEStandardProperty 1350 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\286C1FCF-0000008A.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\288D6DE1-0000006D.eml:OEStandardProperty 1222 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\2A741555-00000091.eml:OEStandardProperty 924 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\2B7F175F-00000058.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\2BC24C4A-00000006.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\6C922021-00000055.eml:OEStandardProperty 1120 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\6E481B31-000000A1.eml:OEStandardProperty 1234 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\6FE0671D-00000065.eml:OEStandardProperty 1132 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\70602CB7-00000051.eml:OEStandardProperty 1138 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\71860897-000000C9.eml:OEStandardProperty 1240 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\72AE6952-00000005.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\72B72348-000000A3.eml:OEStandardProperty 1090 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\739874A3-0000001F.eml:OEStandardProperty 1160 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\739F0E9C-0000005B.eml:OEStandardProperty 1172 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\741368C4-000000BC.eml:OEStandardProperty 1298 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\74585236-0000003B.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\40650293-00000088.eml:OEStandardProperty 1334 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\41521746-0000004B.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\41734905-00000089.eml:OEStandardProperty 1234 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\42466A86-0000005E.eml:OEStandardProperty 1168 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\43994DCF-0000000F.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\43A35E16-000000B5.eml:OEStandardProperty 1188 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\440D621A-00000050.eml:OEStandardProperty 918 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\445D2E9C-00000069.eml:OEStandardProperty 1172 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4497083F-000000D4.eml:OEStandardProperty 1298 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\44AC6319-000000A7.eml:OEStandardProperty 1032 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\45AF0301-000000A0.eml:OEStandardProperty 1234 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\462E0878-0000006C.eml:OEStandardProperty 1032 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\46363345-0000001D.eml:OEStandardProperty 1150 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\467E3AEE-0000003C.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0F7B3865-0000002A.eml:OEStandardProperty 1124 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\211D1153-0000001A.eml:OEStandardProperty 1126 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\33F52F1D-00000011.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\40546957-00000021.eml:OEStandardProperty 1238 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\510D2E8E-0000008B.eml:OEStandardProperty 1334 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\63232F3A-00000025.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\6B1C34D5-0000002E.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0FE000E5-00000060.eml:OEStandardProperty 1262 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\108E4146-0000001E.eml:OEStandardProperty 1312 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\10B14FFB-0000007E.eml:OEStandardProperty 1170 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\11520317-00000093.eml:OEStandardProperty 926 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\11930BF2-00000027.eml:OEStandardProperty 1162 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\128A45B9-000000B2.eml:OEStandardProperty 1042 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\13393F4A-0000009B.eml:OEStandardProperty 1272 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\141F0F8D-0000004A.eml:OEStandardProperty 1242 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\14E77A49-000000AE.eml:OEStandardProperty 902 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\15607F27-00000047.eml:OEStandardProperty 1394 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\16630C2A-000000C0.eml:OEStandardProperty 1342 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\16931ED5-0000005C.eml:OEStandardProperty 1210 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\18142919-0000004F.eml:OEStandardProperty 1192 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\19260006-000000C6.eml:OEStandardProperty 1502 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\193C64C5-0000002F.eml:OEStandardProperty 1190 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\63BF52C4-0000001B.eml:OEStandardProperty 1160 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\6462769C-00000041.eml:OEStandardProperty 1336 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\64996359-0000005F.eml:OEStandardProperty 1432 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\64CE7918-0000005D.eml:OEStandardProperty 3904 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\64FC2D20-00000053.eml:OEStandardProperty 1304 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\65424F1A-00000078.eml:OEStandardProperty 1120 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\655C26B7-00000035.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\669D7B81-000000A6.eml:OEStandardProperty 1242 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\66B570CF-00000083.eml:OEStandardProperty 1102 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\682D233F-0000003F.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\68E25A7C-0000000D.eml:OEStandardProperty 1320 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\697B792B-000000B4.eml:OEStandardProperty 1048 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\69A03F9E-000000D1.eml:OEStandardProperty 1214 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\69F33905-0000009F.eml:OEStandardProperty 1050 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\19EE5875-00000068.eml:OEStandardProperty 1172 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\1AC05BCE-00000039.eml:OEStandardProperty 1220 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\1C706C8A-00000044.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\1CA55919-00000070.eml:OEStandardProperty 1162 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\1E374207-00000009.eml:OEStandardProperty 1104 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\1F000F79-00000046.eml:OEStandardProperty 1228 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\1F1E47A1-00000002.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\1F7F2E81-0000009A.eml:OEStandardProperty 1166 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\1F9E3FA3-00000030.eml:OEStandardProperty 1228 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\1FEB7D75-00000082.eml:OEStandardProperty 1304 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\20A43EDF-00000090.eml:OEStandardProperty 926 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\20EC6C92-00000052.eml:OEStandardProperty 1388 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0A840D76-00000092.eml:OEStandardProperty 926 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0B0E188E-00000048.eml:OEStandardProperty 1342 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0B4427FF-00000080.eml:OEStandardProperty 1250 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0B6C1874-00000094.eml:OEStandardProperty 926 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0B860550-00000001.eml:OEStandardProperty 1112 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0B8B6F6A-000000B3.eml:OEStandardProperty 1040 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0B926F89-00000096.eml:OEStandardProperty 1166 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0D515669-0000004C.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0D627F16-000000BF.eml:OEStandardProperty 1298 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0D633309-0000006F.eml:OEStandardProperty 1108 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0DAC0209-00000007.eml:OEStandardProperty 1112 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0DBA747E-00000072.eml:OEStandardProperty 1102 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0DDB6454-00000075.eml:OEStandardProperty 1174 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\0E840165-0000002D.eml:OEStandardProperty 1118 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\46D55838-0000007B.eml:OEStandardProperty 1292 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\473241DC-00000063.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\47333348-00000019.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\478675DE-00000066.eml:OEStandardProperty 1136 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\485E02FD-00000033.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4928575F-00000037.eml:OEStandardProperty 1116 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\49B27ED4-000000B8.eml:OEStandardProperty 1308 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\49BE3866-000000B1.eml:OEStandardProperty 894 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4A1C2349-00000081.eml:OEStandardProperty 1178 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4A4616DB-00000012.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4A5F62F5-00000077.eml:OEStandardProperty 1258 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4A8D09C8-000000C4.eml:OEStandardProperty 1452 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\4B1E43BF-00000013.eml:OEStandardProperty 1350 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\2C87789F-00000028.eml:OEStandardProperty 1112 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\2D1C3FC1-000000D2.eml:OEStandardProperty 1238 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\2DDA7B25-000000B6.eml:OEStandardProperty 932 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\2F506B32-00000014.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\2F767BF5-0000008D.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\2FAA7C4D-00000085.eml:OEStandardProperty 1060 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\2FE07653-00000057.eml:OEStandardProperty 1096 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\315C7E56-00000016.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\31D05E54-0000009E.eml:OEStandardProperty 1272 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\32036336-0000003A.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\33164EA9-00000031.eml:OEStandardProperty 1220 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\333C3E40-0000000E.eml:OEStandardProperty 1750 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\335067B5-0000003E.eml:OEStandardProperty 1240 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\57807A0C-00000042.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\5BB22252-000000BD.eml:OEStandardProperty 1212 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\5C0B7485-0000008C.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\5D157585-00000071.eml:OEStandardProperty 1150 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\5DD97C08-0000006E.eml:OEStandardProperty 1132 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\5E9E17CB-00000084.eml:OEStandardProperty 1190 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\5EC95ED7-00000045.eml:OEStandardProperty 1340 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\5EED362E-00000043.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\5FEF5273-00000064.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\60767986-000000C3.eml:OEStandardProperty 1244 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\620A1F62-0000002B.eml:OEStandardProperty 1088 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\74E243D1-00000024.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\75A04224-00000049.eml:OEStandardProperty 1276 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\76384269-00000073.eml:OEStandardProperty 1162 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\776612A6-000000A5.eml:OEStandardProperty 908 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\77950CF9-00000022.eml:OEStandardProperty 1184 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\77BD1ED2-000000A4.eml:OEStandardProperty 1148 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\78171773-00000010.eml:OEStandardProperty 1232 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\78E31BCF-000000BE.eml:OEStandardProperty 1238 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\7A931126-00000036.eml:OEStandardProperty 1326 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\7C520A60-000000D3.eml:OEStandardProperty 1238 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\7D161E51-000000BA.eml:OEStandardProperty 1292 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\7E4F1276-00000086.eml:OEStandardProperty 1190 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\7EA00A42-000000AD.eml:OEStandardProperty 1044 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\7EEB304A-000000A2.eml:OEStandardProperty 1234 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\7EF863D6-00000015.eml:OEStandardProperty 1234 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\38F61DD7-00000017.eml:OEStandardProperty 1220 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\39322566-00000020.eml:OEStandardProperty 1298 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\39E84C40-0000006B.eml:OEStandardProperty 1126 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\3C455372-00000040.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\3D917CAD-0000004E.eml:OEStandardProperty 1150 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\3E0B1410-000000BB.eml:OEStandardProperty 1268 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\3E1E4380-0000009C.eml:OEStandardProperty 1268 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\3E284CD2-000000AC.eml:OEStandardProperty 1166 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\3EC8018A-000000C2.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\3F365927-0000008E.eml:OEStandardProperty 1208 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\3F834438-0000000A.eml:OEStandardProperty 1280 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\51AC027B-00000087.eml:OEStandardProperty 1354 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\51B42BC8-000000CF.eml:OEStandardProperty 908 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\530D04A8-0000007D.eml:OEStandardProperty 1420 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\552E50C9-00000056.eml:OEStandardProperty 1478 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\55446BC8-00000099.eml:OEStandardProperty 1166 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\561B6D30-0000007F.eml:OEStandardProperty 1246 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\565323EB-00000067.eml:OEStandardProperty 1156 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\56CF3453-0000000B.eml:OEStandardProperty 1392 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Inbox\57186E66-00000008.eml:OEStandardProperty 1064 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\0AA27C25-00000011.eml:OEStandardProperty 1238 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\0BAF38AC-00000005.eml:OEStandardProperty 1030 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\1BC6039E-00000008.eml:OEStandardProperty 1028 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\28DB46F1-00000010.eml:OEStandardProperty 1130 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\2C924E04-00000003.eml:OEStandardProperty 1416 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\30027C2B-00000007.eml:OEStandardProperty 1036 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\311D7E76-00000004.eml:OEStandardProperty 1194 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\3F4D1D09-00000009.eml:OEStandardProperty 1060 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\47DD7FC1-0000000C.eml:OEStandardProperty 1086 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\522C05AE-0000000A.eml:OEStandardProperty 1054 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\566A66FF-00000006.eml:OEStandardProperty 1040 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\60545E68-00000001.eml:OEStandardProperty 1052 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\610C6B87-0000000E.eml:OEStandardProperty 1060 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\63AF073F-00000002.eml:OEStandardProperty 1038 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\6C314AF8-0000000D.eml:OEStandardProperty 1252 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\7895250A-0000000B.eml:OEStandardProperty 1216 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (ji 459\Sent items\7A2247A2-0000000F.eml:OEStandardProperty 1056 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\00565989-00000012.rss:OEStandardProperty 1108 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\05ED251A-00000011.rss:OEStandardProperty 1156 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\06A0742F-0000001B.rss:OEStandardProperty 1132 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\0DAF70AD-00000013.rss:OEStandardProperty 1270 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\131B2BA8-0000001F.rss:OEStandardProperty 1106 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\176F4B21-00000007.rss:OEStandardProperty 1204 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\18AC0D8C-00000009.rss:OEStandardProperty 1204 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\19B6754D-0000000D.rss:OEStandardProperty 1204 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\20C84B5B-0000001C.rss:OEStandardProperty 1162 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\28483425-00000003.rss:OEStandardProperty 1228 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\2E5B617A-00000001.rss:OEStandardProperty 1180 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\315944F9-00000008.rss:OEStandardProperty 1144 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\31EE16B2-00000017.rss:OEStandardProperty 1198 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\371F36AD-00000004.rss:OEStandardProperty 1318 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\383340F9-00000002.rss:OEStandardProperty 1294 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\45075334-00000016.rss:OEStandardProperty 1126 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\49FC64BF-0000001D.rss:OEStandardProperty 1144 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\4BF832BC-0000000A.rss:OEStandardProperty 1210 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\4D545AB0-00000014.rss:OEStandardProperty 1264 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\4F7F71F8-00000018.rss:OEStandardProperty 1180 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\5B754188-0000001E.rss:OEStandardProperty 1072 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\5D603663-00000019.rss:OEStandardProperty 1210 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\5DC54DFF-0000000F.rss:OEStandardProperty 1234 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\5E3B66D1-00000006.rss:OEStandardProperty 1174 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\5E937D84-0000001A.rss:OEStandardProperty 1252 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\6A0117C1-00000005.rss:OEStandardProperty 1126 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\6A247508-0000000C.rss:OEStandardProperty 1222 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\6C14612D-00000015.rss:OEStandardProperty 1108 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\6CC2366D-0000000B.rss:OEStandardProperty 1144 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\70245769-00000010.rss:OEStandardProperty 1264 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823\789713B8-0000000E.rss:OEStandardProperty 1234 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\26E901EB-00000008.rss:OEStandardProperty 1132 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\00294823-00000001.rss:OEStandardProperty 1228 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\0124305E-0000000D.rss:OEStandardProperty 1234 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\0BB32EA6-00000009.rss:OEStandardProperty 1132 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\0F3E0099-0000000C.rss:OEStandardProperty 1204 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\12DB153C-0000000A.rss:OEStandardProperty 1270 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\16496DF1-00000006.rss:OEStandardProperty 1210 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\18BE6784-00000002.rss:OEStandardProperty 1198 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\2CD672AE-00000004.rss:OEStandardProperty 1216 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\440D491C-0000000E.rss:OEStandardProperty 1330 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\4AE13D6C-00000003.rss:OEStandardProperty 1264 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\5AF141BB-00000007.rss:OEStandardProperty 1366 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\69525F90-00000005.rss:OEStandardProperty 1258 bytes
C:\Documents and Settings\JsL\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be\7E87390C-0000000B.rss:OEStandardProperty 1312 bytes
scan completed successfully
hidden files: 283

< End of report >
[/code]

by **peku006** » March 12th, 2009, 1:49 pm

Hi Jishi

Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code: Select all

[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "CPM937d0ee6" -> %SystemRoot%\system32\wiwijadu.DLL [Rundll32.exe "c:\windows\system32\wiwijadu.dll",a]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> Reg Error: Key error. [SSODL]
[Files/Folders - Created Within 30 Days]
NY -> pakegafi -> %SystemRoot%\System32\pakegafi
[Files/Folders - Modified Within 30 Days]
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

by **Jishi** » March 12th, 2009, 4:21 pm

Hi peku, thanks for the quick reply.

[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CPM937d0ee6 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\pakegafi moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\JsL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.8.0 fix logfile created on 03122009_162008

by **peku006** » March 13th, 2009, 2:35 am

Hi Jishi
How's the computer running now? Any problems?

Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

Please reply with

a fresh HijackThis log

Thanks peku006

Free Malware Removal Forum

rundell error

rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Re: rundell error

Who is online