Solved Files in my removable disk are changed into shortcuts

shengxian · 2011/03/06

[Resolved] Files in my removable disk are changed into shortcuts

Thank you again for helping me the last time.
I had a problem with my folders recently as stated. I tried to follow the instructions from the net to download malware but it doesnt solve my problem.
Then i inserted my hard disk and it got infected too. My first infected pen drive, after i formatted it, the problem was solved. However, i couldnt format my hard disk as it contained too much of my informations. Please help me. Thank you

P.S.
The attach.log stated that unless required, i shouldnt post it. Should i post it here? Thank you

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5950

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

3/6/2011 3:21:47 PM
mbam-log-2011-03-06 (15-21-47).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 256924
Time elapsed: 57 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\LKGGOPABUH (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VXEG3ZNNE5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LKGGOPABUH (Trojan.FakeAlert) -> Value: LKGGOPABUH -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{fcb3df57-2b79-4725-a6b8-866425ac6bcd}\rp74\a0030709.dll (Trojan.Agent) -> Quarantined and deleted successfully.
f:\filer\software installer\garmin\garminkeygen_v1.5.exe (RiskWare.Tool.CK) -> Not selected for removal.
f:\filer\software installer\hack phone\new folder\secman_binpda(crack tool)\rootsign1.0\RootSiGN.exe (Hacktool.RootSign) -> Not selected for removal.
f:\filer\software installer\tune up\itune keygen.exe (Trojan.Agent.CK) -> Not selected for removal.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-06 16:41:32
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 Hitachi_HTS545025B9A300 rev.PB2OC60F
Running: sukhk8j8.exe; Driver: C:\DOCUME~1\PRE-LO~1\LOCALS~1\Temp\kwlyapoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA7D2BCF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA7D2BBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA7D2C160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA7D2C08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA7D2B782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA7D2BC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA7D2B6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA7D2B726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA7D2BDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA7D2C22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA7D2BD66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA7D2BEE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA7D38BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA7D389D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA7D38B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 80582DFE 7 Bytes JMP A7D38B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A9DEE 7 Bytes JMP A7D389D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAEDA 5 Bytes JMP A7D345D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C1810 5 Bytes JMP A7D35FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF966 7 Bytes JMP A7D38BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? eorjo.sys The system cannot find the file specified. !
C:\Program Files\CyberLink\PowerDVD8\000.fcl entry point in " " section [0xA7237000]
.clc C:\Program Files\CyberLink\PowerDVD8\000.fcl unknown last section [0xA7238000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[864] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1272] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1272] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{03c93468-2a17-4a8f-ba1d-ee9e2a83fd55}@Model 64
Reg HKLM\SOFTWARE\Classes\CLSID\{03c93468-2a17-4a8f-ba1d-ee9e2a83fd55}@Therad 19
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x19 0xAA 0xC0 0x7B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{666c879d-ff05-4d4e-ab51-c0f87e559e10}@Model 42
Reg HKLM\SOFTWARE\Classes\CLSID\{666c879d-ff05-4d4e-ab51-c0f87e559e10}@Therad 14
Reg HKLM\SOFTWARE\Classes\CLSID\{666c879d-ff05-4d4e-ab51-c0f87e559e10}@MData 0x73 0xD5 0xCF 0xB8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xE5 0xAC 0x91 0x6E ...

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA0A8000 eorjo.sys
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0B8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0C8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F05000 dmio.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0D8000 VolSnap.sys
0xB9EED000 atapi.sys
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ECE000 fltMgr.sys
0xB9EBC000 sr.sys
0xBA108000 PxHelp20.sys
0xB9EA5000 KSecDD.sys
0xB9E18000 Ntfs.sys
0xB9DEB000 NDIS.sys
0xB9DD0000 Mup.sys
0xBA158000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB97B2000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB979E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA380000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB977B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA388000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9756000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA168000 \SystemRoot\system32\DRIVERS\l1c51x86.sys
0xB91AE000 \SystemRoot\system32\DRIVERS\NETw1x32.sys
0xBA178000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA398000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA564000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA188000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA570000 \SystemRoot\system32\drivers\pfc.sys
0xBA198000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9163000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA580000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB9072000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xBA780000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA588000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB905B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB904A000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8F79000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA208000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5B6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8F45000 \SystemRoot\system32\DRIVERS\update.sys
0xB9DA8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA400000 \SystemRoot\system32\DRIVERS\btport.sys
0xBA218000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA238000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA7FC3000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA7FA1000 \SystemRoot\system32\drivers\portcls.sys
0xBA248000 \SystemRoot\system32\drivers\drmk.sys
0xA7F81000 \SystemRoot\system32\drivers\IntcHdmi.sys
0xBA5C8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7E3000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5CC000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA448000 \SystemRoot\System32\drivers\vga.sys
0xBA5D0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA458000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA468000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8F39000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA7EE6000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA7E8E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA298000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA7E6D000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA7E45000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA7E23000 \SystemRoot\System32\drivers\afd.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA7DF7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA7D60000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA7D4A000 \SystemRoot\system32\DRIVERS\idmtdi.sys
0xBA2B8000 \SystemRoot\System32\Drivers\Fips.SYS
0xA7D23000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA4A8000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA340000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA370000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA7D0F000 \SystemRoot\System32\Drivers\usbvideo.sys
0xBA2D8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8474000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3B0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA7F79000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA7C57000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5DE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA3C8000 \SystemRoot\System32\watchdog.sys
0xB8F3D000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA308000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA798000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF296000 \SystemRoot\System32\igxpdx32.DLL
0xA7BD7000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA7AD7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7958000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA77AC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA75AB000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7558000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7670000 \SystemRoot\system32\drivers\sysaudio.sys
0xA721C000 \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl
0xBA73F000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0xA6D03000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA420000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA68B3000 \??\C:\DOCUME~1\PRE-LO~1\LOCALS~1\Temp\kwlyapoc.sys
0xA53A5000
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
456 C:\WINDOWS\system32\smss.exe
532 csrss.exe
1068 C:\WINDOWS\system32\winlogon.exe
1272 C:\WINDOWS\system32\services.exe
1284 C:\WINDOWS\system32\lsass.exe
1624 C:\WINDOWS\system32\svchost.exe
1816 svchost.exe
1860 C:\WINDOWS\system32\svchost.exe
2036 svchost.exe
212 svchost.exe
864 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
260 C:\WINDOWS\system32\spoolsv.exe
980 C:\WINDOWS\system32\svchost.exe
1000 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1108 C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
1128 C:\Program Files\Bonjour\mDNSResponder.exe
1244 C:\Program Files\Java\jre6\bin\jqs.exe
156 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
568 C:\WINDOWS\system32\svchost.exe
784 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
1908 C:\WINDOWS\explorer.exe
2008 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
100 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
964 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
1748 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2572 C:\WINDOWS\RTHDCPL.exe
2612 C:\WINDOWS\SOUNDMAN.EXE
2696 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2948 C:\WINDOWS\system32\igfxtray.exe
2976 C:\WINDOWS\system32\hkcmd.exe
3016 C:\WINDOWS\system32\igfxpers.exe
3024 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
3096 C:\WINDOWS\system32\igfxsrvc.exe
3104 C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
3236 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3404 C:\WINDOWS\system32\wscntfy.exe
3480 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
4068 C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
4072 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
700 alg.exe
1276 C:\WINDOWS\system32\ctfmon.exe
3012 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
3772 C:\Program Files\Internet Download Manager\IDMan.exe
3912 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3444 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3616 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
2140 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
2808 C:\Program Files\Internet Download Manager\IEMonitor.exe
2052 C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2648 C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2244 C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3396 C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3000 C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2296 C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3780 C:\Documents and Settings\PRE-LOADED\My Documents\Downloads\Programs\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`4c130200 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OC60F
PhysicalDrive1 Model Number: HitachiHTS545032B9A300, Rev:

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
298 GB \\.\PhysicalDrive1 MBR Code Faked!
SHA1: B391F5F59EF986394476DBDDCBB393D914511125

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by PRE-LOADED at 20:41:02.60 on Sun 03/06/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3004.2092 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TuneUp Utilities 2011\integrator.exe
C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PRE-LOADED\My Documents\Downloads\dds (1).scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} - c:\program files\webshots\WSToolbar4IE.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Google Update] "c:\documents and settings\pre-loaded\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [<NO NAME>]
uRun: [tuagiu] c:\documents and settings\pre-loaded\tuagiu.exe /V
uRun: [yuaigog] c:\documents and settings\pre-loaded\yuaigog.exe /d
uRun: [keiko] c:\documents and settings\pre-loaded\keiko.exe /y
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe "
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
mPolicies-explorer: NoAutorun = 1 (0x1)
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\pre-lo~1\applic~1\mozilla\firefox\profiles\l9l6y25o.default\
FF - component: c:\documents and settings\pre-loaded\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\pre-loaded\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\pre-loaded\application data\idm\idmmzcc3
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-1 165584]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-11-30 97112]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-3 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-1 17744]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2010-6-17 81920]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-1 40384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-11-23 1483072]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-1 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-1 40384]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-16 110080]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-10-21 38912]
R3 NETw1x32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETw1x32.sys [2009-9-14 5929216]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-4-16 100184]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-6-13 637824]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-12-13 11520]
.
=============== Created Last 30 ================
.
2011-03-06 09:08:32 345591 ----a-w- c:\documents and settings\pre-loaded\yiadov.exe
2011-03-06 09:08:32 233472 ----a-w- c:\documents and settings\pre-loaded\unbiuRT.exe
2011-03-05 06:49:46 229376 --sh--r- c:\documents and settings\pre-loaded\dookou.exe
2011-03-05 06:48:00 229376 --sh--r- c:\documents and settings\pre-loaded\ziougeq.exe
2011-03-05 02:37:13 229376 --sh--r- c:\documents and settings\pre-loaded\keikox.exe
2011-03-05 02:35:12 -------- d-----w- c:\docume~1\pre-lo~1\applic~1\Malwarebytes
2011-03-05 02:35:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-05 02:35:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-05 02:34:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-05 02:34:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-04 07:16:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\InterAction studios
2011-03-02 00:05:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-02 00:05:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-02 00:05:28 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-03-01 08:02:27 -------- d--h--w- c:\windows\PIF
2011-02-27 23:47:10 -------- d-----w- c:\docume~1\pre-lo~1\locals~1\applic~1\NokiaAccount
2011-02-27 23:41:59 -------- d-----w- c:\docume~1\pre-lo~1\locals~1\applic~1\Nokia
2011-02-27 23:39:58 -------- d-----w- c:\program files\common files\Nokia
2011-02-27 23:39:25 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-02-27 23:39:16 -------- d-----w- c:\program files\PC Connectivity Solution
2011-02-27 23:38:55 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-02-27 23:38:10 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-02-27 23:36:31 -------- d-----w- c:\windows\system32\LogFiles
2011-02-27 23:35:00 -------- d-----w- c:\program files\Nokia
2011-02-27 23:35:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\NokiaInstallerCache
2011-02-11 01:44:29 -------- d-----w- c:\program files\common files\Akamai
2011-02-08 00:13:31 -------- d-----w- c:\program files\CamStudio
.
==================== Find3M ====================
.
2010-12-09 19:41:32 2162744 ----a-w- c:\windows\system32\GooglePinyin2.ime
.
============= FINISH: 20:41:29.45 ===============

broni · 2011/03/06

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Attach.txt part of DDS is missing.
Please, post that and then...

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

shengxian · 2011/03/08

[wrong log - Broni]

ComboFix 11-03-07.02 - PRE-LOADED 03/08/2011 22:06:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3004.2447 [GMT -8:00]
Running from: c:\documents and settings\PRE-LOADED\My Documents\Downloads\Programs\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\PRE-LOADED\AUTORUN.INF
c:\documents and settings\PRE-LOADED\Cookies.lnk
c:\documents and settings\PRE-LOADED\dookou.exe
c:\documents and settings\PRE-LOADED\keikox.exe
c:\documents and settings\PRE-LOADED\unbiuRT.exe
c:\documents and settings\PRE-LOADED\yiadov.exe
c:\documents and settings\PRE-LOADED\ziougeq.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\LogFiles
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-05 05:11 . 2011-03-05 05:12 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-05 02:35 . 2011-03-05 02:35 -------- d-----w- c:\documents and settings\PRE-LOADED\Application Data\Malwarebytes
2011-03-05 02:35 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-05 02:35 . 2011-03-05 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-05 02:34 . 2011-03-05 02:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-05 02:34 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 07:16 . 2011-03-04 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\InterAction studios
2011-03-02 00:05 . 2011-03-02 00:05 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-02 00:05 . 2011-03-02 00:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-02 00:05 . 2011-03-02 00:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-02 00:04 . 2011-03-02 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-03-01 08:02 . 2011-03-01 08:02 -------- d--h--w- c:\windows\PIF
2011-02-27 23:41 . 2011-02-27 23:50 -------- d-----w- c:\documents and settings\PRE-LOADED\Local Settings\Application Data\Nokia
2011-02-27 23:41 . 2011-02-27 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2011-02-27 23:41 . 2011-02-27 23:41 -------- d-----w- c:\documents and settings\PRE-LOADED\Application Data\PC Suite
2011-02-27 23:39 . 2011-02-27 23:40 -------- d-----w- c:\program files\Common Files\Nokia
2011-02-27 23:39 . 2011-02-27 23:39 -------- d-----w- c:\program files\DIFX
2011-02-27 23:39 . 2008-08-26 17:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-02-27 23:39 . 2011-02-27 23:39 -------- d-----w- c:\program files\PC Connectivity Solution
2011-02-27 23:38 . 2010-07-30 22:17 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-02-27 23:38 . 2004-08-03 16:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-02-27 23:36 . 2011-02-27 23:37 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-02-27 23:35 . 2011-02-27 23:39 -------- d-----w- c:\program files\Nokia
2011-02-27 23:35 . 2011-02-27 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2011-02-11 01:44 . 2011-03-09 06:11 -------- d-----w- c:\program files\Common Files\Akamai
2011-02-08 00:13 . 2011-02-08 00:50 -------- d-----w- c:\program files\CamStudio
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-25 10:40 . 2010-11-30 18:28 97112 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2010-12-09 19:41 . 2010-12-09 19:41 2162744 ----a-w- c:\windows\system32\GooglePinyin2.ime
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@= "{CDC95B92-E27C-4745-A8C5-64A52A78855D} "
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-01-25 10:40 67680 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"IDMan "= "c:\program files\Internet Download Manager\IDMan.exe" [2010-12-22 3270040]
"Google Update "= "c:\documents and settings\PRE-LOADED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-28 136176]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer "= "c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RTHDCPL "= "RTHDCPL.EXE" [2008-05-26 16862720]
"SoundMan "= "SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd "= "ALCWZRD.EXE" [2006-05-04 2808832]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-10-27 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-10-27 178712]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-10-27 150040]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Google Pinyin 2 Autoupdater "= "c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" [2010-12-09 1214520]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^PRE-LOADED^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\PRE-LOADED\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40 53248 ----a-w- c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2008-03-21 02:21 91432 ----a-r- c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 08:06 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 18:36 50472 ----a-w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-21 03:23 83240 ----a-w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-03-30 20:34 25263144 ----a-w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-14 18:33 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
"SmartSoft PDF Printer (demo) virtual printer agent "= "c:\program files\Smart PDF Converter Pro\sspdfagentd.exe "
"SmartSoft PDF Printer (demo) Agent "= "c:\program files\Smart PDF Converter Pro\sspdfagentd.exe "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP "= 1036:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/1/2010 7:42 PM 165584]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [11/30/2010 10:28 AM 97112]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2/1/2008 4:24 PM 41456]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/3/2004 8:56 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/1/2010 7:42 PM 17744]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [6/17/2010 9:59 PM 81920]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [11/23/2010 5:13 PM 1483072]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/8/2010 10:41 AM 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9/8/2010 10:45 AM 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9/8/2010 10:44 AM 484352]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [4/16/2009 2:57 PM 110080]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [10/21/2009 8:19 AM 38912]
R3 NETw1x32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETw1x32.sys [9/14/2009 9:21 AM 5929216]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 12:34 PM 10064]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [4/16/2009 2:58 PM 100184]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [6/13/2009 11:42 AM 637824]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/13/2010 9:30 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-879983540-682003330-1003Core.job
- c:\documents and settings\PRE-LOADED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-28 20:53]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-879983540-682003330-1003UA.job
- c:\documents and settings\PRE-LOADED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-28 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND
uInternet Settings,ProxyOverride = *.local
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
FF - ProfilePath - c:\documents and settings\PRE-LOADED\Application Data\Mozilla\Firefox\Profiles\l9l6y25o.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\PRE-LOADED\Application Data\IDM\idmmzcc3
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-tuagiu - c:\documents and settings\PRE-LOADED\tuagiu.exe
HKCU-Run-yuaigog - c:\documents and settings\PRE-LOADED\yuaigog.exe
HKCU-Run-keiko - c:\documents and settings\PRE-LOADED\keiko.exe
MSConfigStartUp-PPS Accelerator - c:\program files\PPStream\ppsap.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-08 22:12
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll "= "C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll "
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll "= "C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll "
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD8\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{03c93468-2a17-4a8f-ba1d-ee9e2a83fd55}]
@Denied: (Full) (Everyone)
"Model "=dword:00000043
"Therad "=dword:00000016
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):19,aa,c0,7b,b9,41,4a,c7,59,cd,c9,a1,cc,32,eb,a0,7f,bf,a9,7b,ff,
7a,6d,f7,f3,24,f2,a0,8c,e1,65,d6,19,12,e4,5d,48,26,75,57,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{666c879d-ff05-4d4e-ab51-c0f87e559e10}]
@Denied: (Full) (Everyone)
"Model "=dword:0000002a
"Therad "=dword:0000000e
"MData "=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):e5,ac,91,6e,45,2b,0f,ac,11,1c,a9,90,41,63,0d,c1,7b,0b,98,60,82,
0b,ea,ba,5a,b3,f4,46,43,c3,61,8b,ef,85,d1,1f,6e,ae,4f,22,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4080)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\btmmhook.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Google\Google Pinyin 2\GooglePinyinService.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-03-08 22:16:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-09 06:16
.
Pre-Run: 86,649,667,584 bytes free
Post-Run: 86,541,008,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2EB2D9065DEEF80B708F14264002093A

thank you

broni · 2011/03/08

You posted DDS.txt log again instead of Attach.txt.
Please, post correct log.

Combofix log looks good now.

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

shengxian · 2011/03/11

OTL Extras logfile created on: 3/11/2011 8:18:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\PRE-LOADED\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 78.00 Gb Free Space | 66.56% Space Free | Partition Type: NTFS
Drive D: | 115.69 Gb Total Space | 114.32 Gb Free Space | 98.82% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 98.55 Gb Free Space | 33.06% Space Free | Partition Type: NTFS

Computer Name: ACER-C953BF3293 | User Name: PRE-LOADED | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1220945662-879983540-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"1039:TCP" = 1039:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D7D9D86-923A-41A8-919F-437332AB1033}" = Nero 7 Ultra Edition
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = SMART BRO
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5D8BC30-79CE-41BB-AD8C-0F6735EBD1A2}_is1" = RixKeys 0.22 Personal Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"avast5" = avast! Free Antivirus
"CamStudio" = CamStudio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"GooglePinyin2" = 谷歌拼音输入法 2.3
"Graph_is1" = Graph 4.3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"RealPlayer 6.0" = RealPlayer
"Skype_is1" = Skype 3.1
"Smart PDF Converter Pro_is1" = Smart PDF Converter Pro 4.2.3.264
"The KMPlayer" = The KMPlayer (remove only)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Webshots Desktop_is1" = Webshots Desktop
"Webshots Toolbar" = Webshots Toolbar
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-879983540-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2011 3:57:49 AM | Computer Name = ACER-C953BF3293 | Source = Application Hang | ID = 1002
Description = Hanging application AvastUI.exe, version 5.0.677.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2011 3:47:00 AM | Computer Name = ACER-C953BF3293 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2011 3:47:50 AM | Computer Name = ACER-C953BF3293 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2011 5:09:14 AM | Computer Name = ACER-C953BF3293 | Source = Application Error | ID = 1000
Description = Faulting application unbiurt.exe, version 1.0.0.0, faulting module
msvbvm60.dll, version 6.0.96.90, fault address 0x000293d9.

[ OSession Events ]
Error - 1/7/2011 2:57:29 AM | Computer Name = ACER-C953BF3293 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/7/2011 3:41:14 AM | Computer Name = ACER-C953BF3293 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/7/2011 3:44:51 AM | Computer Name = ACER-C953BF3293 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 200
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/11/2011 5:08:59 PM | Computer Name = ACER-C953BF3293 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/13/2011 1:31:10 AM | Computer Name = ACER-C953BF3293 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/22/2011 3:38:16 PM | Computer Name = ACER-C953BF3293 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/22/2011 3:38:26 PM | Computer Name = ACER-C953BF3293 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/22/2011 3:45:28 PM | Computer Name = ACER-C953BF3293 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 416
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/22/2011 3:56:26 PM | Computer Name = ACER-C953BF3293 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/23/2011 2:05:58 AM | Computer Name = ACER-C953BF3293 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/6/2011 5:03:48 AM | Computer Name = ACER-C953BF3293 | Source = Service Control Manager | ID = 7034
Description = The WD File Management Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 3/6/2011 5:03:48 AM | Computer Name = ACER-C953BF3293 | Source = Service Control Manager | ID = 7034
Description = The WD File Management Shadow Engine service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/6/2011 5:03:48 AM | Computer Name = ACER-C953BF3293 | Source = Service Control Manager | ID = 7031
Description = The Bluetooth Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 3/6/2011 5:45:31 AM | Computer Name = ACER-C953BF3293 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Pcmcia

Error - 3/6/2011 7:27:25 PM | Computer Name = ACER-C953BF3293 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Pcmcia

Error - 3/6/2011 8:31:41 PM | Computer Name = ACER-C953BF3293 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 3/7/2011 10:38:44 AM | Computer Name = ACER-C953BF3293 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WD File Management Engine
service to connect.

Error - 3/7/2011 10:38:44 AM | Computer Name = ACER-C953BF3293 | Source = Service Control Manager | ID = 7000
Description = The WD File Management Engine service failed to start due to the following
error: %%1053

Error - 3/9/2011 2:06:31 AM | Computer Name = ACER-C953BF3293 | Source = Service Control Manager | ID = 7034
Description = The Autorun CDROM Monitor service terminated unexpectedly. It has
done this 1 time(s).

Error - 3/11/2011 2:34:27 AM | Computer Name = ACER-C953BF3293 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001E6410F87E. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

< End of report >

shengxian · 2011/03/11

OTL logfile created on: 3/11/2011 8:18:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\PRE-LOADED\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 78.00 Gb Free Space | 66.56% Space Free | Partition Type: NTFS
Drive D: | 115.69 Gb Total Space | 114.32 Gb Free Space | 98.82% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 98.55 Gb Free Space | 33.06% Space Free | Partition Type: NTFS

Computer Name: ACER-C953BF3293 | User Name: PRE-LOADED | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/11 17:49:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PRE-LOADED\My Documents\Downloads\Programs\OTL_2.exe
PRC - [2010/12/21 22:04:30 | 003,270,040 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/12/09 11:41:32 | 000,775,224 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
PRC - [2010/12/09 11:41:31 | 001,214,520 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
PRC - [2010/11/23 17:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/11/23 17:15:38 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010/11/23 17:13:50 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/09/08 10:44:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/09/08 10:42:28 | 005,185,536 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/09/08 10:41:36 | 000,237,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/25 07:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/10/10 09:16:06 | 000,081,920 | R--- | M] () -- C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
PRC - [2009/03/23 17:41:06 | 000,603,488 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/16 18:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 17:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/07/21 00:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/03 08:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/03/11 17:49:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PRE-LOADED\My Documents\Downloads\Programs\OTL_2.exe
MOD - [2011/02/11 06:11:36 | 000,034,208 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009/03/23 17:39:56 | 000,094,273 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2009/03/23 17:38:08 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2004/08/03 08:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/02/10 17:47:32 | 003,129,432 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/23 17:13:50 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/11/23 17:11:36 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 10:44:50 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 10:41:36 | 000,237,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/10 09:16:06 | 000,081,920 | R--- | M] () [Auto | Running] -- C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe -- (Autorun CDROM Monitor)

========== Driver Services (SafeList) ==========

DRV - [2011/01/25 02:40:06 | 000,097,112 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2010/10/07 12:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/10/10 15:50:46 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/10 15:50:16 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/10 15:49:20 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/06/19 10:28:22 | 005,929,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw1x32.sys -- (NETw1x32) Intel(R)
DRV - [2009/04/16 15:02:32 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009/03/19 05:19:54 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/02/21 16:31:14 | 000,038,912 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/18 01:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/10/30 13:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/29 17:44:18 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/07/24 01:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/23 23:33:50 | 000,100,184 | R--- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/06/30 21:12:02 | 000,637,824 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008/06/27 00:40:18 | 001,315,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/05/26 04:27:28 | 004,748,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/25 14:22:50 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 14:22:10 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/25 14:22:06 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/03/18 22:26:24 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/03/10 02:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/17 10:17:33 | 001,163,616 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/04 01:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 01:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008/02/01 16:24:04 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1220945662-879983540-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND
IE - HKU\S-1-5-21-1220945662-879983540-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-879983540-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.2.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.2
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/14 10:33:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/02/27 15:39:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/10 15:45:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/04 21:13:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/02/27 15:39:33 | 000,000,000 | ---D | M]

[2009/07/14 11:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PRE-LOADED\Application Data\Mozilla\Extensions
[2011/03/02 20:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PRE-LOADED\Application Data\Mozilla\Firefox\Profiles\l9l6y25o.default\extensions
[2011/02/20 20:56:37 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\PRE-LOADED\Application Data\Mozilla\Firefox\Profiles\l9l6y25o.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/02/20 20:56:38 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\PRE-LOADED\Application Data\Mozilla\Firefox\Profiles\l9l6y25o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/02 20:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/01 16:05:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/20 20:48:59 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\PRE-LOADED\APPLICATION DATA\IDM\IDMMZCC3
[2011/03/01 16:05:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/27 15:39:33 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2011/03/01 16:05:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/08 22:12:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll (CNET-Networks)
O3 - HKU\S-1-5-21-1220945662-879983540-682003330-1003\..\Toolbar\ShellBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll (CNET-Networks)
O3 - HKU\S-1-5-21-1220945662-879983540-682003330-1003\..\Toolbar\WebBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll (CNET-Networks)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Google Pinyin 2 Autoupdater] C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Google Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1220945662-879983540-682003330-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1220945662-879983540-682003330-1003..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-879983540-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-879983540-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1220945662-879983540-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1220945662-879983540-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\WSToolbar4IE.dll (CNET-Networks)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1220945662-879983540-682003330-1003\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1220945662-879983540-682003330-1003\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1220945662-879983540-682003330-1003\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 122.255.99.236 122.255.99.228
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/16 14:34:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/04 21:54:57 | 000,000,724 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\G - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/11 20:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PRE-LOADED\My Documents\New Folder
[2011/03/11 20:07:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/08 22:05:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/08 22:01:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/08 22:01:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/08 22:01:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/08 22:01:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/08 21:58:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/08 21:58:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/04 21:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/03/04 19:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PRE-LOADED\Desktop\ireland
[2011/03/04 19:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PRE-LOADED\Desktop\interview
[2011/03/04 18:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PRE-LOADED\Application Data\Malwarebytes
[2011/03/04 18:35:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/04 18:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/04 18:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/04 18:34:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/04 18:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/03 23:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2011/03/01 16:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/01 16:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/01 00:02:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/02/27 15:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\NokiaAccount
[2011/02/27 15:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\Nokia
[2011/02/27 15:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/02/27 15:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PRE-LOADED\Application Data\PC Suite
[2011/02/27 15:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia
[2011/02/27 15:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2011/02/27 15:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/02/27 15:39:25 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2011/02/27 15:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/02/27 15:38:55 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2011/02/27 15:36:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/02/27 15:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/02/27 15:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2011/02/27 15:29:57 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/02/13 02:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PRE-LOADED\Desktop\pysics hodder answ
[2011/02/10 17:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai

========== Files - Modified Within 30 Days ==========

[2011/03/11 20:02:39 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/11 20:02:39 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/11 19:58:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-879983540-682003330-1003UA.job
[2011/03/11 19:56:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/11 00:52:27 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/08 22:12:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/08 22:05:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/08 06:57:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/04 22:48:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/04 22:41:53 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Bluetooth Software.lnk
[2011/03/04 22:41:53 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Application Data.lnk
[2011/03/04 22:41:53 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Local Settings.lnk
[2011/03/04 22:41:53 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\My Documents.lnk
[2011/03/04 22:41:53 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Start Menu.lnk
[2011/03/04 22:41:53 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\New Folder.lnk
[2011/03/04 22:41:53 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Templates.lnk
[2011/03/04 22:41:53 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\PrintHood.lnk
[2011/03/04 22:41:53 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Passwords.lnk
[2011/03/04 22:41:53 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Favorites.lnk
[2011/03/04 22:41:53 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Documents.lnk
[2011/03/04 22:41:53 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Pictures.lnk
[2011/03/04 22:41:53 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Tracing.lnk
[2011/03/04 22:41:53 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\NetHood.lnk
[2011/03/04 22:41:53 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Desktop.lnk
[2011/03/04 22:41:53 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\SendTo.lnk
[2011/03/04 22:41:53 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Recent.lnk
[2011/03/04 22:41:53 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Video.lnk
[2011/03/04 22:41:53 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Music.lnk
[2011/03/04 22:41:53 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\...lnk
[2011/03/04 22:41:53 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\..lnk
[2011/03/04 21:13:14 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/04 18:37:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\x.mpeg
[2011/03/04 18:35:02 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/02 21:12:07 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Desktop\Google Chrome.lnk
[2011/03/02 21:12:07 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/27 15:41:46 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2011/02/27 15:37:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/27 15:37:48 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/02/27 15:36:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/02/27 12:58:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-879983540-682003330-1003Core.job
[2011/02/21 21:23:31 | 000,168,462 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\My Documents\99879014.obml15

========== Files Created - No Company Name ==========

[2011/03/08 22:05:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/08 22:05:50 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/08 22:01:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/08 22:01:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/08 22:01:43 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/08 22:01:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/08 22:01:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/04 21:12:12 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/04 21:12:12 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/04 18:37:14 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Bluetooth Software
[2011/03/04 18:37:14 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Application Data
[2011/03/04 18:37:14 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Local Settings
[2011/03/04 18:37:14 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\My Documents
[2011/03/04 18:37:14 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Start Menu
[2011/03/04 18:37:14 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\New Folder.lnk
[2011/03/04 18:37:14 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Templates
[2011/03/04 18:37:14 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\PrintHood
[2011/03/04 18:37:14 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Passwords.lnk
[2011/03/04 18:37:14 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Favorites
[2011/03/04 18:37:14 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Documents.lnk
[2011/03/04 18:37:14 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Pictures.lnk
[2011/03/04 18:37:14 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Tracing
[2011/03/04 18:37:14 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\NetHood
[2011/03/04 18:37:14 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Desktop
[2011/03/04 18:37:14 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\SendTo
[2011/03/04 18:37:14 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Recent
[2011/03/04 18:37:14 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Video.lnk
[2011/03/04 18:37:14 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Music.lnk
[2011/03/04 18:37:14 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\..
[2011/03/04 18:37:14 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\.
[2011/03/04 18:37:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\x.mpeg
[2011/03/04 18:35:02 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/27 15:41:46 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2011/02/27 15:36:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/02/21 21:23:30 | 000,168,462 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\My Documents\99879014.obml15
[2011/01/16 21:34:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/18 12:30:31 | 000,452,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/02 23:06:49 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\sspdfpmd.dll
[2010/08/12 09:18:55 | 000,232,840 | ---- | C] () -- C:\WINDOWS\System32\UBS.License.LicenseManagerBIL_nat.dll
[2010/08/08 22:58:20 | 000,232,840 | ---- | C] () -- C:\WINDOWS\System32\UBS.License.LicenseManagerACC_nat.dll
[2010/08/08 22:58:15 | 000,232,456 | ---- | C] () -- C:\WINDOWS\System32\UBS.License.LicenseManagerAccExe_nat.dll
[2010/06/11 22:05:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pool.INI
[2010/02/11 22:00:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/20 23:26:10 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\PRE-LOADED\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 11:09:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/14 11:04:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/07/14 11:03:29 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2009/07/14 11:03:29 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2009/06/13 11:42:46 | 000,014,028 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/04/16 15:32:41 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/16 15:32:39 | 002,281,472 | ---- | C] () -- C:\WINDOWS\System32\ig4dev32.dll
[2009/04/16 15:32:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/04/16 15:32:37 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/04/16 15:18:17 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/04/16 15:17:22 | 000,000,332 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/16 15:12:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/16 14:42:28 | 000,090,772 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/04/16 14:42:28 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/04/16 14:42:28 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/04/16 14:36:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/16 14:31:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/16 07:24:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/16 07:22:47 | 000,334,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/23 17:40:06 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2004/08/03 09:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/01 22:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/16 19:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 13:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/22 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/22 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/22 20:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/22 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/22 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/22 20:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/22 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/22 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/22 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/22 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/07/14 10:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/12/01 19:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/03 23:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2010/08/12 09:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/02/27 15:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/06/11 21:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2011/02/27 15:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/12/02 23:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2010/12/13 22:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/05 15:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/12/18 12:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/12/05 15:01:49 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/12/02 23:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/14 10:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PRE-LOADED\Application Data\ACD Systems
[2011/03/11 20:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PRE-LOADED\Application Data\DMCache
[2010/11/23 22:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PRE-LOADED\Application Data\funkitron
[2011/03/08 22:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PRE-LOADED\Application Data\IDM
[2011/02/27 15:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PRE-LOADED\Application Data\PC Suite
[2010/11/27 17:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PRE-LOADED\Application Data\PPStream
[2010/12/02 23:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PRE-LOADED\Application Data\Smart PDF Converter Pro
[2010/12/05 15:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PRE-LOADED\Application Data\TuneUp Software
[2010/12/13 22:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PRE-LOADED\Application Data\URSoft
[2009/10/21 08:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PRE-LOADED\Application Data\Webshots
[2010/12/05 11:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PRE-LOADED\Application Data\Xilisoft Corporation

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/04/16 14:34:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/01 19:17:47 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/08 22:05:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/03/08 22:16:30 | 000,021,479 | ---- | M] () -- C:\ComboFix.txt
[2009/04/16 14:34:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/17 21:52:59 | 000,197,777 | ---- | M] () -- C:\debug.txt
[2009/04/16 14:34:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/16 14:34:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 06:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/03 06:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/03/11 19:56:40 | 1497,366,528 | -HS- | M] () -- C:\PAGEFILE.SYS
[2009/07/14 11:06:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/10/21 08:16:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/07/14 11:06:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/10/21 08:16:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/10/21 08:20:36 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/04/16 14:34:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/04/16 07:22:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/16 07:22:01 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/16 07:22:01 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/04/16 14:34:37 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/04/16 14:39:38 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\PRE-LOADED\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/04/16 14:39:37 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/16 14:39:37 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\PRE-LOADED\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/20 16:49:47 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\PRE-LOADED\Cookies\desktop.ini
[2011/03/11 19:58:33 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\PRE-LOADED\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >
[2003/06/13 17:23:06 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AppLoc.exe

< %SYSTEMROOT%\inf\*.exe >
[2004/08/03 08:56:58 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/03 08:56:42 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/08/20 04:29:46 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004/08/04 00:06:34 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 00:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/08/04 00:06:34 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 04:29:48 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/20 04:30:06 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/20 04:30:06 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2011/02/13 20:24:43 | 024,077,742 | ---- | M] ()(C:\Documents and Settings\PRE-LOADED\Desktop\YouTube - Rainbow (????) A MV.flv) -- C:\Documents and Settings\PRE-LOADED\Desktop\YouTube - Rainbow (레인보우) A MV.flv
[2011/02/13 18:40:25 | 024,077,742 | ---- | C] ()(C:\Documents and Settings\PRE-LOADED\Desktop\YouTube - Rainbow (????) A MV.flv) -- C:\Documents and Settings\PRE-LOADED\Desktop\YouTube - Rainbow (레인보우) A MV.flv

< End of report >

shengxian · 2011/03/11

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/16/2009 3:36:28 PM
System Uptime: 3/6/2011 8:29:32 PM (0 hours ago)
.
Motherboard: Acer | | Aspire 4810T
Processor: Intel Pentium III Xeon processor | CPU | 1296/800mhz
Processor: Intel Pentium III Xeon processor | CPU | 1296/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 117 GiB total, 80.92 GiB free.
D: is FIXED (NTFS) - 116 GiB total, 114.349 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 12/5/2010 10:57:10 AM - Removed UBS Accounting System 9.2
RP22: 12/5/2010 10:59:13 AM - Removed UBS Inventory & Billing
RP23: 12/5/2010 3:02:18 PM - Installed TuneUp Utilities 2011
RP24: 12/6/2010 7:56:14 PM - Configured Microsoft Office Enterprise 2007
RP25: 12/7/2010 10:35:18 PM - System Checkpoint
RP26: 12/9/2010 9:39:46 PM - System Checkpoint
RP27: 12/13/2010 1:12:39 PM - System Checkpoint
RP28: 12/13/2010 9:30:03 PM - Installed WD SmartWare
RP29: 12/13/2010 9:31:35 PM - Installed SES Driver
RP30: 12/13/2010 10:26:42 PM - Removed WD SmartWare
RP31: 12/15/2010 5:33:41 PM - System Checkpoint
RP32: 12/17/2010 3:15:39 PM - System Checkpoint
RP33: 12/18/2010 12:24:27 PM - Installed Windows XP WIC.
RP34: 12/18/2010 12:28:54 PM - Installed Windows KB954550-v5.
RP35: 12/18/2010 12:29:04 PM - Printer Driver Microsoft XPS Document Writer Installed
RP36: 12/18/2010 3:34:14 PM - Printer Driver Microsoft XPS Document Writer Installed
RP37: 12/19/2010 8:44:24 PM - System Checkpoint
RP38: 12/21/2010 9:49:18 AM - System Checkpoint
RP39: 12/22/2010 10:56:47 AM - System Checkpoint
RP40: 12/24/2010 9:32:34 AM - System Checkpoint
RP41: 12/25/2010 6:13:37 PM - System Checkpoint
RP42: 12/27/2010 6:41:56 PM - System Checkpoint
RP43: 12/27/2010 8:17:28 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP44: 12/29/2010 11:52:13 AM - System Checkpoint
RP45: 12/30/2010 3:33:34 PM - System Checkpoint
RP46: 1/4/2011 12:04:56 PM - System Checkpoint
RP47: 1/6/2011 10:51:30 AM - System Checkpoint
RP48: 1/12/2011 10:25:42 PM - System Checkpoint
RP49: 1/14/2011 9:46:50 PM - System Checkpoint
RP50: 1/16/2011 1:38:21 PM - System Checkpoint
RP51: 1/17/2011 6:54:42 PM - System Checkpoint
RP52: 1/18/2011 6:55:07 PM - System Checkpoint
RP53: 1/20/2011 1:01:52 PM - System Checkpoint
RP54: 1/21/2011 10:12:37 PM - System Checkpoint
RP55: 1/24/2011 9:56:37 PM - System Checkpoint
RP56: 1/29/2011 12:54:14 PM - System Checkpoint
RP57: 2/8/2011 12:38:10 AM - System Checkpoint
RP58: 2/9/2011 6:07:05 PM - System Checkpoint
RP59: 2/10/2011 6:08:53 PM - System Checkpoint
RP60: 2/13/2011 2:43:16 PM - System Checkpoint
RP61: 2/14/2011 7:12:37 PM - System Checkpoint
RP62: 2/16/2011 7:15:10 PM - System Checkpoint
RP63: 2/17/2011 7:52:17 PM - System Checkpoint
RP64: 2/19/2011 2:15:47 PM - System Checkpoint
RP65: 2/20/2011 9:32:10 PM - System Checkpoint
RP66: 2/24/2011 9:10:23 PM - System Checkpoint
RP67: 2/27/2011 12:15:46 PM - System Checkpoint
RP68: 2/27/2011 3:29:52 PM - Removed Adobe Reader 9.
RP69: 2/27/2011 3:36:28 PM - Installed Windows XP Wudf01000.
RP70: 2/27/2011 3:38:06 PM - Installed Windows XP KB926239.
RP71: 3/1/2011 11:16:13 AM - System Checkpoint
RP72: 3/1/2011 4:05:01 PM - Installed Java(TM) 6 Update 24
RP73: 3/3/2011 8:27:34 PM - System Checkpoint
RP74: 3/4/2011 9:11:17 PM - Removed Adobe Reader 9.2.
RP75: 3/6/2011 12:26:50 AM - System Checkpoint
.
==== Installed Programs ======================
.
??????? 2.3
ACDSee Photo Manager 2009
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Akamai NetSession Interface
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
CamStudio
CyberLink PowerDVD 8
GOM Player
Google Chrome
Graph 4.3
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
Internet Download Manager
iTunes
J2SE Runtime Environment 5.0 Update 11
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Application Compatibility Database
Mozilla Firefox (3.6.13)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RixKeys 0.22 Personal Edition
Segoe UI
SES Driver
Skype 3.1
Skype Plugin Manager
SMART BRO
Smart PDF Converter Pro 4.2.3.264
The KMPlayer (remove only)
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
WD SmartWare
WebFldrs XP
Webshots Desktop
Webshots Toolbar
WIDCOMM Bluetooth Software
Winamp
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
WinRAR archiver
Xilisoft Video Converter Ultimate
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
3/6/2011 4:31:41 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
3/6/2011 1:03:48 AM, error: Service Control Manager [7034] - The WDDMService service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 1:03:48 AM, error: Service Control Manager [7034] - The WD File Management Shadow Engine service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 1:03:48 AM, error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 1:03:48 AM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 1:03:48 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 1:03:48 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 1:03:48 AM, error: Service Control Manager [7034] - The Autorun CDROM Monitor service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 1:03:48 AM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2011 1:03:48 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/4/2011 9:02:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Pcmcia
3/4/2011 9:02:30 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -57739 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|10.1.1.1:123->207.46.232.182:123) is working properly.
3/4/2011 10:16:19 PM, error: EFS [6022] - Cannot Create\Open System Volume Information directory.
3/1/2011 4:05:39 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CK-ACER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A157711A-4EA5-4BB5-9. The master browser is stopping or an election is being forced.
3/1/2011 3:27:52 PM, error: Dhcp [1002] - The IP address lease 10.1.1.2 for the Network Card with network address 001E6410F87E has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/28/2011 9:35:35 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
2/28/2011 9:35:35 AM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 001E6410F87E has been denied by the DHCP server 10.1.1.254 (The DHCP Server sent a DHCPNACK message).
2/27/2011 11:11:57 AM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 001E6410F87E has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/27/2011 10:44:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WD File Management Engine service to connect.
2/27/2011 10:44:19 PM, error: Service Control Manager [7000] - The WD File Management Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/27/2011 10:42:42 PM, error: Dhcp [1002] - The IP address lease 10.150.119.97 for the Network Card with network address 001E6410F87E has been denied by the DHCP server 10.1.1.254 (The DHCP Server sent a DHCPNACK message).
2/27/2011 1:11:48 AM, error: Dhcp [1002] - The IP address lease 10.1.1.1 for the Network Card with network address 001E6410F87E has been denied by the DHCP server 10.1.1.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

shengxian · 2011/03/11

P.S
Sir, my laptop, sometimes after several minutes or hours, it would get lag. And the sistem was extremely slow to respond. Only after i had restart it would it run normally

shengxian · 2011/03/11

my hard disk still shows my file in shortcuts and setting to view hidden files still couldnt find my files.. haiz..

shengxian · 2011/03/11

http://d3.zedo.com/jsc/d3/ff2.html?n=790;c=3295;s=833;d=16;w=1024;h=768

this ad keep jump out

broni · 2011/03/11

this ad keep jump out
Click to expand...

What browser?

OTL logs look fine.

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

shengxian · 2011/03/11

internet explorer. and i am very sorry. because i was in urgent to use my hard disk. i downloaded the disk security.

broni · 2011/03/11

i downloaded the disk security
Click to expand...

Say again?

broni · 2011/03/11

i downloaded the disk security
Click to expand...

Say again?

shengxian · 2011/03/11

the ESET link is not available

broni · 2011/03/11

What do you mean?

Did you read my previous question?

shengxian · 2011/03/11

i had downloaded the USB　DISK SECURITY

broni · 2011/03/12

What is "USB disk security "?
What happens, when you go to Eset site?

shengxian · 2011/03/12

last few hours. it is a programme to check the usb inserted in the laptop.. im sorry for messing up everything.. as u had warned me not to install anything.. sorry..

broni · 2011/03/12

Can I have a link to that "USB disk security" download?
You didn't say:

What happens, when you go to Eset site?
Click to expand...

Log in or Sign up

Solved Files in my removable disk are changed into shortcuts

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

shengxian Inactive Thread Starter

shengxian Inactive Thread Starter

shengxian Inactive Thread Starter

shengxian Inactive Thread Starter

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Files in my removable disk are changed into shortcuts

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

shengxian Inactive Thread Starter

shengxian Inactive Thread Starter

shengxian Inactive Thread Starter

shengxian Inactive Thread Starter

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches