Memory Stick Pen Issue
 
  Tweaks.com
 Home    Members    Calendar    Who's On    
Search
    Main Site
 


Home » Windows & System Security » HiJack This Logs » Memory Stick Pen Issue


Memory Stick Pen IssueExpand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
corolla315
Posted 8/11/2008 2:12 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 5/19/2008 12:41 AM
Posts: 41, Visits: 132
Hi guys,

At the very end of my topic please find my log but before let me just explain what's my problem.

I just received a Memory Stick Pen 16GB which I bought on Ebay, and after I plugged it in my USB drive, I copied some files in it just to try it. I then tried to open the pen's folder (drive H from My Computer to see my copied files, and all of a sudden, AVG popped up with a Resident Shield Alert saying "THREAT DETECTED - Virus Found VBS/Agent" in the filename "H:\Administrator.vbs". The threat was reported to be "Detected on Open". Then, AVG showed the usual options to either "Remove Threats" or "Ignore". I tried both. At the same time, a Windows Script Host alert also popped up saying "Loading Script H:\Administrator.vbs failed(access is Denied)".

When I tried to "Ignore" the alert from AVG and tried to access the folder again, both AVG and windows kept on giving me the 2 same messages continuously which I mentioned above. On the other hand, whenever I "Removed the Threat to the Virus Vault" and tried to open the memory stick pen folder from My Computer, the message "Can not find script file "H:Administrator.vbs" was reported by Windows Script Host. When I then tried to restore my file from AVG Virus Vault, AVG reported continuously that a Threat was Detected.

However, strangely enough, I managed to access and copy the files on my memory stick by right click on the memory stick folder(drive H: ) and select either Open or Explore. The folder was only reported to be access denied or gave me the problems as described above whenever I double clicked the relevant folder from My Computer. Having said this I still feel that the problem is not solved and I'm very concerned whether it truly contains a virus or not.

Also, it's very important to mention, that when I accessed the folder for the first time, there were no files in it. The file "Administrator.vbs" appeared for the frst time when I first removed it in AVG's virus vault and then restored it. It's now physically there and is a file of 34kb size.

Also, I'd like to mention that about 2 weeks ago I bought a memory stick pen from the same seller with same specs which is 100% identical to this one with no problems at all.

What can I do? Is the threat reported by AVG a false/positive? Is it a real virus?
Do you think that if I format my memory stick pen will solve the problem?

Finally, I'm attaching 2 images showing the different alerts I'm getting all the time which I talked about earlier.

Just to let you know, my system runs on 1.5GB Ram with Windows XP.

Thanks a lot for any kind of help and assistance.

Best Regards,

Corolla315

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:06, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Aquarius Soft\PC Shutdown\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\ProShowProducer\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\System32\svchost.exe
C:\Program Files\Aquarius Soft\PC Shutdown\assdtray.exe
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\sgbhp.exe
C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Comodo VerificationEngine - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\ESigil.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Aquarius Soft PC Shutdown Tray Icon.lnk = C:\Program Files\Aquarius Soft\PC Shutdown\assdtray.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files\uusee\geturltoplay.htm
O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Program Files\uusee\geturltodown.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.bet365.com
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172085335566
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172310684468
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\windows\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Aquarius Soft PC Shutdown NT Service - Aquarius Soft - C:\Program Files\Aquarius Soft\PC Shutdown\svchost.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\ProShowProducer\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12032 bytes

  Post Attachments 
Image 1.JPG (0 views, 18.08 KB)
Image 2.JPG (0 views, 35.41 KB)
Post #243251
RichieUK
Posted 8/11/2008 2:29 PM


Senior Forum Moderator

Senior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum ModeratorSenior Forum Moderator

Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,030, Visits: 54,734
Welcome

Please disable Spybot S&D’s protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


Right-click the running icon of Winpatrol in the sytem tray and choose exit,or the program will interfere.


Now make sure your Pen drive and external USB drive are connected to your pc.


Please download Flash_Disinfector.exe by sUBs and save it to your desktop:
Note: Please delete any existing copy of Flash Disinfector(if any) on your pc and download this one.

* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* Wait until Flash_Disinfector has finished scanning,then exit the program.
* Restart your computer.


Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall



Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and download Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.

________________________________________


ASAP & UNITE member since 2006





Spreadfirefox Affiliate Button Get Thunderbird!
Post #243252
corolla315
Posted 8/11/2008 4:31 PM
New Member

New MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew MemberNew Member

Group: Forum Members
Last Login: 5/19/2008 12:41 AM
Posts: 41, Visits: 132
ComboFix Log
-----------------

ComboFix 08-08-10.05 - User 2008-08-11 22:49:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1076 [GMT 2:00]
Running from: C:\Documents and Settings\User\desktop\combofix.exe
Command switches used :: /killall

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\UUSee ÍøÂçµçÊÓ
C:\Documents and Settings\All Users\Start Menu\Programs\UUSee ÍøÂçµçÊÓ\·ÃÎÊUUSee ÍøÕ¾.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\UUSee ÍøÂçµçÊÓ\Æô¶¯UUSee ÍøÂçµçÊÓ.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\UUSee ÍøÂçµçÊÓ\жÔØUUSee ÍøÂçµçÊÓ.lnk
C:\Documents and Settings\All Users\Start Menu\UUSEE~1.LNK
C:\Documents and Settings\User\Application Data\inst.exe
C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\UUSee ÍøÂçµçÊÓ.lnk
C:\Program Files\Common Files\sogou pxp
C:\Program Files\uusee
C:\Program Files\uusee\def\1\000\index_new.html
C:\Program Files\uusee\def\1\000\loading.swf
C:\Program Files\uusee\def\1\001\index_new.html
C:\Program Files\uusee\def\1\001\uue_new.jpg
C:\Program Files\uusee\def\1\aoyunzhibo\aoyunzhibo.html
C:\Program Files\uusee\def\1\cy\cy.html
C:\Program Files\uusee\def\1\dm\dm.html
C:\Program Files\uusee\def\1\dy\dy.html
C:\Program Files\uusee\def\1\jk\jk.html
C:\Program Files\uusee\def\1\kaimushi\kaimushi.html
C:\Program Files\uusee\def\1\ty\ty.html
C:\Program Files\uusee\def\1\yl\yl.html
C:\Program Files\uusee\def\1\yx\yx.html
C:\Program Files\uusee\def\1\zanting\no_play.html
C:\Program Files\uusee\def\1\zx\zx.html
C:\Program Files\uusee\def\2\200\bj.gif
C:\Program Files\uusee\def\2\400\bj.gif
C:\Program Files\uusee\def\UUDEF_Banner_2.html
C:\Program Files\uusee\def\UUDEF_Banner_3.html
C:\Program Files\uusee\def\UUDEF_Banner_5.html
C:\Program Files\uusee\def\UUDEF_Banner_7.gif
C:\Program Files\uusee\def\UUDEF_Banner_7.html
C:\Program Files\uusee\def\UUDEF_Banner_8.gif
C:\Program Files\uusee\def\UUDEF_Banner_8.html
C:\Program Files\uusee\def\UUDEF_Buffering.html
C:\Program Files\uusee\def\UUDEF_Buffering.jpg
C:\Program Files\uusee\def\UUDEF_TextLink_0.xml
C:\Program Files\uusee\skins\UUPlayer\About.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp
C:\Program Files\uusee\skins\UUPlayer\List_Header_D.bmp
C:\Program Files\uusee\skins\UUPlayer\List_Header_H.bmp
C:\Program Files\uusee\skins\UUPlayer\List_Header_N.bmp
C:\Program Files\uusee\skins\UUPlayer\List_Header_S.bmp
C:\Program Files\uusee\skins\UUPlayer\List_Header_Spliter.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusErr.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusExist.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusFin.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusNotFound.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusPause.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusPlay.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusStop.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusWait.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp
C:\Program Files\uusee\skins\UUPlayer\Menu_Button1.bmp
C:\Program Files\uusee\skins\UUPlayer\Menu_Button2.bmp
C:\Program Files\uusee\skins\UUPlayer\Menu_Button3.bmp
C:\Program Files\uusee\skins\UUPlayer\Menu_Button4.bmp
C:\Program Files\uusee\skins\UUPlayer\Menu_Button5.bmp
C:\Program Files\uusee\skins\UUPlayer\Mode_Compact.bmp
C:\Program Files\uusee\skins\UUPlayer\Mode_Full.bmp
C:\Program Files\uusee\skins\UUPlayer\Mode_Medium.bmp
C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
C:\Program Files\uusee\skins\UUPlayer\Resource.h
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_5_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_5_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_5_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button1.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button2.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button3.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button4.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button5.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button6.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
C:\Program Files\uusee\skins\UUPlayer\Startup.gif
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_TopMost_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_TopMost_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_TopMost_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ArrowH.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Hot_0.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Hot_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBar_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBar_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBar_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBar_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBarThumb_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBarThumb_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBarThumb_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBarThumb_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Icon0.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Icon1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Icon2.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Icon3.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Icon4.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_AD.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Bottom.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Info.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Media_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Media_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Media_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Media_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Navigate.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Web.bmp
C:\Program Files\uusee\UUSEETemp\UUPlayer_update\UUSee_Setup_2007_final.exe
C:\windows\struct~.ini
C:\windows\system32\Cache
C:\windows\system32\lsprst7.dll
C:\windows\system32\ssprs.dll
C:\windows\system32\uninstall.exe
C:\windows\system32\Update.exe
H:\AutoRun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_P4P_SERVICE
-------\Service_P4P Service


((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2008-08-11 21:05 . 2008-08-11 21:05d--------C:\Program Files\Trend Micro
2008-08-10 18:47 . 2008-08-10 18:4754,156--ah-----C:\WINDOWS\QTFont.qfn
2008-08-10 18:47 . 2008-08-10 18:471,409--a------C:\WINDOWS\QTFont.for
2008-08-10 18:23 . 2008-08-10 18:23d--------C:\WINDOWS\MSSecurityNS
2008-08-10 18:23 . 2008-08-10 18:23d--------C:\WINDOWS\MSSecurityNi
2008-08-10 17:44 . 2008-08-10 17:45d--------C:\Program Files\WinWatermark 2
2008-08-10 17:02 . 2008-08-10 17:34d--------C:\Program Files\WMR11
2008-08-09 08:39 . 2008-08-09 08:3922--a------C:\WINDOWS\PPSMediaList.ini
2008-08-09 08:37 . 2008-08-10 09:49d--------C:\Documents and Settings\User\Application Data\ppstream
2008-08-09 08:37 . 2008-08-10 09:491,220--a------C:\WINDOWS\psnetwork.ini
2008-08-09 08:37 . 2008-08-10 09:50199--a------C:\WINDOWS\powerplayer.ini
2008-08-08 18:54 . 2008-08-08 19:03d--------C:\Program Files\Common Files\uusee
2008-08-05 17:41 . 2008-08-05 17:41d--------C:\WINDOWS\system32\URTTEMP
2008-08-03 00:04 . 2008-08-03 00:05d--------C:\Program Files\Trojan Remover
2008-08-03 00:04 . 2008-08-03 00:04d--------C:\Documents and Settings\User\Application Data\Simply Super Software
2008-08-03 00:04 . 2008-08-03 00:04d--------C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-03 00:04 . 2006-05-25 15:52162,304--a------C:\WINDOWS\system32\ztvunrar36.dll
2008-08-03 00:04 . 2003-02-02 20:06153,088--a------C:\WINDOWS\system32\UNRAR3.dll
2008-08-03 00:04 . 2005-08-26 01:5077,312--a------C:\WINDOWS\system32\ztvunace26.dll
2008-08-03 00:04 . 2002-03-06 01:0075,264--a------C:\WINDOWS\system32\unacev2.dll
2008-08-03 00:04 . 2006-06-19 13:0169,632--a------C:\WINDOWS\system32\ztvcabinet.dll
2008-08-02 10:58 . 2008-08-02 11:001,355--a------C:\WINDOWS\imsins.BAK
2008-07-27 01:10 . 2008-07-27 01:10d--------C:\Program Files\Suspects and Clues
2008-07-27 01:10 . 2008-07-27 01:10d--------C:\Documents and Settings\User\Application Data\Suspects and Clues Prefs
2008-07-27 01:10 . 2008-07-27 23:52d--------C:\Documents and Settings\User\Application Data\Suspects and Clues Players
2008-07-27 01:10 . 2008-07-27 01:10d--------C:\Documents and Settings\User\Application Data\Spinapse
2008-07-27 01:10 . 2008-07-27 01:10d--------C:\Documents and Settings\User\Application Data\IOMediaSupport6SZZ001s
2008-07-23 16:19 . 2008-07-23 16:19d--------C:\Program Files\Portrait Professional Max 6
2008-07-23 16:19 . 2008-07-23 16:19d--------C:\Documents and Settings\User\Application Data\Anthropics
2008-07-21 17:02 . 2008-07-21 17:02d--------C:\Program Files\Yahoo!
2008-07-20 13:19 . 2008-07-20 13:19d--------C:\Documents and Settings\User\LocalLow
2008-07-20 13:19 . 2008-07-20 13:19d--------C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-07-12 11:17 . 2008-07-12 11:17d--------C:\Program Files\Cedelia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 21:044,221,570----a-wC:\windows\Internet Logs\tvDebug.zip
2008-08-11 20:03---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-11 19:53---------d-----wC:\Program Files\Spybot - Search & Destroy
2008-08-11 10:16---------d-----wC:\Documents and Settings\User2\Application Data\SiteAdvisor
2008-08-10 15:19---------d-----wC:\Program Files\WinPcap
2008-08-09 12:07539,136----a-wC:\windows\Internet Logs\xDBC.tmp
2008-08-09 06:39---------d-----wC:\Program Files\PPStream
2008-08-09 06:39---------d-----wC:\Program Files\MSN Messenger
2008-08-08 18:22---------d--h--wC:\Program Files\InstallShield Installation Information
2008-08-08 16:46---------d-----wC:\Program Files\Microsoft Silverlight
2008-08-06 09:51---------d-----wC:\Documents and Settings\User2\Application Data\Skype
2008-08-05 21:05---------d-----wC:\Documents and Settings\User\Application Data\Corel
2008-08-05 19:02---------d-----wC:\Documents and Settings\User\Application Data\SiteAdvisor
2008-08-05 15:47---------d-----wC:\Program Files\Google
2008-08-03 21:56---------d-----wC:\Program Files\Family Feud 3 Dream Home
2008-08-03 09:37---------d-----wC:\Program Files\Opera
2008-08-02 23:32---------d-----wC:\Documents and Settings\User\Application Data\LimeWire
2008-08-02 13:35297,472----a-wC:\windows\Internet Logs\xDBB.tmp
2008-08-02 08:54---------d-----wC:\Program Files\Java
2008-07-29 22:06765,440----a-wC:\windows\Internet Logs\xDBA.tmp
2008-07-27 08:02---------d-----wC:\Program Files\Livestation
2008-07-23 14:15---------d-----wC:\Documents and Settings\User\Application Data\Registry Booster
2008-07-20 12:44460,288----a-wC:\windows\Internet Logs\xDB8.tmp
2008-07-20 12:442,859,008----a-wC:\windows\Internet Logs\xDB9.tmp
2008-07-20 11:19---------d-----wC:\Program Files\TVUPlayer
2008-07-18 07:36---------d-----wC:\Program Files\SPSS Evaluation
2008-07-17 22:08---------d-----wC:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-13 14:311,524,224----a-wC:\windows\Internet Logs\xDB7.tmp
2008-07-12 13:01---------d-----wC:\Documents and Settings\User\Application Data\Thinstall
2008-07-10 14:38---------d-----wC:\Program Files\Pinball Arcade
2008-07-10 14:04---------d-----wC:\Program Files\DrivewayManager
2008-07-09 10:53---------d-----wC:\Documents and Settings\User\Application Data\Skype
2008-07-02 20:1396,520----a-wC:\windows\system32\drivers\avgldx86.sys
2008-06-29 09:37---------d-----wC:\Documents and Settings\User\Application Data\RaimaRadioPro
2008-06-29 09:35---------d-----wC:\Program Files\RaimaRadioPro
2008-06-22 11:21---------d-----wC:\Program Files\GameSpy Arcade
2008-06-22 10:14---------d-----wC:\Program Files\Interplay
2008-06-20 10:45360,320----a-wC:\windows\system32\drivers\tcpip.sys
2008-06-20 10:44138,368----a-wC:\windows\system32\drivers\afd.sys
2008-06-20 09:52225,920----a-wC:\windows\system32\drivers\tcpip6.sys
2008-06-17 22:55925,184----a-wC:\windows\Internet Logs\xDB6.tmp
2008-06-17 22:09---------d-----wC:\Program Files\Steveredrum
2008-06-14 13:25---------d-----wC:\Program Files\SUPERAntiSpyware
2008-06-13 13:10272,128------wC:\windows\system32\drivers\bthport.sys
2008-06-13 12:37---------d-----wC:\Program Files\Ares
2008-06-12 13:31---------d-----wC:\Program Files\QuickTime
2008-06-12 13:31---------d-----wC:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-12 13:03---------d-----wC:\Program Files\MagicISO
2008-06-12 11:39---------d-----wC:\Program Files\Total Training
2008-06-11 10:47---------d-----wC:\Program Files\PhotoshopCafe LIVE
2008-06-11 09:50---------d-----wC:\Program Files\Lynda.com DVD
2008-06-08 05:492,000,896----a-wC:\windows\Internet Logs\xDB5.tmp
2008-06-03 21:192,394----a-wC:\Documents and Settings\User\Application Data\SAS7_000.DAT
2008-05-24 23:42408,576----a-wC:\windows\Internet Logs\xDB4.tmp
2008-05-24 20:071,115,728----a-wC:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2008-05-19 03:592,062,848----a-wC:\windows\Internet Logs\xDB3.tmp
2008-05-17 11:162,394,112----a-wC:\windows\Internet Logs\xDB2.tmp
2008-04-16 17:0340----a-wC:\Documents and Settings\User\language.dat
2008-03-27 17:0847,360----a-wC:\Documents and Settings\User\Application Data\pcouffin.sys
2008-03-27 17:0787,608----a-wC:\Documents and Settings\User\Application Data\ezpinst.exe
2007-12-20 17:3265,536----a-wC:\Documents and Settings\User\backupRamSTV.bin
2007-08-27 18:4911,114----a-wC:\Documents and Settings\All Users\Application Data\MainApp.dll
2005-07-14 18:3127,648--sha-wC:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 06:41 94208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-07 18:13 292152]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 23:03 36640]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-02 22:14 1232152]
"LiveNote"="livenote.exe" [2002-07-11 15:31 40960 C:\WINDOWS\livenote.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Aquarius Soft PC Shutdown Tray Icon.lnk - C:\Program Files\Aquarius Soft\PC Shutdown\assdtray.exe [2007-04-16 18:35:02 65536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\PROGRA~1\DVDIDL~1\DVDShell.dll" [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk.disabled]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk.disabled]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Alarm Master.lnk.disabled]
backup=C:\WINDOWS\pss\Alarm Master.lnk.disabledStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Power2GoExpress"=
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\User\OctoshapeClient.exe" -inv:bootrun
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"VEngine"=C:\Program Files\Comodo\VEngine\VEngine.exe
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\PROGRAM FILES\LIVESTATION\1.0.73.1\LIVESTATION.EXE"= C:\Program Files\Livestation\1.0.73.1\Livestation.exe
"C:\PROGRAM FILES\LIVESTATION\1.0.75.1\LIVESTATION.EXE"= C:\Program Files\Livestation\1.0.75.1\Livestation.exe
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\PROGRAM FILES\LIVESTATION\1.0.77.1\LIVESTATION.EXE"= C:\Program Files\Livestation\1.0.77.1\Livestation.exe
"C:\PROGRAM FILES\LIVESTATION\1.0.77.2\LIVESTATION.EXE"= C:\Program Files\Livestation\1.0.77.2\Livestation.exe
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\PPStream\\PPSAP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10537:TCP"= 10537:TCP:BitComet 10537 TCP
"10537:UDP"= 10537:UDP:BitComet 10537 UDP

R1 ANVIOCTL;ANVIOCTL;C:\windows\system32\DRIVERS\anvioctl.sys [2003-05-19 10:12]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\windows\system32\Drivers\avgldx86.sys [2008-07-02 22:13]
R2 Aquarius Soft PC Shutdown NT Service;Aquarius Soft PC Shutdown NT Service;C:\Program Files\Aquarius Soft\PC Shutdown\svchost.exe [2007-04-16 18:34]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 22:13]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\windows\system32\Drivers\APLMp50.sys [2005-02-16 09:06]
S3 NPF;NetGroup Packet Filter Driver;C:\windows\system32\drivers\npf.sys [2007-01-25 19:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
mysee2REG_MULTI_SZ Mysee2_Runtime
.
Contents of the 'Scheduled Tasks' folder

2008-08-02 C:\windows\Tasks\BitComet.job
- C:\Program Files\BitComet\BitComet.exe [2006-06-23 19:00]
.
- - - - ORPHANS REMOVED - - - -

Notify-!SASWinLogon - (no file)
MSConfigStartUp-SSBkgdUpdate - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7shbr6o1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7shbr6o1.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF -: plugin - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7shbr6o1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - C:\Documents and Settings\User\Application Data\Mozilla\plugins\npoctoshape.dll
FF -: plugin - C:\Documents and Settings\User\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbx3d.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbx3dpro.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - C:\Program Files\Octoshape Streaming Services\User\octoprogram-L03-N00-U00-C00_0804080_000\npoctoshape.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npJoostPlugin.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPTURNMED.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 23:07:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\ProShowProducer\scsiaccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-11 23:24:34 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2008-08-11 21:24:20

Pre-Run: 1,083,351,040 bytes free
Post-Run: 1,165,791,232 bytes free

526--- E O F ---2008-08-08 21:15:28

HijackThis Log
-----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31, on 2008-08-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Aquarius Soft\PC Shutdown\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\ProShowProducer\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Aquarius Soft\PC Shutdown\assdtray.exe
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\sgbhp.exe
C:\windows\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Comodo VerificationEngine - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\ESigil.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - Global Startup: Aquarius Soft PC Shutdown Tray Icon.lnk = C:\Program Files\Aquarius Soft\PC Shutdown\assdtray.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.bet365.com
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172085335566
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172310684468
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol