Solved Task Manager, Folder Options and Registry Editing Disabled

deadlyg · 2010/10/25

[Resolved] Task Manager, Folder Options and Registry Editing Disabled

My computer is infected with a virus. When I try to open Task Manager, it says "Task Manager has been disabled by your administrator." same goes with Registry Editing and my Folder Options are missing.

I've tried searching for solutions on the internet and here in the forums, but they aren't working. Well, they work but when I restart my computer the problems comes back.

Any ideas on how I can solve this? Any help would be gladly appreciated.

DDS logs:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/19/2009 2:42:56 PM
System Uptime: 10/26/2010 10:46:09 AM (1 hours ago)

Motherboard: BIOSTAR Group | | P4M89-M7A
Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz | Socket 775 | 800/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 78 GiB total, 55.979 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 9.374 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 19 GiB total, 0.333 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Service:

==== System Restore Points ===================

RP1: 10/26/2010 1:05:41 AM - System Checkpoint

==== Installed Programs ======================

"Nero SoundTrax Help
A4 TECH PC Camera H
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
AndreaMosaic 3.32.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 10.0.1
BandMaster
BitDefender Total Security 2010
Bonjour
CCleaner
Chikka Messenger V4
Compatibility Pack for the 2007 Office system
Connect
CopyTrans Suite Remove Only
Defraggler
DemonRO Mini
DolbyFiles
Dr Jekill
Facebook Plug-In
GoldWave v5.19
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotspot Shield 1.47
ICQ7
Image Resizer Powertoy for Windows XP
ImagXpress
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
K-Lite Codec Pack 4.8.0 (Full)
kuler
Magic ISO Maker v5.5 (build 0281)
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Movie Templates - Starter Kit
Mozilla Firefox (3.6.11)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 6.0 Parser (KB925673)
Nero Burning ROM Help
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
NeroLiveGadget
NeroLiveGadget Help
neroxml
Nokia Connectivity Cable Driver
NVIDIA Drivers
Oddworld Abe's Oddysee
osu!
PDF Settings CS4
Photoshop Camera Raw
PhotoTools 2.5 Professional Edition
Pixel Bender Toolkit
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.2.3
Segoe UI
Skypeâ„¢ 4.2
SoundTrax
Suite Shared Configuration CS4
Task Killer (remove only)
VDOTool 6.4
Vegas Pro 9.0
VIA Rhine-Family Fast Ethernet Adapter
Warcraft III: All Products
WebFldrs XP
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Writer
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
Xilisoft Video Converter Ultimate 6
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yu-Gi-Oh! Power of Chaos JOEY THE PASSION

==== Event Viewer Messages From Past Week ========

10/26/2010 12:56:21 AM, error: PlugPlayManager [11] - The device Root\LEGACY_HWINTERFACE\0000 disappeared from the system without first being prepared for removal.
10/26/2010 12:36:20 AM, error: Service Control Manager [7031] - The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.
10/25/2010 7:36:08 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D.
10/25/2010 11:16:37 AM, error: Dhcp [1002] - The IP address lease 10.34.32.39 for the Network Card with network address 00FFE8D68A9F has been denied by the DHCP server 10.66.63.254 (The DHCP Server sent a DHCPNACK message).
10/25/2010 11:08:02 AM, error: Dhcp [1002] - The IP address lease 10.9.32.39 for the Network Card with network address 00FFE8D68A9F has been denied by the DHCP server 10.34.39.254 (The DHCP Server sent a DHCPNACK message).
10/22/2010 6:27:48 PM, error: Service Control Manager [7000] - The Kaspersky Internet Security service failed to start due to the following error: The system cannot find the path specified.
10/22/2010 11:36:02 PM, error: Dhcp [1002] - The IP address lease 10.51.64.45 for the Network Card with network address 00FFE8D68A9F has been denied by the DHCP server 10.9.39.254 (The DHCP Server sent a DHCPNACK message).
10/22/2010 11:28:32 PM, error: Dhcp [1002] - The IP address lease 10.58.64.34 for the Network Card with network address 00FFE8D68A9F has been denied by the DHCP server 10.51.71.254 (The DHCP Server sent a DHCPNACK message).
10/22/2010 11:17:07 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
10/21/2010 6:15:40 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
10/21/2010 6:15:39 PM, error: SRService [104] - The System Restore initialization process failed.
10/19/2010 9:10:01 PM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 00E04D3451E9 has been denied by the DHCP server 172.16.1.11 (The DHCP Server sent a DHCPNACK message).
10/19/2010 6:32:56 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
10/19/2010 6:31:53 PM, error: Dhcp [1002] - The IP address lease 10.20.3.23 for the Network Card with network address 00E04D3451E9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

DDS (Ver_10-10-21.02) - NTFSx86
Run by Shun Jokah at 11:26:29.81 on Tue 10/26/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.865 [GMT 7:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscript.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
D:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Hotspot Shield\bin\openvpnas.exe
D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
D:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Documents and Settings\Shun Jokah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Shun Jokah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shun Jokah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shun Jokah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shun Jokah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shun Jokah\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.redtube.com/
uStart Page = hxxp://www.redtube.com/
uWindow Title = SoWar Browser
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - Windows Live Toolbar Helper
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} -
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - d:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [H/PC Connection Agent] "d:\program files\microsoft activesync\wcescomm.exe "
uRun: [Google Update] "c:\documents and settings\shun jokah\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BDAgent] "d:\program files\bitdefender\bitdefender 2010\bdagent.exe "
mRun: [VMSnap3] c:\windows\VMSnap3.EXE
mRun: [Domino] c:\windows\Domino.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [RawOs] wscript.exe "c:\windows\sowar.vbs "
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - d:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: {88EB38EF-4D2C-436D-ABD3-56B232674062} - d:\program files\icq7.0\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\microsoft office\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232744385484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232744358484
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shunjo~1\applic~1\mozilla\firefox\profiles\tklqfn6x.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified

============= SERVICES / DRIVERS ===============

R2 BDVEDISK;BDVEDISK;d:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-4-2 83208]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2007-4-19 54752]
R2 HssWd;Hotspot Shield Monitoring Service;d:\program files\hotspot shield\bin\hsswd.exe -product hss --> d:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-30 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-8-7 110984]
R3 slnt;RTL8139D PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2009-1-19 18004]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-2-1 428160]
S2 AVP;Kaspersky Internet Security; "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" -r --> c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [?]
S3 ADASPROT;SYSTWEAKASO;\??\d:\program files\advanced system optimizer 3\adasprot32.sys --> d:\program files\advanced system optimizer 3\adasprot32.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-6-26 183880]
S3 fsssvc;Windows Live Family Safety Service; [x]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\shunjo~1\locals~1\temp\aqa32c5.tmp --> c:\docume~1\shunjo~1\locals~1\temp\AQA32C5.tmp [?]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys --> c:\windows\system32\drivers\klim5.sys [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys --> c:\windows\system32\drivers\klmouflt.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-7-9 27064]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 XDva296;XDva296;\??\c:\windows\system32\xdva296.sys --> c:\windows\system32\XDva296.sys [?]
S3 XDva369;XDva369;\??\c:\windows\system32\xdva369.sys --> c:\windows\system32\XDva369.sys [?]

=============== Created Last 30 ================

2010-10-25 17:42:08 79872 ----a-w- c:\windows\MBR.exe
2010-10-25 17:42:08 256512 ----a-w- c:\windows\PEV.exe
2010-10-25 17:42:08 161792 ----a-w- c:\windows\SWREG.exe
2010-10-25 17:42:07 98816 ----a-w- c:\windows\sed.exe
2010-10-25 10:37:29 2959 --sha-r- c:\windows\sowar.vbs
2010-10-24 12:38:10 -------- d-----w- c:\windows\Oddworld Abe's Oddysee
2010-10-21 04:58:26 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-10-21 04:58:26 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-10-17 08:22:31 -------- d-----w- c:\docume~1\shunjo~1\applic~1\runic games
2010-10-12 04:47:45 -------- d-----w- c:\docume~1\shunjo~1\applic~1\Ashampoo
2010-10-12 04:45:58 -------- d-----w- c:\docume~1\shunjo~1\locals~1\applic~1\ashampoo
2010-10-12 04:45:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\ashampoo

==================== Find3M ====================

2010-09-17 17:10:14 65536 ----a-w- c:\windows\IFinst27.exe
2010-09-14 21:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-14 19:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-09 22:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-09 22:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 11:27:38.34 ===============

broni · 2010/10/26

Assuming, BitDefender is your current security program, you have some Kaspersky's leftovers. Please run this tool to remove them: http://support.kasperskyamericas.com/knowledge-base-article/1464

================================================================

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

deadlyg · 2010/10/27

Thanks for replying broni!

Kaspersky Remover -- Done!

STEP 1 -- When I clicked Remove Selected, this prompted "Certains items could not be removed. A log file has been saved to the logs folder."

Here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4959

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/27/2010 12:01:26 PM
mbam-log-2010-10-27 (12-01-26).txt

Scan type: Quick scan
Objects scanned: 142531
Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rawos (Worm.AutoRun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.redtube.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title (Hijacked.WindowTitle) -> Bad: (SoWar Browser) Good: (Internet Explorer) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\IFinst27.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\sowar.vbs (Worm.AutoRun) -> Quarantined and deleted successfully.

STEP 2 -- Here is the log:

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-27 13:15:22
Windows 5.1.2600 Service Pack 3
Running: fggcyjb6.exe; Driver: C:\DOCUME~1\SHUNJO~1\LOCALS~1\Temp\pxtdypob.sys

---- System - GMER 1.0.15 ----

SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAllocateVirtualMemory [0xB4D6BD02]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAssignProcessToJobObject [0xB4D6C06E]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwConnectPort [0xB4D6D23C]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateFile [0xB4D6CA52]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateKey [0xB4D6D6A6]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcess [0xB4D6C1B8]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcessEx [0xB4D6C23A]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateSection [0xB4D6C876]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateThread [0xB4D6B904]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDeviceIoControlFile [0xB4D6D7A6]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDuplicateObject [0xB4D7028C]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwFsControlFile [0xB4D6D8E4]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwLoadDriver [0xB4D6E1F6]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenFile [0xB4D6C966]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenProcess [0xB4D6FFDE]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenSection [0xB4D6C796]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenThread [0xB4D7010C]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwProtectVirtualMemory [0xB4D6BC00]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwQueueApcThread [0xB4D6C110]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestPort [0xB4D6D2CC]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestWaitReplyPort [0xB4D6D088]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSecureConnectPort [0xB4D6D456]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetContextThread [0xB4D6B9F4]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSystemInformation [0xB4D6BE06]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendProcess [0xB4D6BB62]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendThread [0xB4D6BAC4]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSystemDebugControl [0xB4D6BFCC]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateProcess [0xB4D6FF4E]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateThread [0xB4D7039A]
SSDT \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwWriteVirtualMemory [0xB4D6B802]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [62, BB, D6, B4, C4, BA, D6, ...]
? maaruv.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB91AB360, 0x32E00D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFF 0x8B 0x84 0x60 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x03 0x72 0xB0 0x47 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x82 0x05 0x16 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x48 0x14 0xD9 0x4A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5596853c-627b-4d23-824a-4011f778219d}@Model 357
Reg HKLM\SOFTWARE\Classes\CLSID\{5596853c-627b-4d23-824a-4011f778219d}@Therad 21
Reg HKLM\SOFTWARE\Classes\CLSID\{5596853c-627b-4d23-824a-4011f778219d}@MData 0x73 0xD5 0xCF 0xB8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xB3 0xEB 0x43 0xB9 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906 0 bytes
File C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\WindowsXP-KB974571-x86-express-ENU.cab 244375 bytes
File C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\_downloadprogress_.state 4 bytes
File C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\_usedelta_.state 34 bytes

---- EOF - GMER 1.0.15 ----

STEP 3 -- Here is the log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBADA8000 \WINDOWS\system32\KDCOM.DLL
0xBACB8000 \WINDOWS\system32\BOOTVID.dll
0xBA8A8000 maaruv.sys
0xBA779000 ACPI.sys
0xBADAA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA768000 pci.sys
0xBA8B8000 isapnp.sys
0xBAE70000 pciide.sys
0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBADAC000 viaide.sys
0xBA8C8000 MountMgr.sys
0xBA749000 ftdisk.sys
0xBADAE000 dmload.sys
0xBA723000 dmio.sys
0xBAB30000 PartMgr.sys
0xBA8D8000 VolSnap.sys
0xBA70B000 atapi.sys
0xBA8E8000 disk.sys
0xBA8F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA6EB000 fltMgr.sys
0xBA6D9000 sr.sys
0xBA693000 bdfsfltr.sys
0xBA67C000 KSecDD.sys
0xBA669000 WudfPf.sys
0xBA5DC000 Ntfs.sys
0xBA5AF000 NDIS.sys
0xBAB38000 viaagp1.sys
0xBA595000 Mup.sys
0xBA908000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB91AB000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9197000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9B2B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9B1B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9B0B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9174000 \SystemRoot\system32\DRIVERS\ks.sys
0xBABF8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBAC00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9150000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBAC08000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9AFB000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xBAC10000 \SystemRoot\system32\DRIVERS\slnt.sys
0xBAC18000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB9AEB000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA56D000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB913C000 \SystemRoot\system32\DRIVERS\parport.sys
0xB9ADB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBAC20000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9114000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBAEED000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9ACB000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0xB9ABB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA569000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB90FD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9AAB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9A9B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBAC28000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB90EC000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA938000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBAC30000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBAC38000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBAC40000 \SystemRoot\system32\DRIVERS\taphss.sys
0xB90BC000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA948000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBAC48000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB90A2000 \SystemRoot\system32\DRIVERS\bdfndisf.sys
0xBADCA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9044000 \SystemRoot\system32\DRIVERS\update.sys
0xBA53D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8BB2000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB8B8E000 \SystemRoot\system32\drivers\portcls.sys
0xBA958000 \SystemRoot\system32\drivers\drmk.sys
0xBA968000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA978000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBADCE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBAC58000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBADD0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBAF7B000 \SystemRoot\System32\Drivers\Null.SYS
0xBADD2000 \SystemRoot\System32\Drivers\Beep.SYS
0xBAC68000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBAC70000 \SystemRoot\System32\drivers\vga.sys
0xB64F6000 \SystemRoot\System32\Drivers\usbVM303.sys
0xBA998000 \SystemRoot\System32\Drivers\STREAM.SYS
0xB648D000 \SystemRoot\system32\drivers\vmfilter303.sys
0xBA555000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA9A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBADD4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBADD6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBAC78000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAC80000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8B8A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB647A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6421000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB63FB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB63DF000 \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
0xB63B7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA9B8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB6395000 \SystemRoot\System32\drivers\afd.sys
0xBA9C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6342000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB62D2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB620E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB8B5A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB61F6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBADD8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB8B4E000 \SystemRoot\System32\drivers\Dxapi.sys
0xBAC88000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xBAFCA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB60E5000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xB6029000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB60D5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB5CD8000 \SystemRoot\system32\drivers\wdmaud.sys
0xB5E4D000 \SystemRoot\system32\drivers\sysaudio.sys
0xB6272000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBADC2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBADC4000 \SystemRoot\System32\Drivers\TBPanel.SYS
0xB50CB000 \??\D:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
0xB4FB1000 \SystemRoot\system32\DRIVERS\srv.sys
0xB4D69000 \??\D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys
0xB4A62000 \SystemRoot\system32\drivers\bdfm.sys
0xB4A49000 \SystemRoot\system32\drivers\BDHV.SYS
0xB49E2000 \??\C:\DOCUME~1\SHUNJO~1\LOCALS~1\Temp\pxtdypob.sys
0xB4917000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
448 C:\WINDOWS\system32\smss.exe
632 csrss.exe
652 C:\WINDOWS\system32\winlogon.exe
704 C:\WINDOWS\system32\services.exe
708 C:\WINDOWS\system32\lsass.exe
968 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1308 C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
1336 D:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
1424 C:\WINDOWS\system32\svchost.exe
1640 svchost.exe
536 C:\WINDOWS\system32\spoolsv.exe
640 C:\WINDOWS\explorer.exe
1172 D:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
1200 C:\WINDOWS\vmsnap3.exe
1204 C:\WINDOWS\Domino.exe
1216 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1228 C:\Program Files\iTunes\iTunesHelper.exe
1260 D:\Program Files\Microsoft ActiveSync\wcescomm.exe
1292 C:\WINDOWS\system32\ctfmon.exe
256 D:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
588 D:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
1660 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1692 C:\WINDOWS\system32\ASTSRV.EXE
1704 C:\Program Files\Bonjour\mDNSResponder.exe
1268 D:\Program Files\Hotspot Shield\bin\openvpnas.exe
496 D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
464 D:\Program Files\Hotspot Shield\bin\hsswd.exe
1604 C:\Program Files\Java\jre6\bin\jqs.exe
1468 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
1556 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1740 C:\WINDOWS\system32\svchost.exe
2340 C:\Program Files\iPod\bin\iPodService.exe
2816 alg.exe
2868 C:\WINDOWS\system32\wscntfy.exe
1528 D:\Program Files\Hotspot Shield\bin\openvpntray.exe
3124 C:\WINDOWS\system32\wuauclt.exe
2056 C:\Documents and Settings\Shun Jokah\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`8836ac00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: HitachiHDS721616PLAT80, Rev: P22OA8BA
PhysicalDrive1 Model Number: QUANTUMFIREBALLlct1520, Rev: A01.0F00

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
18 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

deadlyg · 2010/10/27

Sorry to double post but my Task Manager and Registry Editor is now working. Thanks! Only problem left now is my Folder Options is still missing/disabled.

broni · 2010/10/27

I'm glad to see some issues as being fixed
We're definitely not done, yet.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

deadlyg · 2010/10/28

Here is the ComboFix log:

ComboFix 10-10-27.01 - Shun Jokah 10/28/2010 12:55:14.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.987 [GMT 7:00]
Running from: c:\documents and settings\Shun Jokah\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-27 04:45 . 2010-10-27 04:45 -------- d-----w- c:\documents and settings\Shun Jokah\Application Data\Malwarebytes
2010-10-27 04:45 . 2010-04-29 08:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 04:45 . 2010-10-27 04:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 04:45 . 2010-10-27 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-27 04:45 . 2010-04-29 08:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-24 12:38 . 2010-10-24 12:38 -------- d-----w- c:\windows\Oddworld Abe's Oddysee
2010-10-21 04:58 . 2008-04-13 17:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-10-21 04:58 . 2008-04-13 17:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-10-17 08:22 . 2010-10-17 08:22 -------- d-----w- c:\documents and settings\Shun Jokah\Application Data\runic games
2010-10-15 01:34 . 2010-10-15 01:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-10-12 04:47 . 2010-10-12 04:48 -------- d-----w- c:\documents and settings\Shun Jokah\Application Data\Ashampoo
2010-10-12 04:45 . 2010-10-12 04:47 -------- d-----w- c:\documents and settings\Shun Jokah\Local Settings\Application Data\ashampoo
2010-10-12 04:45 . 2010-10-12 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 21:50 . 2010-05-09 00:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-14 19:29 . 2009-01-21 00:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-09 22:15 . 2010-08-09 22:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-09 22:15 . 2010-08-09 22:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2010-10-25_17.58.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-28 03:32 . 2010-10-28 03:32 16384 c:\windows\Temp\Perflib_Perfdata_1f8.dat
+ 2008-08-16 12:09 . 2009-08-06 12:24 44768 c:\windows\system32\wups2.dll
+ 2009-01-19 07:36 . 2009-08-06 12:24 35552 c:\windows\system32\wups.dll
+ 2009-01-19 07:36 . 2009-08-06 12:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-10-27 03:24 . 2009-08-06 12:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-10-27 03:24 . 2009-08-06 12:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-04-14 12:00 . 2010-10-26 14:03 72398 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-07-22 16:04 72398 c:\windows\system32\perfc009.dat
+ 2009-01-19 07:36 . 2009-08-06 12:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-01-19 07:36 . 2009-08-06 12:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-08-16 12:09 . 2009-08-06 12:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-08-16 12:09 . 2009-08-06 12:24 96480 c:\windows\system32\cdm.dll
+ 2009-01-19 07:36 . 2009-08-06 12:24 209632 c:\windows\system32\wuweb.dll
+ 2009-01-19 07:36 . 2009-08-06 12:24 327896 c:\windows\system32\wucltui.dll
+ 2009-01-19 07:36 . 2009-08-06 12:23 575704 c:\windows\system32\wuapi.dll
+ 2008-04-14 12:00 . 2010-10-26 14:03 444250 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-07-22 16:04 444250 c:\windows\system32\perfh009.dat
+ 2008-07-18 20:07 . 2009-08-06 12:23 215920 c:\windows\system32\muweb.dll
+ 2007-07-30 23:19 . 2009-08-06 12:23 274288 c:\windows\system32\mucltui.dll
+ 2009-01-19 07:36 . 2009-08-06 12:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-01-19 07:36 . 2009-08-06 12:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-01-19 07:36 . 2009-08-06 12:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-01-19 07:36 . 2009-08-06 12:23 1929952 c:\windows\system32\wuaueng.dll
+ 2009-01-19 07:36 . 2009-08-06 12:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update "= "c:\documents and settings\Shun Jokah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"BDAgent "= "d:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-02 1123360]
"VMSnap3 "= "c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino "= "c:\windows\Domino.EXE" [2006-06-29 49152]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-08-09 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"BigDog303 "= "c:\windows\VM303_STI.EXE" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 08:47 31016 ----a-w- d:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 21:33 86016 ------w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe "
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
"VMSnap3 "=c:\windows\VMSnap3.EXE
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP "= 5353:TCP:Adobe CSI CS4

R2 BDVEDISK;BDVEDISK;d:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [4/2/2009 2:25 AM 83208]
R2 HssWd;Hotspot Shield Monitoring Service;d:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> d:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [6/30/2009 5:12 AM 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [8/7/2009 7:34 AM 110984]
R3 slnt;RTL8139D PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [1/19/2009 3:06 PM 18004]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2/1/2009 9:57 AM 428160]
R3 XDva369;XDva369;\??\c:\windows\system32\XDva369.sys --> c:\windows\system32\XDva369.sys [?]
S3 ADASPROT;SYSTWEAKASO;\??\d:\program files\Advanced System Optimizer 3\adasprot32.sys --> d:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [6/26/2009 7:04 AM 183880]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\SHUNJO~1\LOCALS~1\Temp\AQA32C5.tmp --> c:\docume~1\SHUNJO~1\LOCALS~1\Temp\AQA32C5.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7/9/2010 12:05 AM 27064]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/2/2009 9:05 AM 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 04:50]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1682526488-515967899-1003Core.job
- c:\documents and settings\Shun Jokah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-17 18:47]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1682526488-515967899-1003UA.job
- c:\documents and settings\Shun Jokah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-17 18:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Shun Jokah\Application Data\Mozilla\Firefox\Profiles\tklqfn6x.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BandMaster - c:\windows\IFinst27.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 13:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet013\Services\GarenaPEngine]
"ImagePath "= "\??\c:\docume~1\SHUNJO~1\LOCALS~1\Temp\AQA32C5.tmp "

[HKEY_LOCAL_MACHINE\System\ControlSet013\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA "= "<settings expireTime=\ "0\" productStatus=\ "1\" obSize=\ "0\" InstallTS=\ "2145870353\" isSubsc=\ "0\" version=\ "12.0.1\" timeDiff=\ "1\" oldDevice=\ "\" authStatus_ts=\ "0\" /> "
"Device "= "yM29zbvPzMnLvrm+x8fPzce+zro= "
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5596853c-627b-4d23-824a-4011f778219d}]
@Denied: (Full) (Everyone)
"Model "=dword:00000165
"Therad "=dword:00000015
"MData "=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):b3,eb,43,b9,9b,e8,f9,32,0b,5b,2f,cb,38,c3,d5,57,1f,a2,4f,38,25,
56,9f,88,48,2d,15,70,50,90,cf,ff,8f,9f,6d,c0,b2,21,be,9f,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-28 13:04:23
ComboFix-quarantined-files.txt 2010-10-28 06:04
ComboFix2.txt 2010-10-25 18:03

Pre-Run: 59,970,846,720 bytes free
Post-Run: 59,955,769,344 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=13 Default=13 Failed=12 LastKnownGood=14 Sets=1,10,11,12,13,2,3,4,5,6,7,8,9,10,11,12,13,14
- - End Of File - - 8F4434127A5AB1FF096752B7DFE8F67B

broni · 2010/10/28

It looks good

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

deadlyg · 2010/10/28

Here is the log:

OTL.txt

OTL logfile created on: 10/28/2010 2:12:54 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Shun Jokah\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 55.79 Gb Free Space | 71.41% Space Free | Partition Type: NTFS
Drive D: | 70.91 Gb Total Space | 9.53 Gb Free Space | 13.43% Space Free | Partition Type: NTFS
Drive F: | 18.64 Gb Total Space | 0.33 Gb Free Space | 1.79% Space Free | Partition Type: FAT32

Computer Name: SHUN | User Name: Shun Jokah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 14:10:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shun Jokah\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/17 04:16:02 | 000,107,568 | ---- | M] () -- D:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/06/17 04:15:06 | 000,250,416 | ---- | M] () -- D:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/06/17 03:33:44 | 000,322,608 | ---- | M] () -- D:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/06/17 03:33:42 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/04/02 13:27:43 | 001,614,152 | ---- | M] (BitDefender S.R.L.) -- D:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/04/02 13:27:09 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- D:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/04/02 13:25:34 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- D:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/03/15 13:14:19 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/11/20 07:16:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2009/01/15 08:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/06 07:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/07/03 18:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/31 01:58:38 | 000,049,152 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\vmsnap3.exe
PRC - [2006/06/29 08:54:06 | 000,049,152 | ---- | M] (Vimicro) -- C:\WINDOWS\Domino.exe
PRC - [2006/06/21 13:36:22 | 001,207,080 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/06/21 13:36:00 | 000,187,176 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\rapimgr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/28 14:10:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shun Jokah\Desktop\OTL.exe
MOD - [2010/10/15 00:09:19 | 000,237,504 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- D:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_68\midas32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (fsssvc)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/17 04:16:06 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/06/17 04:15:06 | 000,250,416 | ---- | M] () [Auto | Running] -- D:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/06/17 03:33:44 | 000,322,608 | ---- | M] () [Auto | Running] -- D:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/06/17 03:33:42 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/04/17 02:14:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/02 13:27:43 | 001,614,152 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- D:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/02 13:25:45 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/03/15 13:32:35 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2010/03/15 13:14:19 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/11/20 07:16:30 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2009/08/24 14:02:00 | 003,272,820 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/01/15 08:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/06 07:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2006/10/27 15:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\XDva369.sys -- (XDva369)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva296.sys -- (XDva296)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Program Files\aeRO\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\SHUNJO~1\LOCALS~1\Temp\AQA32C5.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\SHUNJO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
DRV - [2010/06/17 03:33:42 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/06/17 03:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/04/02 13:27:51 | 000,110,984 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/04/02 13:27:10 | 000,064,512 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- D:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/04/02 13:25:57 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/04/02 13:25:57 | 000,119,304 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/03/15 13:39:00 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/03/15 13:38:38 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/03/15 13:38:01 | 000,083,208 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- D:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/06 13:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/07 19:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/02/02 09:31:29 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/10/08 04:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/05/03 01:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/03 01:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/14 19:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/17 09:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/17 01:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/17 01:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006/12/02 05:23:58 | 000,392,122 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006/04/26 01:57:42 | 000,428,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303)
DRV - [2005/07/11 08:31:18 | 000,018,004 | R--- | M] (Silan Micro-Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slnt.sys -- (slnt)
DRV - [2003/07/02 19:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: D:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/07/26 22:12:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/25 17:06:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/25 17:06:04 | 000,000,000 | ---D | M]

[2010/06/24 20:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Mozilla\Extensions
[2009/10/13 06:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/27 11:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Mozilla\Firefox\Profiles\tklqfn6x.default\extensions
[2010/10/24 16:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shun Jokah\Application Data\Mozilla\Firefox\Profiles\tklqfn6x.default\extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
[2010/08/10 18:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Shun Jokah\Application Data\Mozilla\Firefox\Profiles\tklqfn6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/18 17:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shun Jokah\Application Data\Mozilla\Firefox\Profiles\tklqfn6x.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/24 20:30:59 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Shun Jokah\Application Data\Mozilla\Firefox\Profiles\tklqfn6x.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/27 11:01:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/26 13:28:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 15:20:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/26 00:57:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] D:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE File not found
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.exe (Vimicro)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\vmsnap3.exe (ZSMCSNAP)
O4 - HKCU..\Run: [H/PC Connection Agent] D:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232744385484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232744358484 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.78.97.41 203.127.225.11 210.4.2.61 203.177.255.10 58.71.1.37 58.71.2.7
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Shun Jokah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shun Jokah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/20 08:20:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - ac3acm.acm File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 14:10:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shun Jokah\Desktop\OTL.exe
[2010/10/28 13:06:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/28 12:53:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/27 13:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shun Jokah\Desktop\windowsbbs
[2010/10/27 11:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shun Jokah\Application Data\Malwarebytes
[2010/10/27 11:45:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/27 11:45:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/27 11:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/27 11:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/26 00:42:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/26 00:42:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/26 00:42:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/26 00:42:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/26 00:41:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/26 00:39:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/24 19:38:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Oddworld Abe's Oddysee
[2010/10/17 15:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shun Jokah\Application Data\runic games
[2010/10/15 08:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/10/12 13:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shun Jokah\Desktop\new mp3's
[2010/10/12 11:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shun Jokah\Application Data\Ashampoo
[2010/10/12 11:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shun Jokah\Local Settings\Application Data\ashampoo
[2010/10/12 11:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/10/05 23:34:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Shun Jokah\Recent
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/28 14:10:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shun Jokah\Desktop\OTL.exe
[2010/10/28 13:44:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1682526488-515967899-1003UA.job
[2010/10/28 12:53:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/28 11:16:42 | 003,887,731 | R--- | M] () -- C:\Documents and Settings\Shun Jokah\Desktop\ComboFix.exe
[2010/10/28 10:32:51 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Shun Jokah\Application Dataprivacy.xml
[2010/10/28 10:32:47 | 000,000,428 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/10/28 10:31:34 | 000,194,404 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/28 10:31:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/26 23:02:26 | 000,016,320 | ---- | M] () -- C:\Documents and Settings\Shun Jokah\My Documents\tagalog.m3u
[2010/10/26 21:03:02 | 000,444,250 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/26 21:03:02 | 000,072,398 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/26 16:43:41 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/10/26 15:51:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/26 15:40:21 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Shun Jokah\Desktop\yeah.reg
[2010/10/26 15:39:59 | 000,001,312 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/26 13:20:23 | 000,000,452 | RHS- | M] () -- C:\Documents and Settings\Shun Jokah\ntuser.pol
[2010/10/26 11:25:03 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Shun Jokah\Desktop\dds.scr
[2010/10/26 11:21:33 | 000,001,464 | ---- | M] () -- C:\Documents and Settings\Shun Jokah\Desktop\Maintain Memory.lnk
[2010/10/26 00:57:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/25 22:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/19 17:54:02 | 000,213,504 | ---- | M] () -- C:\Documents and Settings\Shun Jokah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/15 08:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/15 05:44:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1682526488-515967899-1003Core.job
[2010/10/14 23:59:00 | 000,319,640 | ---- | M] () -- C:\Documents and Settings\Shun Jokah\My Documents\deadlyg.m3u
[2010/10/14 18:25:04 | 000,000,000 | RHS- | M] () -- C:\xerfoj4
[2010/10/14 18:11:07 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\Shun Jokah\My Documents\xerfoj4
[2010/10/14 18:09:57 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\Shun Jokah\Desktop\xerfoj4
[2010/10/11 20:24:18 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\Shun Jokah\My Documents\xerfoj2
[2010/10/11 20:22:32 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\Shun Jokah\Desktop\xerfoj2
[2010/10/08 13:22:51 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\Shun Jokah\My Documents\xerfojn
[2010/10/08 13:21:04 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\Shun Jokah\Desktop\xerfojn
[2010/10/07 22:27:41 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\Shun Jokah\My Documents\xerfoj5
[2010/10/07 22:26:52 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\Shun Jokah\Desktop\xerfoj5
[2010/10/06 00:43:07 | 000,319,198 | ---- | M] () -- C:\Documents and Settings\Shun Jokah\My Documents\Copy of deadlyg.m3u
[2010/10/06 00:42:57 | 000,005,728 | ---- | M] () -- C:\Documents and Settings\Shun Jokah\My Documents\new trax.m3u
[2010/10/05 22:26:54 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\Shun Jokah\My Documents\xerfoj
[2010/10/05 22:25:55 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\Shun Jokah\Desktop\xerfoj
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 12:53:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/28 12:53:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/28 11:15:13 | 003,887,731 | R--- | C] () -- C:\Documents and Settings\Shun Jokah\Desktop\ComboFix.exe
[2010/10/26 15:40:21 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Shun Jokah\Desktop\yeah.reg
[2010/10/26 15:38:21 | 000,001,312 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/26 11:24:53 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Shun Jokah\Desktop\dds.scr
[2010/10/26 11:21:11 | 000,001,464 | ---- | C] () -- C:\Documents and Settings\Shun Jokah\Desktop\Maintain Memory.lnk
[2010/10/26 00:42:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/26 00:42:08 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/26 00:42:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/26 00:42:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/26 00:42:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/26 00:22:03 | 000,000,452 | RHS- | C] () -- C:\Documents and Settings\Shun Jokah\ntuser.pol
[2010/10/14 20:14:28 | 000,319,198 | ---- | C] () -- C:\Documents and Settings\Shun Jokah\My Documents\Copy of deadlyg.m3u
[2010/10/14 18:25:04 | 000,000,000 | RHS- | C] () -- C:\xerfoj4
[2010/10/14 18:11:07 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\Shun Jokah\My Documents\xerfoj4
[2010/10/14 18:09:57 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\Shun Jokah\Desktop\xerfoj4
[2010/10/11 20:24:18 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\Shun Jokah\My Documents\xerfoj2
[2010/10/11 20:22:32 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\Shun Jokah\Desktop\xerfoj2
[2010/10/08 13:22:51 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\Shun Jokah\My Documents\xerfojn
[2010/10/08 13:21:04 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\Shun Jokah\Desktop\xerfojn
[2010/10/07 22:27:41 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\Shun Jokah\My Documents\xerfoj5
[2010/10/07 22:26:52 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\Shun Jokah\Desktop\xerfoj5
[2010/10/05 22:26:54 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\Shun Jokah\My Documents\xerfoj
[2010/10/05 22:25:55 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\Shun Jokah\Desktop\xerfoj
[2010/04/11 04:26:35 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Shun Jokah\Application Data\$_hpcst$.hpc
[2010/03/27 04:56:25 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Shun Jokah\Application Data\bdfvconp.ini
[2009/06/19 14:15:55 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Shun Jokah\Application Data\default.rss
[2009/05/11 19:20:39 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/11 19:20:36 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/11 19:20:35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/11 19:20:35 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/11 19:20:32 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/02 09:38:29 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/01/26 07:08:48 | 001,534,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/01/20 09:36:31 | 000,213,504 | ---- | C] () -- C:\Documents and Settings\Shun Jokah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/19 15:20:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/01/19 15:04:13 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009/01/19 14:53:13 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/19 14:53:13 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/19 14:53:13 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/19 14:53:13 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/01/19 14:53:12 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/16 04:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/10/29 08:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/04/20 08:20:21 | 000,000,067 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/20 08:20:18 | 000,000,055 | ---- | C] () -- C:\WINDOWS\SpeedGear.INI
[2007/04/20 08:20:15 | 000,000,110 | ---- | C] () -- C:\WINDOWS\option.ini
[2007/04/20 08:20:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/20 08:20:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/20 08:20:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/20 08:20:13 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/04/20 08:20:12 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AndreaMosaic.INI
[2007/04/20 08:20:12 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/04/20 07:10:34 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GKLauncherInfo.ini
[2007/02/01 05:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2005/12/08 14:19:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\EGamesPlugin.dll
[2005/12/08 14:19:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\EGameEncrypt.dll

========== LOP Check ==========

[2010/10/12 11:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/03/15 12:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/02/02 09:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/03/02 05:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/04/20 14:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2007/04/19 20:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009/04/07 03:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/05/22 18:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2010/07/18 20:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\musicjacker
[2010/08/11 21:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2009/05/21 05:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/04/28 14:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/07/15 23:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2010/07/21 19:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/28 08:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/09/14 12:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/09/10 19:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/03 07:29:45 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/07/03 13:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/03/15 15:14:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/10/12 11:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Ashampoo
[2010/03/15 12:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\BitDefender
[2009/06/10 11:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Crayon Physics Deluxe
[2009/02/02 09:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\DAEMON Tools Pro
[2010/06/24 17:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\DMCache
[2010/04/01 11:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Downloaded Installations
[2010/03/28 05:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Facebook
[2010/02/10 21:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\FMZilla
[2009/01/24 03:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\GrabPro
[2010/06/21 22:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\ICQ
[2010/04/30 00:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\LimeWire
[2009/05/22 18:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Ludia
[2010/09/14 13:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\onOne Software
[2010/10/24 00:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Orbit
[2009/01/26 07:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Publish Providers
[2010/10/17 15:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\runic games
[2009/09/04 11:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\SnapTeam
[2010/04/28 15:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Sony
[2010/05/14 14:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Sony Creative Software
[2009/01/26 06:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Sony Setup
[2010/07/15 23:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Systweak
[2009/02/17 03:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\TuneUp Software
[2010/03/02 05:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Uniblue
[2010/09/14 12:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\WindSolutions
[2010/08/21 22:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shun Jokah\Application Data\Xilisoft

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/04/20 08:20:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/07 10:08:14 | 000,006,626 | ---- | M] () -- C:\bdlog.txt
[2010/10/26 15:51:08 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/28 12:53:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/28 13:04:24 | 000,015,536 | ---- | M] () -- C:\ComboFix.txt
[2007/04/20 08:20:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/22 09:27:41 | 000,031,186 | ---- | M] () -- C:\drwtsn32.log
[2007/04/20 08:20:22 | 000,011,258 | ---- | M] () -- C:\ggcpl.log
[2007/04/20 08:20:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/05 13:37:14 | 000,000,000 | RHS- | M] () -- C:\khw
[2007/04/20 08:20:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/04/20 08:20:22 | 000,000,206 | ---- | M] () -- C:\mylog.log
[2007/04/20 08:20:22 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2007/04/20 08:20:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/04/20 08:20:23 | 000,004,104 | ---- | M] () -- C:\OnOneErrorLog.txt
[2010/10/28 10:31:21 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/12/24 16:39:00 | 029,618,068 | ---- | M] () -- C:\quest crew new routine.flv
[2007/04/20 08:20:23 | 000,000,522 | ---- | M] () -- C:\RHDSetup.log
[2010/10/14 18:25:04 | 000,000,000 | RHS- | M] () -- C:\xerfoj4
[2007/04/20 08:20:23 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/19 06:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/30 05:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/19 06:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/30 05:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/01/19 14:39:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 19:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/19 08:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/27 10:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 17:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2007/04/20 08:20:22 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/01/19 14:40:05 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/01/19 14:46:17 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Shun Jokah\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/01/19 14:46:17 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Shun Jokah\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/28 11:16:42 | 003,887,731 | R--- | M] () -- C:\Documents and Settings\Shun Jokah\Desktop\ComboFix.exe
[2010/10/28 14:10:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shun Jokah\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/01/19 14:46:17 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Shun Jokah\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/26 15:39:59 | 000,001,312 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2007/04/19 19:31:00 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Shun Jokah\Cookies\desktop.ini
[2010/10/28 13:14:19 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Shun Jokah\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/27 03:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:769DE8D6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

deadlyg · 2010/10/28

Extras.txt

OTL Extras logfile created on: 10/28/2010 2:12:54 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Shun Jokah\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 55.79 Gb Free Space | 71.41% Space Free | Partition Type: NTFS
Drive D: | 70.91 Gb Total Space | 9.53 Gb Free Space | 13.43% Space Free | Partition Type: NTFS
Drive F: | 18.64 Gb Total Space | 0.33 Gb Free Space | 1.79% Space Free | Partition Type: FAT32

Computer Name: SHUN | User Name: Shun Jokah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\Microsoft Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- File not found
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe" = D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe" = D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1CF54269-B462-4D2A-84F6-A71A7F3A358C}" = BitDefender Total Security 2010
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4744A01E-4B17-4643-A1FA-44FF83CB316D}" = PhotoTools 2.5 Professional Edition
"{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH PC Camera H
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AndreaMosaic" = AndreaMosaic 3.32.1
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.1
"CCleaner" = CCleaner
"Chikka Messenger V4" = Chikka Messenger V4
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Defraggler" = Defraggler
"Dr. Jekill_is1" = Dr Jekill
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GoldWave v5.19" = GoldWave v5.19
"HotspotShield" = Hotspot Shield 1.47
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.8.0 (Full)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"NVIDIA Drivers" = NVIDIA Drivers
"Oddworld Abe's Oddysee1.0" = Oddworld Abe's Oddysee
"Task Killer" = Task Killer (remove only)
"VDOTool_is1" = VDOTool 6.4
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Winamp" = Winamp
"Windows Rights Management Client" = Windows Rights Management Client with Service Pack 2
"Windows Rights Management Client Backwards" = Windows Rights Management Client Backwards Compatibility SP2
"WinRAR archiver" = WinRAR archiver
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"DemonRO Mini" = DemonRO Mini
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/13/2010 1:52:08 PM | Computer Name = SHUN | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/13/2010 1:52:08 PM | Computer Name = SHUN | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/14/2010 12:18:59 AM | Computer Name = SHUN | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/14/2010 12:20:26 AM | Computer Name = SHUN | Source = MsiInstaller | ID = 10005
Description =

Error - 9/14/2010 1:35:13 AM | Computer Name = SHUN | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/11/2010 12:27:31 PM | Computer Name = SHUN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/11/2010 12:27:31 PM | Computer Name = SHUN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/21/2010 11:07:29 AM | Computer Name = SHUN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/21/2010 11:07:29 AM | Computer Name = SHUN | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/22/2010 9:44:54 AM | Computer Name = SHUN | Source = MsiInstaller | ID = 11316
Description =

[ OSession Events ]
Error - 4/12/2010 6:55:52 PM | Computer Name = SHUN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/27/2010 1:04:58 AM | Computer Name = SHUN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
uagp35

Error - 10/27/2010 1:05:08 AM | Computer Name = SHUN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 10/27/2010 1:05:08 AM | Computer Name = SHUN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 10/27/2010 1:14:14 AM | Computer Name = SHUN | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 10/27/2010 5:51:58 AM | Computer Name = SHUN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 10/27/2010 5:52:19 AM | Computer Name = SHUN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 10/27/2010 6:10:16 AM | Computer Name = SHUN | Source = Dhcp | ID = 1002
Description = The IP address lease 10.66.56.27 for the Network Card with network
address 00FFE8D68A9F has been denied by the DHCP server 10.69.103.254 (The DHCP
Server sent a DHCPNACK message).

Error - 10/27/2010 12:00:10 PM | Computer Name = SHUN | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 10.20.3.23 on the
Network
Card with network address 00E04D3451E9.

Error - 10/27/2010 11:32:28 PM | Computer Name = SHUN | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 10/27/2010 11:32:47 PM | Computer Name = SHUN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

[ TuneUp Events ]
Error - 3/19/2010 8:17:52 PM | Computer Name = SHUN | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 3/19/2010 8:18:07 PM | Computer Name = SHUN | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 3/19/2010 8:19:02 PM | Computer Name = SHUN | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 3/19/2010 8:21:22 PM | Computer Name = SHUN | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 3/19/2010 8:22:17 PM | Computer Name = SHUN | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 3/19/2010 8:22:22 PM | Computer Name = SHUN | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 3/19/2010 8:26:12 PM | Computer Name = SHUN | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 3/19/2010 8:27:02 PM | Computer Name = SHUN | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 3/19/2010 8:27:07 PM | Computer Name = SHUN | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 3/19/2010 8:35:58 PM | Computer Name = SHUN | Source = TuneUp Program Statistics | ID = 131840
Description =

< End of report >

Good news! My Folder Options is now available. Thank you so much broni! Is there anything I still need to do?

broni · 2010/10/28

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\SHUNJO~1\LOCALS~1\Temp\AQA32C5.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPF:DC5A2B2
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:769DE8D6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

deadlyg · 2010/10/29

OTL log:

All processes killed
========== OTL ==========
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
File C:\DOCUME~1\SHUNJO~1\LOCALS~1\Temp\AQA32C5.tmp not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\WINDOWS\System32\drivers\EagleNT.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BigDog303 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Starting removal of ActiveX control {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
ADS C:\Documents and Settings\All Users\Application Data\TEMP:769DE8D6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temp folder emptied: 6465571 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Shun Jokah
->Temp folder emptied: 8763 bytes
->Temporary Internet Files folder emptied: 1063576 bytes
->Java cache emptied: 32375 bytes
->FireFox cache emptied: 93832070 bytes
->Google Chrome cache emptied: 398408186 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 151254 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 477.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Shun Jokah
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.1 log created on 10292010_111845

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

==============================================================

1. checkup.txt

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
BitDefender Total Security 2010
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.11) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Common Files BitDefender BitDefender Update Service livesrv.exe
BitDefender BitDefender 2010 vsserv.exe
BitDefender BitDefender 2010 bdagent.exe
BitDefender BitDefender 2010 seccenter.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

2. Temp File Cleaner (TFC) -- Done!

3. ESET Online Scanner log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.20861 (vista_ldr.080618-1506)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e8ccdf00ccd8a34ca2924b995c6b1a0e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-29 01:27:33
# local_time=2010-10-29 08:27:33 (+0700, North Asia Standard Time)
# country= "United States "
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=101391
# found=9
# cleaned=0
# scan_time=10576
C:\Documents and Settings\Shun Jokah\Desktop\Games\Inventory A+.exe probably a variant of Win32/Agent.GCJKSOH trojan 00000000000000000000000000000000 I
D:\abvtad.exe Win32/Packed.Autoit.E.Gen application 00000000000000000000000000000000 I
D:\lxrarf.exe Win32/Packed.Autoit.E.Gen application 00000000000000000000000000000000 I
D:\xdgprm.exe Win32/Packed.Autoit.E.Gen application 00000000000000000000000000000000 I
D:\xmnrgz.exe Win32/Packed.Autoit.E.Gen application 00000000000000000000000000000000 I
D:\Gee\Gee's Files\Appz\BitDefender Total Security 2010\Box_BitDefender_2047_v3.0A_Softvnn.com.rar Win32/Packed.Autoit.E.Gen application 00000000000000000000000000000000 I
D:\Gee\Gee's Files\Appz\Sony Vegas Pro 9.0d\Sony.Vegas.Pro.9.0-DI.v1.5-tano1221.rar a variant of Win32/Keygen.AR application 00000000000000000000000000000000 I
D:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application 00000000000000000000000000000000 I
${Memory} a variant of Win32/HotSpotShield application 00000000000000000000000000000000 I

broni · 2010/10/29

1. Why is BitDefender Total Security 2010 listed as outdated?
Is this some illegal copy of it?

D:\Gee\Gee's Files\Appz\BitDefender Total Security 2010\Box_BitDefender_2047_v3.0A_Softvnn.com.rar Win32/Packed.Autoit.E.Gen application 00000000000000000000000000000000 I
Click to expand...

2. Update Firefox to the newest 3.6.12 version.

3. Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

=================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Documents and Settings\Shun Jokah\Desktop\Games\Inventory A+.exe 
D:\abvtad.exe 
D:\lxrarf.exe 
D:\xdgprm.exe 
D:\xmnrgz.exe 
D:\Gee\Gee's Files\Appz\BitDefender Total Security 2010\Box_BitDefender_2047_v3.0A_Softvnn.com.rar 
D:\Gee\Gee's Files\Appz\Sony Vegas Pro 9.0d\Sony.Vegas.Pro.9.0-DI.v1.5-tano1221.rar

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

deadlyg · 2010/10/29

1. I don't know why but the virus signature database tells me that the last update was today. Yes I believe it is an illegal copy. I got it from a warez forum. Do you recommend a different anti-virus?

2. Update done!

3. Replaced Adobe Reader with Foxit PDF Reader. Thanks!

=================================================================

OTL log:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Shun Jokah\Desktop\Games\Inventory A+.exe moved successfully.
File move failed. D:\abvtad.exe scheduled to be moved on reboot.
File move failed. D:\lxrarf.exe scheduled to be moved on reboot.
File move failed. D:\xdgprm.exe scheduled to be moved on reboot.
File move failed. D:\xmnrgz.exe scheduled to be moved on reboot.
D:\Gee\Gee's Files\Appz\BitDefender Total Security 2010\Box_BitDefender_2047_v3.0A_Softvnn.com.rar moved successfully.
D:\Gee\Gee's Files\Appz\Sony Vegas Pro 9.0d\Sony.Vegas.Pro.9.0-DI.v1.5-tano1221.rar moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Shun Jokah
->Temp folder emptied: 4181 bytes
->Temporary Internet Files folder emptied: 5412378 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25700491 bytes
->Google Chrome cache emptied: 92661166 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1373 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 118.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Shun Jokah
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.1 log created on 10302010_115503

Files\Folders moved on Reboot...
File\Folder D:\abvtad.exe not found!
File\Folder D:\lxrarf.exe not found!
File\Folder D:\xdgprm.exe not found!
File move failed. D:\xmnrgz.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

broni · 2010/10/29

Yes I believe it is an illegal copy. I got it from a warez forum. Do you recommend a different anti-virus?
Click to expand...

Either buy it, or uninstall it and install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

===================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

deadlyg · 2010/10/30

Replaced BitDefender with Avast. Thanks!

===================================================

1. clean restore point -- Done

2. Clean up with OTL -- Done

5. WOT -- Installed

8. Secunia Personal Software Inspector (PSI) -- Installed

9. FileHippo Update Checker -- Installed

10. I defrag every 1 or 2 months

11. Done reading. Should I install SpywareBlaster on my computer?

12. My computer is doing great! Everything is working fine. It is faster now and there's no more viruses and malwares. The next thing I'm going to do now is update my out-dated programs. Thanks a whole lot broni! You spent a lot of time helping me.

broni · 2010/10/30

You're very welcome

Good luck and stay safe

Log in or Sign up

Solved Task Manager, Folder Options and Registry Editing Disabled

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Task Manager, Folder Options and Registry Editing Disabled

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

deadlyg Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches