antispyware soft trojan

2 posters

WiredWX Hobby Weather Tools :: Archive :: Technical Support

antispyware soft trojan25th April 2010, 4:42 am

help help help plz this thing is driving me batty

Re: antispyware soft trojan25th April 2010, 4:45 am

DDS (Ver_10-03-17.01) - NTFSx86
Run by default at 0:39:58.89 on Sun 04/25/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1322 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100424-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\default\Local Settings\Application Data\asam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\3OD1ZFCQ\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://pogo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Search panel: {16b80734-7dd7-e746-a8f7-1b5190e9abb4} - c:\windows\system32\ntonwvaneas.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [asam] c:\documents and settings\default\local settings\application data\asam.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSN OptimizedIE8;ENUS)" -"http://www.underdog.be/games/warv43d/"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [asam] c:\documents and settings\default\local settings\application data\asam.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: LegacyDrive = a7be97e2eeb48fa6dc7dc2a74c138ddd2551b211e063feef447a295c74c4fd092c9bba4948fcba20863c519c8cf6f7682d48a99ee83f8cddb18fd49bf488e4bdd845b665c0277e0c18818ad0f04e956d0f1ec05c3413f1d8d14b5f8dee7a7c7ba1312453df611b24921ab636ec99d836fa8220947c6a612af498531efd0d8809dec1a1595f30c1f3db15421d9776a79c52e0d2191ef477ca6ed722d14e6fb594d89c10228f8c3701350f918d077aebeae53fc13db3c1b91cff667142e4ed7a882e02a410be0f7dc4305614ffbc3c03895ae8acc92a0dc23612040b0fa91e654c543807d4ae90af0af02ed628000387c36c437629de45ab16af4b717a9e65ab7dc89267c1d427b6e76f75ba54f8a600357ce810c0e4cd43bd6df2d54659df3bcbe42fb7587af1291b274d28214f6b51609f90df98fa438b7cc05a4f57f5a7e1775589754f562dd392ae020048156d1b224cbe850b5e6344ff265caa2011ef3107259daa5843549799a9e6d544baba7e1a02c20dbb75adc374f75d4a58229b9892bf430a17f9a55903e513bd1341989f5be289917117c587cf823c447826ae12dec0b5b6045b06a3e01ff46e036a35827b21e915f949d85a2fd1fcf97cb23fbccb3a858bb8a5ed9af5ee54e1ede4c01bcda7802b35ec76368fac0a3f649e255c0127a8bb6f7d00e3a60cfb3cfe19dad2e6a5a756d894c9658c0ed50d6d26a78e49b9b25d4c99946f2febedb3adce72e0373d3d72e83767efbb1dd9976ffc5b5f5bfc4afe75095588199d5b6dc2d655d4cf2639eb884c1e7b5c83a0bf6cf986764e82a2370a8ef905695824237061f629271d60589eec912b324b612e0d4cef13ec43890325c3cd3297e8c90eb6c536f9996e83792dbfb0d79ffb7d26cf59ddde5fbfa8c70acd9019381d56e1cfc93da64b2ebf4d11f0803a003e80b84a58949b824e1723f50add243e90686415855f4568ee3ba4adfb3b44007684bcdf46125a6da321f9676ce492376dca68603100821d17375e45a8a7e472285499626b90159eeac1b7591664979aed52bc9eca429077819090faab3c48d83f367f0b62d9af7481d0b5b7c29c91d495e5b0cee389546f9bce8139895e03587ae2b2d6a0d3f50e388d856369a67432707d6d04fa163d09d12592c2bb6803fd9f3a5106ea66ed1c3139ba2218db139772de10c8aa18ea054461ae4c915872451d916f9a77b1c1c8bfa9aadb5b95e378ece4302181ba37b50a9292360f2823cfa296a81692bd8f8ee1e60b7078a967ab1a0e9a2997f31d5442aef9d9a4f224ab72f70dfb4bbdd5764769318201e01c0fb2073845af711d6fead3fb0abbb9801ce177fcc7c361c31efc3fd23717fbb682979daa593b7900d880a7c2ee66b498b47797ecfe06e74d30b54b115439313f69c462c3abfd551663fe1ca54acd62ff039477bc11d99ab53c54787436fef0ea7e6b1960855986b00f89c9b5ddcd35008963e8cdb181093557314fa5885fc38e3c31c65e7e9655b0cd228cbfc119ec6921f1cad3b2151edbcd687041c3509f3a85416270a4dfdc4b7c63716fab3fd786c805703f5285d796e735b856b7d7e6dd3755a7201af052ee7d991d79629f30125f8bfe349748d4c4ea88b2f79769625b350d40a8dda8f821c91b39ceb2ca294b974d4c1bbb68a83eec3e27060bc13c26c96dc90caf36417161bf092e23cc25519cfa1070daadeb3d974bda5bbba8ac7021c0ba7c9eac1169e940cfd3e2d351da69aace9fa49b4f5af84c796b59ad04f961c66fd99fb3f2b131edb55d95ca3f91bc4831c06006343d989330a0aaebbe6c203fe1ef1ef5f069f2f0d770ed117f9271fe8b3d4ca32245dc44f4d843f37dbf4dd6147dc3a06d8f80d4d29fd392affa25b15444dc0ff76a7e25f8d91adf69eee4aacead1fce21b540fe1a73502dac9792a4d3c466528d8c6d63269bee13b93278c5a2f4d7c94f1b4bef9950bdad66113d20710273a2bced91ef250786863a7575524e0e658acc633ad6ccfce4b3e4e5d6184169ba5af61e634d932103acfaa39ebb6ea5be2aedff693dc0a7502a50963049c23b91ff54a728e8cfd6ff7826fb4d95f94d404a7159f9bf6b9cd869da51fb7e668801ac5978140abc16264fbde67a415412677127b95926aa8918978a904d5d4c4f41273111e9b05e7ab920ee3963338c16e5a29b13b4258540afee4204b52ecebcb9dadaa419afc1fb2b73bf62197f5d85f07a30fef367c37635e2d20e67a6b9fdee532b7a386e27dc51aa2800b1669deb587698b01ebf26ca94447caf714ebe06581534847a182fc949134a93dad3f0328e481f3cf1dc6b81e2034541f5137d9d1556064c6e5ef98f8999dd67b9252605b7e6fb8289d53dd0a89bc4f1615eec667cdb9550eb1cb5d561e60ceb0c65520ffead5a94d33fb2a49f2d3381257fd6114ad4c99ac84cc3ca27a694fae9a600b305bacd7298dc1ba8d6baf405461524f62f674b6d4dc830e0c91258946844d8e51b0324671b3729b7525d9705d7bdecefa3fe7b874fe157a51f2f728140f006814ede344f191aeb2fa91d0c9080f0cce01ea059a5cbecc0ca90420e3687eab5a3548032aef4a7ed2ab5fc61baf986497c9f71fb49ce66d7cc463ae82da0efbc19e836cf66ab3248f6517fe3ddad732fc6d3a4f9922aaa0843c2260a19e702cffaf6fbb5176f5d64cd4c0ebbc991ce097025bd817ee01ee8ede5be5a911832488b2075ab198f21fc623bc26b6a6d8d2041433cc67a53194adf9158e06373a94858530e4fe314ea98ac085b9cda11caf03e07c1c6ce5afcb756f9c2c06a72758a9f5a68eefaeff2d4b8a9fcc1abf1fd70c668845bc664dbb2ecb3ebcc008d5cbe96c6fe2d90486860e4c1de999f9978a62a2781b3cd241e627160301daab37babf53707023db4c65da55c788e81b9cc94a5e3c870e9e3f66a35cfc3905fc5c615652e583d91fe26531081e2904558383f63be041f3b10c209528d46d2375aad7314c9936782da8655a202bbef692c001a3bfef24fbc5d7041e33350c04f7050dddfbd4e4f4f7ddabd153ab0505da006f8a543ec16209ad1e85b0d4a48204f0f979aee46f4bb2905b1db011207a292ed0827a410d6597e75139efa5998bbdf3f6af46a39e9742e634bef1eb04985e9afe918ea86f29bc40f4fd754d2e8a759a509b1317bad984235fc7398ba127fcf4a0210340f1bce27f66a1dc3bc7fddc24c74549a482c68ece6d9121ffdc10f485f41d94e6a12d54bdacbce35e1e6a7a2bd7a893b77fa3dc13ce8010ecc0e4463b8d0ad5980bd5f1af8647cd0f069e75e13d84f4e10b8690bf8e47c51e71623e1e7454e7911318b03f53b840d3d7bc8798c0dce76acab36aee981fc53c1b83ce7f39d652d214bed1dfa0c09eb6b633fd15bf0c10e9995fb2e13d7688d4887a91700a1d8513a741a9d660373b9d4acdf8a6d079e18a111cfd9a08a4032cd9b853b6fbc47c3aad5dffa93aea323f72f5e807b159949f374694fbebec9b24b383df7dbaab65a895bb665883cb4c1ad64c24d2dbc6d6da7fce5a465d65d66de70b527801857b8ad335fd30477fef4e15b206b27cb4cb0b73d1fccf6564e0f03f65f4b3eb121660a361c17528dc748659dfbc005f1a8febabcc7686c1a90a53198ec4764f72dadf72dfd270aad945cbce82ee94114bd4b342cdbff2f3802e79acefff0c0afd9a4f22899bed722eb4600a0cbdce4471770fbc69543da67380e9fe39f808f7bdfeefe4482466fc3cf46fdb94cebfa40822bd51700e6413ba31b93b714576cbc917499f4f17f3714e2fa1bb0e776447054de55a2d074ae7bd3ff908cbc336dcfac789c8ae0ec50773eabcb212d4ecf91aab1562a98fa82d258d7d7529a06a800731bcf9baf7ea17668b321d9d7de74a46b86963518994a8cf2f8b057adfa95f146380276920aac5b7dbb806509572d1cf0bee27c8bf859eff2c814786584e631eb23b6f738988064d45e9cfd7a5543adbecc4f72f3df42574c038aa241df044e355dbebc5502ec01a5c37a8f53f478291156bd54e037755d6be2ca9b3d0bb4f4326d0ea22bb1ef37069237dfce3f68e62e00b87a2c1d64b113fb46cdb189aabfc3da5eebae13082b7088bc16d522ce82ee04e5fc47bf6e514638e19fab66846a6eebc67320ac45f4e4c9ee32bbd266520638a96d4501f1e625c0dafcbac5c39b09917778c98c0d5c6afa0cc0572cd39b79f33978fc5a70cb55952f85843410e6ff969c36936fb834e8c6ec2a8f714b3152e309fa2df333b1a8de9d2863901c31f31ff64bec9997823fff8690c79197481e4c6135b5b2f27e24c9c20cbe66e6ef69ab86feaccf91be0a1daf868fa84078e0a8bde33137c1019de71deb25bd8ff812f0433497fb990eb2f02951530f0456c0973d7738dca9c6d69ae2ffb98992bc6232eee85d008076249a2a5340706899b194d50590ccf1abf3e5d421e8114af799a7d4b48a99e40b31ddb0289d95daf1a97b478c75822e2117ba6fe18d752747f6a8819d0294cec3a8a5d92c179a7429eee6576aaf562bc171f5e12ad62c48093d2edfb23993e7f12e4143bd3ca9966797d0ba6d779b54ea5a236ae204ab80d6c5d50196fa15e157d6658105633bd3dac3b8be30bc22c4947394e21b78f4b7f90326e94f7d7fc545437d2559a6b597f6360cbb49e7402aed50952c24348d991ad84c98aeb2446086dafbeff8600fff2be37736795f0b9d18474753fad44c82f19c27931766569e6d3d8825c2c3a501d7c80e9cc01b26618da011712aa3bb98846c971d7fed14bc23c29672854b2970a3e2ce84a85825986094847bee7d4ae5c11a71b5c4f8637cd5cd0f3f795a3b79ce961c60c008246980751b0e32bb71cfe6fdd377ca00fca09ed5ce7968b9a1b0c76839db2a4e99c0a2ab778c51a6acbf83f073b9ebfacd862f6524fba7b92e02625b14326bb9d4a34ac8e300cdb017dd08c5c54b9aba26aa321100bf52d68206538d6f4aa9697e7269bf019e9508b9c673664f3bb20b73d510b08cb24201267d57a1e8924a6fc662d80877198f8c2a7f28a5751c16c68ea05fb1bd81ab3c11e69a5452c45b4238477b2dda73fae1690ba4ce1eb29e54715040be3e8cb7228cff877a75b54ea5ac27f403e3cf57088de03290e93443733c86ad5a5de19bd17758269d0bf8784f34fb32192f3e0ce11af5bb94fc9e18bd06337e5619a474dd87848cab1e038a8299631cc9651b0fdbac10127057114479a33be28ddb77bd8b7144ec814db7becc65bff2818eae2b0c91f59e17822f0ead4d62faa092811528b335f6cc2adc118621d2e6223cf078e7ba530179bcfc5fe4fee403e380223e9292cbe20b37ec98e4ffdd245e7319eadfb34cb1a35eaea8aeb290a605f534b61d13e2d3948838f01f80c23bc33dcaa349ba7298ec8eff12541278d4c8c670f29ff120da91f788b9eeaa51f7a17e48fa239c42528f44d058a5be66c51494bd7df9fe75aca39eff14996dbaa5def55c4f73c294141e13ed616ad4f69eefd1a004d324e7af91efb5f4f95103f478924171f89aa1f8e1cdc1aec1687f092cece738ac89f78f50e45471ff173c730bf9bcbe09a023b5e125b6d821a7a5e997933e4d1e2261b4b82334fdddfa175313e9db9dbf8e2e153bad5a36283030dc06e66c3ea701a648a00ed6f61f37aacbeb33ce56a43a6bac5e17ed158f7f0a062ba100500dfe1e96997b8504a0b5303e839432979c233f84d99f6e50aacd3d111e91d6da48bd9132e827b9c547fe95935a635e9c054c21139ecef9b77150bbd237fcfe764521e50704d539f9a1debbdb06d3b895087eddeee2854d51e249f1d0620f0f69fa5d1f88f4a7dace002b9311291acaa408f8ffd83845c4dec2095d163f799ded3660c7121deaa831bf4af82f3cad81bd516d832ed9885885945054d32864efc065de2667cdce1e6754e70b36647950b9249fe712faba04b94e1ef5cf920a4daf7fde41c5c4a18852a315402c519175cfe5a607ec5442b6928879da09b38555fee20bc7e1d59f008c0e8bbb2528cc89456a5e0b5a9cba644a199cee5826092c4c829101ce3ed11f14cf3dc1bd621c9dfc6f99d414f89168ad73953fc1aad127777db799f3d0a93fcb310fb3bbbba88a993a1d918b8fdc56775623ebbbc75be61fdaa8ac07afbef0ed2cf6760fe8a11d65489c1cd6e7248cab3cec2644776db24f0aab7e51a43224ec6e4dab0d270cf6dde96e13fd5fc81210326b187bc481af68213860113223843b34dc570069ef4ed20ef3abbd8cfa4eecf22cce6fa3aec83b4cc877731a4885e6292121c0d83f585205ba218be3c7447f28d5c6368c49c661d074a5ebffc269d0f33464321c1010a97dd63edbf777704ecac28379591f91212d7f15e33d93500c6d3cecb15443e0fd424b93c582044462dbdca1a9bf5e8bd6b15c576187b6f5c4e2592b02c709428ef35d00686f0bd589646559812f24f65fb865e2d100f1518cfac1e8ee9cc174e235d5dc05011a5406fb6ed453f232c9f2df4e0aac76c1760d71fbac5bf8570741a66bb2c9b1a437e885d0fef96730106a58ce21b63c10ce933b8e236c68216011a03cfdaeb580ebf9cc8a1db004104743592ce6cdc7f78049b25a2d038521564c995195bd7259bcbdf0a5d2d3e173ba5ebbbca1a339965314999d08d2089880705b5a52faffe5803633d6502974fd57dd394bd762e1f14b13eac63f1a63e96537a4a8e6bc3ca1f6dc2b27ab2651e80fde4d27cc732aad1f0704a3f3a80efcc0f931904eb50c11d5443a40628cd3617c0935ec082004856ab06f2eedebb5bc6564e8871268f166c892d5db4d9a368a036e1df0c784f651186edcf27cafc118891fcde4f2bea77423c3093762b27e5ab5c3658d9bd0470bf97268d457679c3d4c385cab3718199c300ed0e73f57df44cb05170e55ed124865c0c7dec5785b2eeef63ac7c0e9677176f110cf6dd80466feb211ab2786e48db77e4ab283a47594f355a28fc0f3f838fbdbb4f1529783ba8f542f4a61967e5f5f2a57524a5c27ee926b83821c3a0f3543489e9a1de29b85ff98a71c43ed833197485231cfbb5656121517e33c65fcf40650a6f8345623136c5665c04855f3bbaa7bdf1e505ef8caa8834008e522a170522adb0ae685c1b4199da5c4f71f11ee73ffb767fdbcab4a57e5d03ba4c5dc904bc1dad11cd933244634dc3ff9502aade333dcc454ff5cd8a0c742aec4a11a334dfd676e7635e7b49164191ba87cfd3063931bed2c7ec6e592a1a2c2eb0564f13eabd99c60212ad95c529d5e2118a22003363bc31939a1833ce98d0ef4f8f84232e576394221c583fb71a6b23993eb1c8c24d2dc32c1911a436c328c2c32a13d5e0b048e47024a7a8296071e4b5f7f7835f5006f1f0d76c21364e5392752e329dcde78fde0954bd897d6941da83fc585bc65706f82c86577f7051a49e44e51b7a818f40a37134496635f32915bfd0d2671845ec4201510bc4d90d50bcd08c474287547d3e59ca934ad65863a0b3c6d7f891ef987aa4eee586e9d6cdc27e9698688e45d38ff163f654425b17232557763d74b2eb3c7163b83b57001f7444057de1a64399136aebd1d842c49a4afad04003798808aaac37fe4dab84cb7f00adbbb1352316f18226b0ca59501b7962a4cfa9fd24675334791d1a5a0bcf68e22c17e6e5ad26996685512459e2d61114a3b4388cf245718fb55ea2c9445269834befa863757cf8dd2b374b844c836b1dcb781c50357a3981f86d218b6bd71afd7e78fbdb674b14596a9d1e6ec3aa60ec11a266a589249a1119011418d42c7f913e4870a32d7fef8a8f27385831ce604df861b3319cea7a1d8b5c3184ff74dcf6d13d3ea54f5a8410ed137627b5298d98ef461afb9aebf30a6d5c5f1283d031271a15bc1854510ffeed920a7b2a1d4ac82d395a23440018073373ebca4b6a78e176e832413846b36c20288544910b8f80523eb5e1471cc9618a8a4d737df7c1666cd82d7e839af4411b1a67c507fde2d6cd903650e589aa580abe437b48d06c288f4661c488c585fdd7563fa3fc5e65c9b6a0ce55197d1f25741e6bf0822a78bbb044df79a3c65b0b175804d46af2d7a69862457cbb8c41bd4e2c0fdef8a155429623ffdfacbacfd6299716738163b80bf4989227b9578195e43eba06596f3bea9322b313fe3fe49889a699c10be02fab6c73aa40e08dfb803cce4f0c1a5658cd101e68d86fedc2499806e6a10807c5164a6e1dbe21bf58a52985617d7c4e96616bce71bba9af36d25773c2f432e258b28d187c697685bc37592cfc97d6f998534be8c53204369b9356cf734903356386846907241667150620d99c38a53cf43df129814274908c93abed906b7e8baf88af70be96c3fa504a43a091ccea64a0c2b4d5a09e937737aa41eb6092c2212fa89be68bb3cfbedbdc8e3cf8371391bf84467de0657b88a6452c79cb02e377cbd3da5a52e6bdb0544c347a7f4c635ab8f3d9615e5b8e8125771dc1fb8f59560edacaf9509698049b7409d4cd897a0646e802940b94623ad9f46490c5101e8042c6fe674dd9503acc9595fdcac963ccc806c06cea0d990f12d8efba178b1fbaf8b02adea2b69d97c6b043910de6916914c8ca634a9e399b847c8efec4a1e0c735c370ec4a3f55e74f03085b83a5842254a5cd9bbb7caad22153711336ae15cbae1933b7bc3c94c9573a215e85fd7c13f832fb6aba4e29c3e56c5439d7ec042120f81dedc17722dcaffe97a080e9fec38306463c4f611a373ddbdb43bd3348856f7a4df98a19a6800a22d298dcd792053b5502bcdd9b92b25753e6752923caefd52fcb25f182022c317e3d6e820a24da7b89b5ad56ef51a6b6b0129e44bc016e72ba51426049cf286374a4d80699704c7906aec2b4eb3c5bd7eaf6d340d67548f0cb37a30fc031df2f98760f8b90fb384c903a86df316fb1462d6cf9a08813a503d1b046fa9bdac0a6330ac405abafeb6f538df44f66dd3efa49ae918294f40f23980ca39f4db50220e59b78d2d14ec8182925896dbfcfc453ec9f3864f5f1e8223ca6455f7a6051222402b0748f8c243d1ea8a5699cd6b58e91a082da7719606c939ef2b0f87e2f8f242ce26d7846f4c8943f7a6e6306114d8df02f466882961d6cecf48d6eb5f1b0d7a5c699ca499c1a594e6c70e2aee8682f46008b95a4d24fa18d198def1f65756a2d524ef16fe6055d81b2116cdcf83a923e443af85a68a78918a06c98b143ff6dd53f729a9947df5643f292d47389b00924eb5dacf71fc385a1f41bb2120807ba973089d5188dc28dbaf5a1428d11aa4435e19f6a18617d9a8ac3dde6d1803b2c2ec51ab7059e4a0c112f4feb242011418c63959bfae2dbe13681fc79836db658d31a41a798d6f5d061e4f40121b31500423c9bd5c7dccbb8ea460271103d06eb3fd85ab2f30320f01fb4e86793dc7970f60f58cf697ccd4f3e86357a5705c61e5cc2e754bf6e20ac23a5ff70e5b302db1e187a410b48296d2eaaeec89dec9f59482cd5e43f6295f3d5952321fde7ac966239fc08fbfc8917c1a8c071a82d3f5417be027dc56d190994905dce7022da5057e7db130523ef0249c2c0590a18501c7b55f72b85b3e9c20aee606fe006e3947c096c4dca15a83b9f8c8216f660edcd4b8d788f90bd8d75c34a5d75f5fcabcf9f517eae0acc43b08b75a94e98cb146eb84128b2cd23349c8b5a2ea58f26768b882e5a70d8802080785883b64cfca54b6408a22652b1abcf794c25c8fa06271b44a58ef5458a4ea098d4a639a21f862b6c56ee9443cec0957ed5f5aa4864f960c39b91697bc04f20895366ab594688595a177f79bb7fd48423180336945e84c62ce37e6464e74348b33e8aed8598db717d1c47ccce1461fa64b5d1554cdd254cc9afb2c92a41190b29a6b0be074f179d710ddbc4082bfb0d6abc460c80d377a5edd4800e05a0d41b45ec608c63365132ca74ec60a635b21b47823f0133b7c414a533e1b99104a6d81fea7cb4529bbbc420005aa4ca417bc820236f074bf87a793d72364e5856dd1fe62a3032bd0b4fef099527cb5d447eabc090cb4569498c2574f7642c76b1aa9da9f75f42285c7340440b54969639bd9eeb50e23f5fd5a17d474f873612714bfdaeb809b28930e9b65663d569bcf19bacf575ca23ed1d9abe6d41b43486f49026d174c3e27e434da99fdd85ef951bd4d95893ab2143ad9fdff5eff0df27f05d08e69484d85777fbf29d8b359f5ec5619fb4832ef7b01a021b427faeefa8f537109d665c999a2ca77322b6f0742fb47f36df13cc4248c6b7a7966902e32ffbff61cbc5609a1302f249dfb991a2c6eae8a144a988e01d63e03acf4c50808dc57b3256e240255c6a7158d122b9a0ea08d88443b4310eeb89dd07fcc4b4bc4202096c8a81553f53091e37b38e8d8f50121a94ae8fcaad2f3cf333bbbaa013faa28e1d0a571983030067503b6b7d8bc2bb9f156f0f8ca44f7ae88aa2735edcd021922c88572b4814f71dcdc0638032ff7ef85f5fc14b6c6a31222868c1619dd131e6ce82f52f7712f9a984dd633637217a0cb66ef37e3c6181f478b38b2f48d58265d45976dbad72059a4505904df2c5d6f771bad690e0422b3744b276178502483fe383d0552ef3dd4bc6dcd425539eaac18a32c965a3c78cda6c1e8ba6149692b722aca43c0c1c06e53092d9ab56ca2a59fd92211d11629ff4258ec5b7911e3543b09850f66b0529c1db2172925cd6e758fdf848898441fa1cd5edf717375dac38625c2f00abfc6aead7be0b4e05a1fa544c655da62756d629c90fe4763151f13ab797e939c92acdb8bb5bb8a281b0b50f98a61ad073139fbd6d35eae9b28b7dbaa8064f72ea909e11c136ac4236a3239757b242b83de9451f139dea69b8073e4216b7f9da326ca86c94adc16070c65501fb4dcdce751655d00
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYUS
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\progra~1\icq\ICQ.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://powersoccer.agame.com/applet/PowerLoader.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202270528703
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://pogoclub.oberon-media.com/online2/pogop/luxor_amun_rising/mjolauncher.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://clubgames.pogo.com/online2/pogop/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_177/View22RTEv4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://clubgames.pogo.com/online2/pogop/bejeweled2/popcaploader_v6.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\default\applic~1\mozilla\firefox\profiles\e25uzwt3.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/login.php
FF - prefs.js: keyword.URL - hxxp://hb.bingstart.com/s/?src=FF-Address&site=Bing&cfg=2-137-0-FTMV\n&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\default\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-26 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-22 114768]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-22 138680]
R2 EAPPkt;LevelOne EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-12-12 38144]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2008-7-25 18944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-11 47640]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-2-17 668912]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-22 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-22 352920]
S2 gupdate1ca42a8f378235a;Google Update Service (gupdate1ca42a8f378235a);c:\program files\google\update\GoogleUpdate.exe [2009-10-1 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 RTL8187B;LevelOne WNC-0301USB;c:\windows\system32\drivers\rtl8187b.sys --> c:\windows\system32\drivers\RTL8187B.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 S3GIGP;S3GIGP;c:\windows\system32\drivers\s3gigpm.sys --> c:\windows\system32\drivers\S3gIGPm.sys [?]

=============== Created Last 30 ================

2010-04-25 04:29:49 1172 ---ha-w- C:\aaw7boot.cmd
2010-04-25 04:18:27 0 d-----w- c:\program files\Spyware Doctor
2010-04-25 04:18:27 0 d-----w- c:\program files\common files\PC Tools
2010-04-24 20:24:27 25 ----a-w- c:\windows\herjek.config
2010-04-15 16:27:42 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-12 02:34:25 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-04-12 02:34:25 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-04-12 02:34:25 28984 ----a-w- c:\windows\system32\LMIport.dll
2010-04-12 02:34:19 87352 ----a-w- c:\windows\system32\LMIinit.dll
2010-04-12 02:34:17 1024 ----a-w- C:\.rnd
2010-04-12 02:34:08 0 d-----w- c:\program files\LogMeIn
2010-04-12 02:24:09 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-28 16:21:56 0 d-----w- c:\program files\common files\xing shared
2010-03-27 16:48:52 0 d-----w- c:\program files\Hotbar

==================== Find3M ====================

2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 20:41:21 69 ----a-w- c:\documents and settings\default\jagex_runescape_preferences2.dat
2010-03-04 20:38:18 0 ----a-w- c:\documents and settings\default\jagex__preferences3.dat
2010-03-04 20:34:13 41 ----a-w- c:\documents and settings\default\jagex_runescape_preferences.dat
2010-03-01 14:20:24 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-10-12 14:33:46 1236 ----a-w- c:\program files\INSTALL.LOG
2008-08-23 00:14:41 62464 --sha-w- c:\windows\system32\fusigoka.dll

============= FINISH: 0:40:40.00 ===============

Re: antispyware soft trojan25th April 2010, 4:47 am

sorry if i jumped ahead but have had this issue with another type before and knew to run the dds hope that is ok

Re: antispyware soft trojan25th April 2010, 5:09 am

sorry forgot i had to re-register and need to post the otl and extras logs so here they are

Re: antispyware soft trojan25th April 2010, 5:09 am

OTL logfile created on: 4/25/2010 1:02:03 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 148.82 Gb Free Space | 63.91% Space Free | Partition Type: NTFS
Drive D: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEFAULT-2A526BA
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/25 01:01:29 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
PRC - [2010/04/24 16:22:57 | 000,061,696 | ---- | M] () -- C:\Documents and Settings\default\Local Settings\Application Data\asam.exe
PRC - [2010/03/28 12:21:32 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/03/01 10:20:19 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/01 10:20:19 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/18 11:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2009/11/18 11:50:32 | 000,468,208 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2009/11/18 11:50:30 | 004,269,296 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/01/21 15:19:54 | 000,092,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/25 14:34:50 | 000,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2008/07/18 14:08:22 | 001,306,624 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 08:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

========== Modules (SafeList) ==========

MOD - [2010/04/25 01:01:29 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
MOD - [2010/03/17 16:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/02/19 00:31:16 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 03:09:59 | 002,504,280 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/rswin_3653.dll -- (Akamai)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/01 10:20:19 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/18 11:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/25 14:34:50 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/06/26 09:19:48 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/23 22:56:53 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/03/23 22:56:53 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/02/18 15:44:00 | 006,308,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/01/13 20:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 20:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 20:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 20:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 11:42:55 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MS1000.sys -- (MS1000)
DRV - [2008/01/18 16:16:28 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016obex.sys -- (a016obex)
DRV - [2008/01/18 16:16:26 | 000,110,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdm.sys -- (a016mdm)
DRV - [2008/01/18 16:16:26 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV - [2008/01/18 16:16:24 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdfl.sys -- (a016mdfl)
DRV - [2008/01/18 16:16:22 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV - [2007/11/01 02:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/17 08:12:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/10/17 21:22:00 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pogo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.pogo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/login.php"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://hb.bingstart.com/s/?src=FF-Address&site=Bing&cfg=2-137-0-FTMV\n&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 12:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 12:25:27 | 000,000,000 | ---D | M]

[2008/10/30 20:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Mozilla\Extensions
[2010/04/25 00:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\extensions
[2009/10/26 15:01:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/20 11:07:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/20 16:50:17 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\e25uzwt3.default\searchplugins\icqplugin.xml
[2010/04/25 00:40:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/11/22 20:44:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [asam] C:\Documents and Settings\default\Local Settings\Application Data\asam.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [asam] C:\Documents and Settings\default\Local Settings\Application Data\asam.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla\4.0 ( File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DriveConfiguration = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LegacyDrive = [Binary data over 100 bytes]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} http://powersoccer.agame.com/applet/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202270528703 (WUWebControl Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://pogoclub.oberon-media.com/online2/pogop/luxor_amun_rising/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://clubgames.pogo.com/online2/pogop/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} http://merillat.view22.com/release_3_9_177/View22RTEv4.cab (View22RTEv4 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://clubgames.pogo.com/online2/pogop/bejeweled2/popcaploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.255.0.130 207.255.0.131
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\default\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\default\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/05 22:55:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/01 12:23:41 | 000,000,148 | R--- | M] () - D:\AUTORUN.inf -- [ UDF ]
O32 - AutoRun File - [2007/07/03 22:32:31 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007/07/03 22:32:31 | 000,634,880 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007/07/03 22:23:42 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Madden08.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/25 01:01:28 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2010/04/25 00:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Local Settings\Application Data\Threat Expert
[2010/04/25 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/25 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/24 16:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Local Settings\Application Data\cfoheprnv
[2010/04/15 12:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/15 12:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/11 22:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010/04/11 22:34:25 | 000,083,288 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/04/11 22:34:25 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2010/04/11 22:34:25 | 000,028,984 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/04/11 22:34:19 | 000,087,352 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/04/11 22:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2010/04/11 22:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Local Settings\Application Data\Deployment
[2010/04/11 22:24:09 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys
[2010/04/11 22:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\default\Local Settings\Application Data\LogMeIn Hamachi
[2010/04/11 22:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/03/30 13:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 13:37:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 13:37:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 13:37:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/28 12:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/27 12:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hotbar
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/25 01:01:29 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\default\Desktop\OTL.exe
[2010/04/25 01:00:17 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FD6265BC-5D6F-4D84-A120-2882DCA353A3}.job
[2010/04/25 00:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/25 00:34:39 | 000,001,172 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/04/25 00:18:41 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/25 00:18:41 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/25 00:18:40 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/25 00:13:54 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/25 00:13:51 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
[2010/04/25 00:13:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 00:13:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/25 00:13:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/25 00:12:57 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\default\NTUSER.DAT
[2010/04/25 00:12:23 | 000,000,555 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/25 00:12:23 | 000,000,294 | -HS- | M] () -- C:\boot.ini
[2010/04/25 00:12:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/24 23:50:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\default\ntuser.ini
[2010/04/24 16:24:27 | 000,000,025 | ---- | M] () -- C:\WINDOWS\herjek.config
[2010/04/24 16:22:57 | 000,061,696 | ---- | M] () -- C:\Documents and Settings\default\Local Settings\Application Data\syssvc.exe
[2010/04/24 16:22:57 | 000,061,696 | ---- | M] () -- C:\Documents and Settings\default\Local Settings\Application Data\asam.exe
[2010/04/24 13:03:34 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/23 20:39:15 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\default\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 20:38:42 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/23 09:20:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/22 21:27:02 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/22 12:15:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/22 11:49:42 | 000,551,978 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Aurora 017.jpg
[2010/04/21 23:23:35 | 000,023,985 | ---- | M] () -- C:\Documents and Settings\default\Desktop\ben.jpg
[2010/04/21 02:41:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/04/20 19:05:32 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/18 12:23:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
[2010/04/15 12:18:58 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/15 03:04:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 00:17:04 | 000,045,991 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Summer Of 2009.jpg
[2010/04/11 22:43:09 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/03/31 22:40:58 | 000,008,072 | ---- | M] () -- C:\Documents and Settings\default\Desktop\Gay_or_Lesbian_relationships[1].rtf
[2010/03/28 12:22:23 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/03/28 12:22:16 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/03/28 12:22:06 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/03/28 12:22:06 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/03/28 12:21:34 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/25 00:29:49 | 000,001,172 | -H-- | C] () -- C:\aaw7boot.cmd
[2010/04/24 16:24:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\herjek.config
[2010/04/24 16:23:57 | 000,061,696 | ---- | C] () -- C:\Documents and Settings\default\Local Settings\Application Data\asam.exe
[2010/04/24 16:22:56 | 000,061,696 | ---- | C] () -- C:\Documents and Settings\default\Local Settings\Application Data\syssvc.exe
[2010/04/22 11:49:27 | 000,551,978 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Aurora 017.jpg
[2010/04/21 23:23:33 | 000,023,985 | ---- | C] () -- C:\Documents and Settings\default\Desktop\ben.jpg
[2010/04/15 12:28:26 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/15 00:17:03 | 000,045,991 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Summer Of 2009.jpg
[2010/04/11 22:34:17 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/03/31 22:03:14 | 000,008,072 | ---- | C] () -- C:\Documents and Settings\default\Desktop\Gay_or_Lesbian_relationships[1].rtf
[2010/03/28 12:22:25 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
[2010/03/28 12:22:24 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1123561945-839522115-1004.job
[2010/03/28 12:22:23 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/01/11 00:11:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/11/28 22:47:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hammerhead.INI
[2009/03/24 21:22:42 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\msdrve.dll
[2009/03/24 21:22:40 | 000,010,816 | ---- | C] () -- C:\WINDOWS\vmoptver.dll
[2009/03/23 22:56:53 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/03/23 22:56:53 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/03/12 19:14:20 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/03/12 19:14:17 | 000,010,287 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/03/12 19:14:01 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/02/18 15:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/02/18 15:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/02/18 15:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/02/18 15:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/12 12:32:11 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/11/23 00:34:14 | 000,030,976 | ---- | C] () -- C:\WINDOWS\rascntrl.dll
[2008/11/23 00:34:14 | 000,023,104 | ---- | C] () -- C:\WINDOWS\System32\svcprmpt.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/22 20:14:41 | 000,062,464 | -HS- | C] () -- C:\WINDOWS\System32\fusigoka.dll
[2008/04/22 17:46:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/04 20:08:44 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/04 20:08:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/29 11:42:55 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys
[2008/02/28 10:02:04 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\rlph.dll
[2008/02/08 13:53:02 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\nsq38D.dll
[2008/02/07 18:37:23 | 000,021,699 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/06 00:00:01 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/01/31 18:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5466F106
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59BDDCD5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86FB3865
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
< End of report >

Re: antispyware soft trojan25th April 2010, 5:10 am

OTL Extras logfile created on: 4/25/2010 1:02:03 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\default\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 148.82 Gb Free Space | 63.91% Space Free | Partition Type: NTFS
Drive D: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEFAULT-2A526BA
Current User Name: default
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:0.0.0.0/255.255.255.255:Disabled:DHCP Discovery Service
"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe" = C:\Program Files\EA SPORTS\Madden NFL 08\Updater.exe:*:Enabled:Updater -- ()
"C:\Program Files\EA SPORTS\Madden NFL 08\mainapp.exe" = C:\Program Files\EA SPORTS\Madden NFL 08\mainapp.exe:*:Enabled:Madden NFL 08 -- (EA - Salt Lake)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Disabled:CyberLink PowerDVD -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Disabled:LimeWire -- (FrostWire Group)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Disabled:Nero ProductSetup -- (Nero AG)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\ToGo Game\Pearl Harbor Zero Hour\phz.exe" = C:\Program Files\ToGo Game\Pearl Harbor Zero Hour\phz.exe:*:Enabled:phz -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"D:\Installation\Setupx.exe" = D:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ -- (ICQ Inc.)
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"D:\MAINAPP.EXE" = D:\MAINAPP.EXE:*:Enabled:Madden NFL 08 -- (EA - Salt Lake)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"c:\documents and settings\default\local settings\application data\asam.exe" = c:\documents and settings\default\local settings\application data\asam.exe:*:Enabled:enable -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01C51FED-7345-4FA3-8585-3A7E0DEE177E}" = Cafe Mahjongg
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{099B8AB0-8D8C-4260-8944-048BC4DF2AEB}" = Slingo Casino Pak
"{09B4AB39-BBB5-4AC6-BBB2-04D0933551A3}" = Risk II
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{12001695-DFDD-4830-8FEC-AE41350F4537}" = Mahjong Match
"{147A3730-95E1-4C78-8D25-D40F543D367D}" = Mystery Solitaire Secret Island
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18080EEE-62C4-4748-8AF6-463E27972E82}" = Pacific Heroes
"{2266312B-3502-41EE-82CD-8DC62276D87B}" = Vz In Home Agent
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 19
"{285FF95D-CD8D-4912-8760-520BCCC0533D}" = Poker Pop
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2B1FAD4C-BC2D-491F-9C72-0E68FACE5E87}" = Mystic Inn
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3134052E-B1F0-465C-B320-5042095B1033}" = Nero 7 Essentials
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.11
"{318A48AA-3F88-4F48-ABE5-97EAD373A156}" = Mahjong Roadshow
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37068DD0-7134-4592-8D74-513AF19576CE}" = Swashbucks ToGo
"{37DB52D6-81CA-4A83-AB53-6CB83E3FBB20}" = Mahjongg Artifacts
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3FA757B9-AF49-4181-B118-1B2F6D1A22E4}" = Phlinx To Go
"{41726B34-34F8-4370-861B-0537AA03B71F}" = Poppit To Go
"{423BAA77-80B7-450B-B117-0D05B6256ED8}" = Super Granny 3
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46457ADB-2BC8-4A61-A3BC-73C437F116A9}" = Tumble Bees To Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C746EFE-1A04-4CBF-81F0-BF5F01866B58}" = Mahjong Quest 2
"{51A11709-4EEB-4F0A-98D2-7570AC9C5E48}" = World Class Solitaire
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CD03E9B-8CDD-4340-BFBB-226AD3855CCE}" = Saints & Sinners Bingo
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60640F82-BD49-4143-8F3C-ABAD4B3CCBA4}" = Cribbage Quest
"{63686BEF-04CA-461C-B364-53BBC322F7BF}" = Sherlock Holmes Nemesis
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F983E89-9ACD-49B8-BD70-740656C32FF9}" = XAvenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F3CCE2-11E5-4F7A-BA73-05E290111D4F}" = Dream Vacation Solitaire
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{807EE825-F479-4D56-968A-E0EB8782B35B}" = Great Escapes Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112930333}" = Lottso! Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114780403}" = Word Riot Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115189690}" = Hells Kitchen
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115286387}" = Operation Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11562057}" = PICTUREKA! MUSEUM MAYHEM
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116400883}" = Way To Go! Bowling
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116436960}" = Word Whomp( TM) Underground
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{84513064-E6B2-4A59-8D1A-D1C21C056534}" = Tiks Texas Holdem
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{909C54DD-67A4-4F67-BB7C-1C3D680FB043}" = Jewel Quest Solitaire 2
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96E8B28A-91A1-45FF-AB22-6048750F69A8}" = Pearl Harbor Zero Hour
"{978A17E2-F2CB-4B7E-93CB-EAC8348F3FC5}" = Betrapped
"{97F1B581-7E32-462B-9B2B-DA81A130CAA7}" = Luxor Mahjong
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BB01C16-6499-443F-9174-88DA4DE8111A}" = slingo
"{9cf77345-ac1f-46e5-83ff-79676bee4d6b}" = RelevantKnowledge
"{9D59EBA3-372A-43A6-B8A4-FB62EE46AFCA}" = Hammerhead Pool To Go
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{A007E733-1157-42B4-ACD3-7446C8888677}" = MaddenAmp
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F8350E-8528-4A42-AE32-E7B07AE94026}" = Slingo Quest
"{C2FC2A7F-991C-4891-94D9-36103426F03D}" = Daycare Nightmare
"{C42D9736-6170-4CC9-8F4A-EE1D1EF0D4C9}" = Mahjong World
"{C61E6E4A-1089-4A8E-A56C-12117665DD46}" = Catan - The Computer Game
"{C6613692-367E-445C-B59D-8D3DEA1A5491}" = War Chess
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D074862B-6583-482E-8644-98CED1F414CD}" = 5 Realms of Cards
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

4.1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D35E63FE-01DE-417C-8899-80E81F4FB5CE}" = Mahjong Escape Ancient Japan
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D56EB9B4-7E82-4BA6-B303-B22E92223DAD}" = Risk
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFE52B1B-DFF8-412C-BB32-B9FB7DDE2A76}" = Casino Island To Go
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E7B1537C-8EBF-48C5-9855-6C6C1BFFD0A8}" = Word Whomp To Go
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA3769D9-71CC-43A1-8C7D-C66BEF9E0277}" = Jewel Quest Solitaire
"{FC1C2427-5954-451C-9ED8-A92D48ED7E07}" = CSI-Hard Evidence
"{FC59446C-922E-46EC-804B-A1F5BCCA0794}" = Harvest Mania To Go
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FEC3D4D5-AC0E-4D78-81B0-C666E41E81BB}" = Word Jong To Go
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"{FFAE7076-D2CF-4A2E-8F4D-057ECDCD4BFB}" = Shape Shifter
"10 Days Under The Sea v1.00" = 10 Days Under The Sea v1.00
"7 Wonders Treasures Of Seven v1.0.0" = 7 Wonders Treasures Of Seven v1.0.0
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdssiteGames" = Adssite Games Collection
"AdssiteSocial" = Socialnetworking Helper Adssite
"Akamai" = Akamai NetSession Interface
"Alex Gordon_is1" = Alex Gordon
"Alice Greenfingers 2 v1.0.0" = Alice Greenfingers 2 v1.0.0
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"Blood Ties 1.00" = Blood Ties 1.00
"Burn My Files_is1" = Burn My Files
"BW Loader 1.79.0" = BW Loader 1.79.0
"ContextProgram" = ContextProgram
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Diner Dash Family Style v1.0.5.103o" = Diner Dash Family Style v1.0.5.103o
"Diner Dash Flo Through Time v1.0.0" = Diner Dash Flo Through Time v1.0.0
"Dr Lynch Grave Secrets_is1" = Dr Lynch Grave Secrets
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Fairy Godmother Tycoon 1.00" = Fairy Godmother Tycoon 1.00
"Fashion Solitaire 1.00" = Fashion Solitaire 1.00
"FBrowsingAdvisor_is1" = FBrowsingAdvisor
"Finders Keepers 1.00" = Finders Keepers 1.00
"FrostWire" = FrostWire 4.20.3
"Game Cam" = Game Cam 2.1
"Google Chrome" = Google Chrome
"Governor of Poker 1.00" = Governor of Poker 1.00
"HijackThis" = HijackThis 2.0.2
"Hospital Hustle v1.0.0" = Hospital Hustle v1.0.0
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Jewel Quest III 1.00" = Jewel Quest III 1.00
"Luxor Quest For The Afterlife v1.0.0" = Luxor Quest For The Afterlife v1.0.0
"Mahjongg Artifacts Chapter 2 1.00" = Mahjongg Artifacts Chapter 2 1.00
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Mystery of Unicorn Castle 1.00" = Mystery of Unicorn Castle 1.00
"Mystery PI New York v1.0.0" = Mystery PI New York v1.0.0
"Mystery Stories-Island of Hope 1.00" = Mystery Stories-Island of Hope 1.00
"National Geographic Herods Lost Tomb v1.0.0" = National Geographic Herods Lost Tomb v1.0.0
"NBC Heads Up Poker 1.00" = NBC Heads Up Poker 1.00
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PFPortChecker" = PFPortChecker 1.0.28
"Poker For Dummies 1.00" = Poker For Dummies 1.00
"Poker Superstars III 1.00" = Poker Superstars III 1.00
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.10
"RealPlayer 12.0" = RealPlayer
"Restoring Rhonda v1.0.0" = Restoring Rhonda v1.0.0
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Scrapbook Paige v1.01a" = Scrapbook Paige v1.01a
"Sherlock Holmes-The Mystery of the Persian Carpet 1.00" = Sherlock Holmes-The Mystery of the Persian Carpet 1.00
"Slingo Quest Hawaii 1.00" = Slingo Quest Hawaii 1.00
"Slingo Supreme 1.0.0.103" = Slingo Supreme 1.0.0.103
"Sweet Tooth To Go 1.1" = Sweet Tooth To Go 1.1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The Pini Society 1.00" = The Pini Society 1.00
"The Poppit Show 1.3.41o" = The Poppit Show 1.3.41o
"The Sims Carnival BumperBlast 1.00" = The Sims Carnival BumperBlast 1.00
"The Sims Carnival SnapCity 1.00" = The Sims Carnival SnapCity 1.00
"Tri Peaks 2-Quest For The Ruby Ring" = Tri Peaks 2-Quest For The Ruby Ring
"Trillian" = Trillian
"UnityWebPlayer" = Unity Web Player
"Update Service" = Update Service
"Verizon Help and Support" = Verizon Help and Support Tool
"Videora iPod Converter" = Videora iPod Converter 3.07
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 5.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zuma Deluxe RA" = Zuma Deluxe RA

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = absoƖute Poker
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/6/2009 7:54:47 AM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://77.webim0015.webim.myspace.com/api/v1/events.json failed, 0000A413.

Error - 11/7/2009 11:01:47 AM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.msappspace.com/proxy/relay.proxy?opensocial_authtype=SIGNED&opensocial_url=http%3A//api.myspace.com/v1/users/442776485/appdata.json
failed, 0000A413.

Error - 11/7/2009 11:33:28 AM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.com/complete/search?hl=en&client=img&ds=i&pq=emo%20love&q=emo%20anime%20kissinglove&cp=17
failed, 0000A413.

Error - 11/7/2009 1:28:50 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://128.webim0247.webim.myspace.com/api/v1/events.json failed, 0000A413.

Error - 11/7/2009 2:17:48 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://ar.voicefive.com/b/rc.pli?n=ar_int_p27737479&func=COMSCORE.BMX.Broker.recruit&1257617868562
failed, 0000A413.

Error - 11/7/2009 5:57:39 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://api.connect.facebook.com/restserver.php?method=fql.query failed, 0000A413.

Error - 11/8/2009 8:36:26 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.meebo.com/mcmd/events?sessionKey=000000000000000000000000c182ff0a22fbB4ZfCpvr3cfe4d29590b8f4acd757903ec48&rev=269&clientId=0&focusTime=529
failed, 0000A413.

Error - 11/10/2009 7:31:02 AM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://ar.voicefive.com/b/rc.pli?n=ar_int_p27737479&func=COMSCORE.BMX.Broker.recruit&1257852662255
failed, 0000A413.

Error - 11/15/2009 12:01:07 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.myyearbook.com/apps/actionIconsIDAJAX failed, 0000A413.

Error - 11/17/2009 5:28:38 PM | Computer Name = DEFAULT-2A526BA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://rt2005.infolinks.com/action/dwq.htm failed, 0000A413.

[ Application Events ]
Error - 3/15/2010 9:05:43 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application mainapp.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2010 12:23:28 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2010 4:41:53 PM | Computer Name = DEFAULT-2A526BA | Source = Google Update | ID = 20
Description =

Error - 3/19/2010 4:16:38 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2010 5:53:48 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 11:07:58 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/27/2010 11:08:00 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2010 6:09:56 PM | Computer Name = DEFAULT-2A526BA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/11/2010 10:23:35 PM | Computer Name = DEFAULT-2A526BA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 4/14/2010 2:33:46 AM | Computer Name = DEFAULT-2A526BA | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting
module ycpfoundation.dll, version 9.0.0.54871, fault address 0x00026cf0.

[ System Events ]
Error - 4/24/2010 11:52:09 PM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/24/2010 11:53:18 PM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 4/24/2010 11:53:44 PM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 4/25/2010 12:00:23 AM | Computer Name = DEFAULT-2A526BA | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer WebEx Document Loader share
name Printer.

Error - 4/25/2010 12:00:29 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/25/2010 12:09:04 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/25/2010 12:14:24 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 4/25/2010 12:31:21 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/25/2010 12:31:51 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 4/25/2010 12:31:51 AM | Computer Name = DEFAULT-2A526BA | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

< End of report >

Re: antispyware soft trojan25th April 2010, 5:13 am

ok i unticked the tssd.exe files in startup so that i could get on the internet otherwise i couldnt surf i also had to untick use a proxy server for LAN in internet options this dang thing is driving me nuts son picked it up today i think keeps using the scare tactic of infection found blah blah blah just really need this fixed so husband can go to his work site and check on work....am a little afraid to go anywhere banking, work, etc. so would really appreciate a fast response if possible...thank you in advance Smile...

Re: antispyware soft trojan25th April 2010, 9:06 pm

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [asam] C:\Documents and Settings\default\Local Settings\Application Data\asam.exe ()
O4 - HKCU..\Run: [asam] C:\Documents and Settings\default\Local Settings\Application Data\asam.exe ()
[2010/04/24 16:23:57 | 000,061,696 | ---- | C] () -- C:\Documents and Settings\default\Local Settings\Application Data\asam.exe
[2010/04/24 16:22:56 | 000,061,696 | ---- | C] () -- C:\Documents and Settings\default\Local Settings\Application Data\syssvc.exe
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved aimmediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

antispyware soft trojan

descriptionantispyware soft trojan25th April 2010, 4:42 am

descriptionRe: antispyware soft trojan25th April 2010, 4:45 am

descriptionRe: antispyware soft trojan25th April 2010, 4:47 am

descriptionRe: antispyware soft trojan25th April 2010, 5:09 am

descriptionRe: antispyware soft trojan25th April 2010, 5:09 am

descriptionRe: antispyware soft trojan25th April 2010, 5:10 am

descriptionRe: antispyware soft trojan25th April 2010, 5:13 am

descriptionRe: antispyware soft trojan25th April 2010, 9:06 pm

descriptionRe: antispyware soft trojan