Is It a Cracker, Hacker or Virus/Malware?

yuhr · #11 23rd Oct 2009, 06:57

In the morning things look differently: I tan Combofix recently, around the time when a subfolder of My Documents disappear. Below is its logfile:

ComboFix 09-10-05.01 - Yury 10/10/2009 14:14.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.607 [GMT -4:00]
Running from: c:\documents and settings\Yury\Desktop\ComboFix.exe
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\ContextAdvisor
c:\program files\ContextAdvisor\ContextAdvisor.dat
c:\recycled\Dc1
c:\recycled\Dc1\_iscppr.exe
c:\recycled\Dc1\a3d.dll
c:\recycled\Dc1\adminchk.dll
c:\recycled\Dc1\aeaudio.sys
c:\recycled\Dc1\AEEnable.exe
c:\recycled\Dc1\data.tag
c:\recycled\Dc1\DLSLoader.exe
c:\recycled\Dc1\install.exe
c:\recycled\Dc1\ListEnv.dll
c:\recycled\Dc1\MicTab.dll
c:\recycled\Dc1\MidiSynth.dll
c:\recycled\Dc1\migrate.dll
c:\recycled\Dc1\RemADI.exe
c:\recycled\Dc1\Remove.exe
c:\recycled\Dc1\SMAgent.exe
c:\recycled\Dc1\SMAgentI.exe
c:\recycled\Dc1\SMAgentX.exe
c:\recycled\Dc1\SMax3CP.cpl
c:\recycled\Dc1\SMax3CP.ico
c:\recycled\Dc1\smsens.sys
c:\recycled\Dc1\SMTray.exe
c:\recycled\Dc1\smwdm.sys
c:\recycled\Dc1\smwdmCH2.inf
c:\recycled\Dc1\smwdmCH4.inf
c:\recycled\Dc1\SMWizard.exe
c:\recycled\Dc1\smx.cat
c:\recycled\Dc21
c:\recycler\NPROTECT
c:\recycler\NPROTECT\00000009.LNK
c:\recycler\NPROTECT\00000022(2).LNK
c:\recycler\NPROTECT\00000023(2).LNK
c:\recycler\NPROTECT\00000024.LNK
c:\recycler\NPROTECT\00000025(2).LNK
c:\recycler\NPROTECT\00000028(2).LNK
c:\recycler\NPROTECT\00000029.LNK
c:\recycler\NPROTECT\00000030(2).LNK
c:\recycler\NPROTECT\00000035(2).LNK
c:\recycler\NPROTECT\00000036(2).LNK
c:\recycler\NPROTECT\00000045.LNK
c:\recycler\NPROTECT\00000046.LNK
c:\recycler\NPROTECT\00000106.LNK
c:\recycler\NPROTECT\00000107.LNK
c:\recycler\NPROTECT\00000109.LOG
c:\recycler\NPROTECT\00000110.000
c:\recycler\NPROTECT\00000116.LOG
c:\recycler\NPROTECT\00000117.000
c:\recycler\NPROTECT\00000118.USE
c:\recycler\NPROTECT\00000119.USE
c:\recycler\NPROTECT\00000120.USE
c:\recycler\NPROTECT\00000123.LOG
c:\recycler\NPROTECT\00000124.000
c:\recycler\NPROTECT\00000128.LOG
c:\recycler\NPROTECT\00000129.000
c:\recycler\NPROTECT\00000130.LOG
c:\recycler\NPROTECT\00000131.000
c:\recycler\NPROTECT\00000132.XML
c:\recycler\NPROTECT\00000133.XML
c:\recycler\NPROTECT\00000134.LOG
c:\recycler\NPROTECT\00000135.000
c:\recycler\NPROTECT\00000137.LOG
c:\recycler\NPROTECT\00000138.000
c:\recycler\NPROTECT\00000139.LOG
c:\recycler\NPROTECT\00000140.000
c:\recycler\NPROTECT\00000141.LOG
c:\recycler\NPROTECT\00000142.000
c:\recycler\NPROTECT\00000143.LOG
c:\recycler\NPROTECT\00000144.000
c:\recycler\NPROTECT\00000145.LOG
c:\recycler\NPROTECT\00000146.000
c:\recycler\NPROTECT\00000147.LOG
c:\recycler\NPROTECT\00000148.000
c:\recycler\NPROTECT\00000149.LOG
c:\recycler\NPROTECT\00000150.000
c:\recycler\NPROTECT\00000151.LOG
c:\recycler\NPROTECT\00000152.000
c:\recycler\NPROTECT\00000153.LOG
c:\recycler\NPROTECT\00000154.000
c:\recycler\NPROTECT\00000155.LOG
c:\recycler\NPROTECT\00000156.000
c:\recycler\NPROTECT\00000157.LOG
c:\recycler\NPROTECT\00000158.000
c:\recycler\NPROTECT\00000159.LOG
c:\recycler\NPROTECT\00000160.000
c:\recycler\NPROTECT\00000161.LOG
c:\recycler\NPROTECT\00000162.000
c:\recycler\NPROTECT\00000168.LOG
c:\recycler\NPROTECT\00000169.000
c:\recycler\NPROTECT\00000170.LOG
c:\recycler\NPROTECT\00000171.000
c:\recycler\NPROTECT\00000172.LOG
c:\recycler\NPROTECT\00000173.000
c:\recycler\NPROTECT\00000174.LOG
c:\recycler\NPROTECT\00000175.000
c:\recycler\NPROTECT\00000176.LOG
c:\recycler\NPROTECT\00000177.000
c:\recycler\NPROTECT\00000178.LOG
c:\recycler\NPROTECT\00000179.000
c:\recycler\NPROTECT\00000180.LOG
c:\recycler\NPROTECT\00000181.000
c:\recycler\NPROTECT\00000182.LOG
c:\recycler\NPROTECT\00000183.000
c:\recycler\NPROTECT\00000184.LOG
c:\recycler\NPROTECT\00000185.000
c:\recycler\NPROTECT\00000186.LOG
c:\recycler\NPROTECT\00000187.000
c:\recycler\NPROTECT\00000188.LOG
c:\recycler\NPROTECT\00000189.000
c:\recycler\NPROTECT\00000190.LOG
c:\recycler\NPROTECT\00000191.000
c:\recycler\NPROTECT\00000192.LOG
c:\recycler\NPROTECT\00000193.000
c:\recycler\NPROTECT\00000194.LOG
c:\recycler\NPROTECT\00000195.000
c:\recycler\NPROTECT\00000197.LOG
c:\recycler\NPROTECT\00000198.000
c:\recycler\NPROTECT\00000199.LOG
c:\recycler\NPROTECT\00000200.000
c:\recycler\NPROTECT\00000201.LOG
c:\recycler\NPROTECT\00000202.000
c:\recycler\NPROTECT\00000203.LOG
c:\recycler\NPROTECT\00000204.000
c:\recycler\NPROTECT\00000205.LOG
c:\recycler\NPROTECT\00000206.000
c:\recycler\NPROTECT\00000209.LOG
c:\recycler\NPROTECT\00000210.000
c:\recycler\NPROTECT\00000211.LOG
c:\recycler\NPROTECT\00000212.000
c:\recycler\NPROTECT\00000213.LOG
c:\recycler\NPROTECT\00000214.000
c:\recycler\NPROTECT\00000215.LOG
c:\recycler\NPROTECT\00000216.000
c:\recycler\NPROTECT\00000217.LOG
c:\recycler\NPROTECT\00000218.000
c:\recycler\NPROTECT\00000219.LOG
c:\recycler\NPROTECT\00000220.000
c:\recycler\NPROTECT\00000228.LOG
c:\recycler\NPROTECT\00000229.000
c:\recycler\NPROTECT\00000230.LNK
c:\recycler\NPROTECT\00000231.LNK
c:\recycler\NPROTECT\00000233.LOG
c:\recycler\NPROTECT\00000234.000
c:\recycler\NPROTECT\00000238.LOG
c:\recycler\NPROTECT\00000239.000
c:\recycler\NPROTECT\00000240.USE
c:\recycler\NPROTECT\00000241.USE
c:\recycler\NPROTECT\00000242.USE
c:\recycler\NPROTECT\00000244.LOG
c:\recycler\NPROTECT\00000245.000
c:\recycler\NPROTECT\00000249.LOG
c:\recycler\NPROTECT\00000250.000
c:\recycler\NPROTECT\00000252.LOG
c:\recycler\NPROTECT\00000253.000
c:\recycler\NPROTECT\00000254.LOG
c:\recycler\NPROTECT\00000255.000
c:\recycler\NPROTECT\00000256.LOG
c:\recycler\NPROTECT\00000257.000
c:\recycler\NPROTECT\00000258.LOG
c:\recycler\NPROTECT\00000259.000
c:\recycler\NPROTECT\00000260.LOG
c:\recycler\NPROTECT\00000261.000
c:\recycler\NPROTECT\00000262.XML
c:\recycler\NPROTECT\00000263.XML
c:\recycler\NPROTECT\00000264.LOG
c:\recycler\NPROTECT\00000265.000
c:\recycler\NPROTECT\00000266.XML
c:\recycler\NPROTECT\00000267.LOG
c:\recycler\NPROTECT\00000268.000
c:\recycler\NPROTECT\00000269.LOG
c:\recycler\NPROTECT\00000270.000
c:\recycler\NPROTECT\00000271.LOG
c:\recycler\NPROTECT\00000272.000
c:\recycler\NPROTECT\00000273.LOG
c:\recycler\NPROTECT\00000274.000
c:\recycler\NPROTECT\00000275.LOG
c:\recycler\NPROTECT\00000276.000
c:\recycler\NPROTECT\00000278.LOG
c:\recycler\NPROTECT\00000279.000
c:\recycler\NPROTECT\00000280.LOG
c:\recycler\NPROTECT\00000281.000
c:\recycler\NPROTECT\00000282.LOG
c:\recycler\NPROTECT\00000283.000
c:\recycler\NPROTECT\00000284.LOG
c:\recycler\NPROTECT\00000285.000
c:\recycler\NPROTECT\00000286.LOG
c:\recycler\NPROTECT\00000287.000
c:\recycler\NPROTECT\00000289.LOG
c:\recycler\NPROTECT\00000290.000
c:\recycler\NPROTECT\00000291.LOG
c:\recycler\NPROTECT\00000292.000
c:\recycler\NPROTECT\00000293.LOG
c:\recycler\NPROTECT\00000294.000
c:\recycler\NPROTECT\00000295.LOG
c:\recycler\NPROTECT\00000296.000
c:\recycler\NPROTECT\00000297.LOG
c:\recycler\NPROTECT\00000298.000
c:\recycler\NPROTECT\00000299.LNK
c:\recycler\NPROTECT\00000300.LNK
c:\recycler\NPROTECT\00000301.WBK
c:\recycler\NPROTECT\00000302.LNK
c:\recycler\NPROTECT\00000303.LNK
c:\recycler\NPROTECT\00000304.LNK
c:\recycler\NPROTECT\00000305.LNK
c:\recycler\NPROTECT\00000306.LNK
c:\recycler\NPROTECT\00000307.LNK
c:\recycler\NPROTECT\00000322.LOG
c:\recycler\NPROTECT\00000323.000
c:\recycler\NPROTECT\00000325.PF
c:\recycler\NPROTECT\00000326.PF
c:\recycler\NPROTECT\00000327.PF
c:\recycler\NPROTECT\00000328.PF
c:\recycler\NPROTECT\00000329.PF
c:\recycler\NPROTECT\00000330.PF
c:\recycler\NPROTECT\00000331.PF
c:\recycler\NPROTECT\00000332.PF
c:\recycler\NPROTECT\00000333.PF
c:\recycler\NPROTECT\00000334.PF
c:\recycler\NPROTECT\00000335.PF
c:\recycler\NPROTECT\00000336.PF
c:\recycler\NPROTECT\00000337.PF
c:\recycler\NPROTECT\00000338.PF
c:\recycler\NPROTECT\00000339.PF
c:\recycler\NPROTECT\00000340.PF
c:\recycler\NPROTECT\00000341.PF
c:\recycler\NPROTECT\00000342.PF
c:\recycler\NPROTECT\00000343.PF
c:\recycler\NPROTECT\00000344.PF
c:\recycler\NPROTECT\00000345.PF
c:\recycler\NPROTECT\00000346.PF
c:\recycler\NPROTECT\00000347.PF
c:\recycler\NPROTECT\00000348.PF
c:\recycler\NPROTECT\00000349.PF
c:\recycler\NPROTECT\00000350.PF
c:\recycler\NPROTECT\00000351.PF
c:\recycler\NPROTECT\00000352.PF
c:\recycler\NPROTECT\00000353.PF
c:\recycler\NPROTECT\00000354.PF
c:\recycler\NPROTECT\00000355.PF
c:\recycler\NPROTECT\00000356.PF
c:\recycler\NPROTECT\00000357.PF
c:\recycler\NPROTECT\00000358.PF
c:\recycler\NPROTECT\00000359.PF
c:\recycler\NPROTECT\00000360.PF
c:\recycler\NPROTECT\00000361.PF
c:\recycler\NPROTECT\00000362.PF
c:\recycler\NPROTECT\00000363.PF
c:\recycler\NPROTECT\00000364.PF
c:\recycler\NPROTECT\00000365.PF
c:\recycler\NPROTECT\00000366.PF
c:\recycler\NPROTECT\00000367.PF
c:\recycler\NPROTECT\00000368.PF
c:\recycler\NPROTECT\00000369.PF
c:\recycler\NPROTECT\00000370.PF
c:\recycler\NPROTECT\00000371.PF
c:\recycler\NPROTECT\00000372.PF
c:\recycler\NPROTECT\00000373.PF
c:\recycler\NPROTECT\00000374.PF
c:\recycler\NPROTECT\00000375.PF
c:\recycler\NPROTECT\00000376.PF
c:\recycler\NPROTECT\00000377.PF
c:\recycler\NPROTECT\00000378.PF
c:\recycler\NPROTECT\00000379.PF
c:\recycler\NPROTECT\00000380.PF
c:\recycler\NPROTECT\00000381.PF
c:\recycler\NPROTECT\00000382.PF
c:\recycler\NPROTECT\00000383.PF
c:\recycler\NPROTECT\00000384.PF
c:\recycler\NPROTECT\00000385.PF
c:\recycler\NPROTECT\00000386.PF
c:\recycler\NPROTECT\00000387.PF
c:\recycler\NPROTECT\00000388.PF
c:\recycler\NPROTECT\00000389.PF
c:\recycler\NPROTECT\00000390.PF
c:\recycler\NPROTECT\00000391.PF
c:\recycler\NPROTECT\00000392.PF
c:\recycler\NPROTECT\00000393.PF
c:\recycler\NPROTECT\00000394.PF
c:\recycler\NPROTECT\00000395.PF
c:\recycler\NPROTECT\00000396.PF
c:\recycler\NPROTECT\00000397.PF
c:\recycler\NPROTECT\00000398.PF
c:\recycler\NPROTECT\00000399.PF
c:\recycler\NPROTECT\00000400.PF
c:\recycler\NPROTECT\00000401.PF
c:\recycler\NPROTECT\00000402.PF
c:\recycler\NPROTECT\00000403.PF
c:\recycler\NPROTECT\00000404.PF
c:\recycler\NPROTECT\00000405.PF
c:\recycler\NPROTECT\00000406.PF
c:\recycler\NPROTECT\00000407.PF
c:\recycler\NPROTECT\00000408.PF
c:\recycler\NPROTECT\00000409.PF
c:\recycler\NPROTECT\00000410.PF
c:\recycler\NPROTECT\00000411.PF
c:\recycler\NPROTECT\00000412.PF
c:\recycler\NPROTECT\00000413.PF
c:\recycler\NPROTECT\00000414.PF
c:\recycler\NPROTECT\00000415.PF
c:\recycler\NPROTECT\00000416.PF
c:\recycler\NPROTECT\00000417.PF
c:\recycler\NPROTECT\00000418.PF
c:\recycler\NPROTECT\00000419.PF
c:\recycler\NPROTECT\00000423.LOG
c:\recycler\NPROTECT\00000424.000
c:\recycler\NPROTECT\00000427.LOG
c:\recycler\NPROTECT\00000428.000
c:\recycler\NPROTECT\00000434.LOG
c:\recycler\NPROTECT\00000435.000
c:\recycler\NPROTECT\00000441.LOG
c:\recycler\NPROTECT\00000442.000
c:\recycler\NPROTECT\00000444.LOG
c:\recycler\NPROTECT\00000445.000
c:\recycler\NPROTECT\00000448.LOG
c:\recycler\NPROTECT\00000449.000
c:\recycler\NPROTECT\00000450.LOG
c:\recycler\NPROTECT\00000451.000
c:\recycler\NPROTECT\00000452.LOG
c:\recycler\NPROTECT\00000453.000
c:\recycler\NPROTECT\00000455.LOG
c:\recycler\NPROTECT\00000456.000
c:\recycler\NPROTECT\00000457.LOG
c:\recycler\NPROTECT\00000458.000
c:\recycler\NPROTECT\00000459.LOG
c:\recycler\NPROTECT\00000460.000
c:\recycler\NPROTECT\00000461.LOG
c:\recycler\NPROTECT\00000462.000
c:\recycler\NPROTECT\00000463.LOG
c:\recycler\NPROTECT\00000464.000
c:\recycler\NPROTECT\00000465.LOG
c:\recycler\NPROTECT\00000466.000
c:\recycler\NPROTECT\00000469.LOG
c:\recycler\NPROTECT\00000470.000
c:\recycler\NPROTECT\00000471.LOG
c:\recycler\NPROTECT\00000472.000
c:\recycler\NPROTECT\00000473.LOG
c:\recycler\NPROTECT\00000474.000
c:\recycler\NPROTECT\00000475.LOG
c:\recycler\NPROTECT\00000476.000
c:\recycler\NPROTECT\00000477.LOG
c:\recycler\NPROTECT\00000478.000
c:\recycler\NPROTECT\00000479.LOG
c:\recycler\NPROTECT\00000480.000
c:\recycler\NPROTECT\00000482.LOG
c:\recycler\NPROTECT\00000483.000
c:\recycler\NPROTECT\00000484.LOG
c:\recycler\NPROTECT\00000485.000
c:\recycler\NPROTECT\00000487.LOG
c:\recycler\NPROTECT\00000488.000
c:\recycler\NPROTECT\00000489.LOG
c:\recycler\NPROTECT\00000490.000
c:\recycler\NPROTECT\00000491.LOG
c:\recycler\NPROTECT\00000492.000
c:\recycler\NPROTECT\00000494.LOG
c:\recycler\NPROTECT\00000495.000
c:\recycler\NPROTECT\00000498.LOG
c:\recycler\NPROTECT\00000499.000
c:\recycler\NPROTECT\00000500.LOG
c:\recycler\NPROTECT\00000501.000
c:\recycler\NPROTECT\00000503.LOG
c:\recycler\NPROTECT\00000504.000
c:\recycler\NPROTECT\00000505.LOG
c:\recycler\NPROTECT\00000506.000
c:\recycler\NPROTECT\00000507.LOG
c:\recycler\NPROTECT\00000508.000
c:\recycler\NPROTECT\00000510.LOG
c:\recycler\NPROTECT\00000511.000
c:\recycler\NPROTECT\00000512.LOG
c:\recycler\NPROTECT\00000513.000
c:\recycler\NPROTECT\00000514.LOG
c:\recycler\NPROTECT\00000515.000
c:\recycler\NPROTECT\00000516.LOG
c:\recycler\NPROTECT\00000517.000
c:\recycler\NPROTECT\00000518.LOG
c:\recycler\NPROTECT\00000519.000
c:\recycler\NPROTECT\00000520.LOG
c:\recycler\NPROTECT\00000521.000
c:\recycler\NPROTECT\00000522.LOG
c:\recycler\NPROTECT\00000523.000
c:\recycler\NPROTECT\00000524.LOG
c:\recycler\NPROTECT\00000525.000
c:\recycler\NPROTECT\00000526.LOG
c:\recycler\NPROTECT\00000527.000
c:\recycler\NPROTECT\00000529.LOG
c:\recycler\NPROTECT\00000530.000
c:\recycler\NPROTECT\00000531.LOG
c:\recycler\NPROTECT\00000532.000
c:\recycler\NPROTECT\00000533.LOG
c:\recycler\NPROTECT\00000534.000
c:\recycler\NPROTECT\00000535.LOG
c:\recycler\NPROTECT\00000536.000
c:\recycler\NPROTECT\00000537.LOG
c:\recycler\NPROTECT\00000538.000
c:\recycler\NPROTECT\00000539.LOG
c:\recycler\NPROTECT\00000540.000
c:\recycler\NPROTECT\00000541.LOG
c:\recycler\NPROTECT\00000542.000
c:\recycler\NPROTECT\00000543.LOG
c:\recycler\NPROTECT\00000544.000
c:\recycler\NPROTECT\00000547.LOG
c:\recycler\NPROTECT\00000548.000
c:\recycler\NPROTECT\00000549.LOG
c:\recycler\NPROTECT\00000550.000
c:\recycler\NPROTECT\00000551.LOG
c:\recycler\NPROTECT\00000552.000
c:\recycler\NPROTECT\00000553.LOG
c:\recycler\NPROTECT\00000554.000
c:\recycler\NPROTECT\00000556.PSP
c:\recycler\NPROTECT\00000561.LOG
c:\recycler\NPROTECT\00000562.000
c:\recycler\NPROTECT\00000567.LOG
c:\recycler\NPROTECT\00000568.000
c:\recycler\NPROTECT\00000574.LOG
c:\recycler\NPROTECT\00000575.000
c:\recycler\NPROTECT\00000582.LOG
c:\recycler\NPROTECT\00000583.000
c:\recycler\NPROTECT\00000584.LOG
c:\recycler\NPROTECT\00000585.000
c:\recycler\NPROTECT\00000590.LOG
c:\recycler\NPROTECT\00000591.000
c:\recycler\NPROTECT\00000599.LOG
c:\recycler\NPROTECT\00000600.000
c:\recycler\NPROTECT\00000609.log
c:\recycler\NPROTECT\00000610.edb
c:\recycler\NPROTECT\00000614.LOG
c:\recycler\NPROTECT\00000615.000
c:\recycler\NPROTECT\00000619.LOG
c:\recycler\NPROTECT\00000620.000
c:\recycler\NPROTECT\00000621.LOG
c:\recycler\NPROTECT\00000622.000
c:\recycler\NPROTECT\00000623.LOG
c:\recycler\NPROTECT\00000624.000
c:\recycler\NPROTECT\00000625.LOG
c:\recycler\NPROTECT\00000626.000
c:\recycler\NPROTECT\00000627.LOG
c:\recycler\NPROTECT\00000628.000
c:\recycler\NPROTECT\00000629.LOG
c:\recycler\NPROTECT\00000630.000
c:\recycler\NPROTECT\00000631.LOG
c:\recycler\NPROTECT\00000632.000
c:\recycler\NPROTECT\00000638.gpd
c:\recycler\NPROTECT\00000639.gpd
c:\recycler\NPROTECT\00000640.gpd
c:\recycler\NPROTECT\00000641.gpd
c:\recycler\NPROTECT\00000642.gpd
c:\recycler\NPROTECT\00000643.gpd
c:\recycler\NPROTECT\00000649
c:\recycler\NPROTECT\00000650.dat
c:\recycler\NPROTECT\00000651.idx
c:\recycler\NPROTECT\00000652.FCS
c:\recycler\NPROTECT\NPROTECT.LOG
c:\recycler\S-1-5-21-682003330-1060284298-1708537768-1003
c:\recycler\S-1-5-21-682003330-1060284298-1708537768-1003\desktop.ini
c:\recycler\S-1-5-21-682003330-1060284298-1708537768-1003\INFO2
c:\windows\Readme.txt

.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-04 20:52 . 2009-10-04 20:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-04 20:52 . 2009-10-04 20:52 -------- dc----w- c:\documents and settings\Yury\Application Data\Office Genuine Advantage
2009-10-04 15:20 . 2009-10-04 15:20 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-04 15:20 . 2009-10-04 15:20 -------- dc----w- c:\documents and settings\Yury\Application Data\SUPERAntiSpyware.com
2009-09-29 01:14 . 2009-09-29 01:14 -------- dc----w- c:\program files\Driver Robot
2009-09-29 01:04 . 2009-09-29 01:04 -------- dc----w- c:\windows\system32\wbem\Repository
2009-09-29 01:04 . 2009-09-29 01:04 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-28 23:23 . 2009-09-29 01:04 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters(2)
2009-09-27 13:58 . 2009-09-27 13:58 -------- dc----w- c:\documents and settings\Yury\Application Data\Blitware
2009-09-25 23:30 . 2009-09-25 23:30 -------- dc----w- c:\documents and settings\All Users\Application Data\page
2009-09-25 23:22 . 2009-09-25 23:28 -------- dc----w- c:\documents and settings\Yury\Application Data\GetRightToGo
2009-09-24 23:26 . 2009-09-24 23:26 -------- dc----w- c:\documents and settings\Yury\MyConnection PC
2009-09-21 01:05 . 2009-09-21 01:05 -------- dc----w- c:\program files\AskBarDis
2009-09-18 01:16 . 2009-09-18 01:16 -------- dc----w- c:\program files\PCPitstop
2009-09-18 01:16 . 2009-09-18 01:16 -------- dc----w- c:\documents and settings\Yury\Application Data\PCPitstop
2009-09-18 01:16 . 2009-09-18 01:17 -------- dc----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-09-11 17:08 . 2009-09-11 17:08 24744 -c--a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-10 21:52 . 2009-09-10 21:52 104512 -c--a-w- c:\windows\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-04 21:42 . 2006-03-02 02:06 -------- dc----w- c:\program files\NCH Swift Sound
2009-10-04 15:19 . 2003-02-23 05:05 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-04 15:10 . 2009-05-19 23:29 -------- dc----w- c:\documents and settings\Yury\Application Data\BabylonXtra
2009-10-04 02:52 . 2009-08-18 13:05 -------- dc----w- c:\documents and settings\Yury\Application Data\Skype
2009-10-03 23:25 . 2007-12-25 17:21 -------- dc----w- c:\documents and settings\Yury\Application Data\skypePM
2009-09-10 18:54 . 2009-02-06 03:18 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-02-06 03:19 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 23:38 . 2008-03-09 16:08 -------- dc----w- c:\program files\Microsoft Silverlight
2009-09-06 22:12 . 2009-09-06 22:12 -------- dc----w- c:\program files\LightScribe Template Labeler
2009-09-06 22:02 . 2009-09-06 21:14 -------- dc----w- c:\program files\Common Files\LightScribe
2009-09-06 22:01 . 2009-09-06 22:01 -------- dc----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-26 02:06 . 2009-08-25 23:47 -------- dc----w- c:\documents and settings\Yury\Application Data\ErrorWiz
2009-08-18 13:14 . 2009-08-18 13:14 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2009-08-18 13:05 . 2009-08-18 13:05 -------- dc----w- c:\program files\Common Files\Skype
2009-08-18 13:05 . 2009-08-18 13:05 -------- dc----r- c:\program files\Skype
2009-08-18 13:05 . 2007-09-08 23:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-17 16:10 . 2008-11-13 00:09 1279456 -c--a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-11-13 00:09 93392 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-11-13 00:09 94160 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-11-13 00:09 114768 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-11-13 00:09 20560 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-11-13 00:09 51376 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-11-13 00:09 23152 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-11-13 00:09 26944 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-11-13 00:09 97480 -c--a-w- c:\windows\system32\AvastSS.scr
2009-08-11 23:22 . 2009-01-31 16:09 27136 -c--a-w- c:\windows\system32\drivers\nchssvad.sys
2009-08-06 23:24 . 2004-08-18 23:36 327896 -c--a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-18 23:36 209632 -c--a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 -c--a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-18 23:36 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-07-17 23:58 53472 -c--a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-07-17 23:58 96480 -c--a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-18 23:36 575704 -c--a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-03-22 19:01 274288 -c--a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 08:19 215920 -c--a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2004-07-17 23:58 1929952 -c--a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-07-17 23:57 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 -c--a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 -c--a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 -c--a-w- c:\windows\system32\OGAEXEC.exe
2009-07-17 19:01 . 2004-07-17 23:57 58880 -c--a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-07-17 23:58 286208 -c--a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82}"= "c:\program files\NPR_Radio\tbNPR0.dll" [2009-07-08 2215960]

[HKEY_CLASSES_ROOT\clsid\{f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 21:20 279944 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82}]
2009-07-08 23:19 2215960 -c--a-w- c:\program files\NPR_Radio\tbNPR0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82}"= "c:\program files\NPR_Radio\tbNPR0.dll" [2009-07-08 2215960]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F2C96FF5-E7BD-4FC5-9B71-1D3BD0B6BF82}"= "c:\program files\NPR_Radio\tbNPR0.dll" [2009-07-08 2215960]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Free Ram Optimizer"="e:\program files\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 57344]
"TClockEx"="e:\tclockex\TCLOCKEX.EXE" [2000-03-09 89088]
"Google Update"="c:\documents and settings\Yury\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-30 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"ProcessSupervisorGUI"="e:\program files\Process Lasso\processlasso.exe" [2008-12-13 316944]
"ProcessGovernor"="e:\program files\Process Lasso\processgovernor.exe" [2008-12-13 133136]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2008-07-30 38912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CPU meter.exe.lnk - c:\windows\$NtServicePackUninstall$\taskmgr.exe [2008-9-26 135680]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\Userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Yury\Application Data\iolo\\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ %I

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk]
backup=c:\windows\pss\eFax 4.2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax.com Tray Menu.lnk]
backup=c:\windows\pss\eFax.com Tray Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk]
backup=c:\windows\pss\Live Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LocalNet.lnk]
backup=c:\windows\pss\LocalNet.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
backup=c:\windows\pss\MightyFAX Controller.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Doc Pro - 4.2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Cleaner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startemdoit
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcactive
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcmonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"SCardDrv"=3 (0x3)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\i2hub\\i2hub.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_04\\bin\\javaw.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/28/2009 11:29 AM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/12/2008 8:09 PM 114768]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [11/12/2008 8:09 PM 20560]
R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:\windows\system32\dri vers\HIDKbFlt.sys [7/25/2005 6:13 AM 23680]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/14/2007 7:09 PM 572776]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/14/2007 7:09 PM 572776]
R2 IOPort;IOPort;c:\windows\system32\IOPORT.SYS [2/22/2003 10:36 PM 6144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 951632]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2N DIS5.SYS [11/1/2004 3:16 PM 17536]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [7/20/2004 5:53 PM 11520]
S3 Unilocator;Unilocator;c:\windows\system32\LOCATRNT .EXE [9/30/1996 120832]
S4 EarthLinkMonitor;EarthLink Monitor Service;"c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe" --> c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;e:\program files\PCPitstop\PCPitstopScheduleService.exe [9/17/2009 9:16 PM 85504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:29]

2009-10-07 c:\windows\Tasks\Ad-Aware.job
- c:\progra~1\Lavasoft\Ad-Aware\Ad-Aware.exe [2009-01-18 14:29]

2009-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-05 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.4\DriverRobot.exe [2009-09-29 14:22]

2009-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-162531612-725345543-1003Core.job
- c:\documents and settings\Yury\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-30 17:03]

2009-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-162531612-725345543-1003UA.job
- c:\documents and settings\Yury\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-30 17:03]

2009-10-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-10-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mLocal Page = \blank.htm
mStart Page = hxxp://my.yahoo.com/p/d.html?v
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s
IE: &Check Spelling - c:\program files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
IE: &ieSpell Options - c:\program files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
IE: Download with &Shareaza
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\documents and settings\Yury\Application Data\Mozilla\Firefox\Profiles\zuz3oq4r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: e:\program files\Mozilla Firefox\components\rpff.dll
FF - plugin: c:\documents and settings\Yury\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\Mozilla Plugins\npitunes.dll
FF - plugin: e:\program files\Opera\program\plugins\npdsplay.dll
FF - plugin: e:\program files\Opera\program\plugins\NPSWF32.dll
FF - plugin: e:\program files\Opera\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-DealAssistant - c:\documents and settings\Yury\Application Data\DealAssistant\DealAssistant.exe
SafeBoot-svcWRSSSDK
AddRemove-DealAssistant - c:\documents and settings\Yury\Application Data\DealAssistant\DAUninstall.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 14:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{F238CF1D-55BC-7523-7560-9CDB79BF4BC3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-746137067-162531612-725345543-1003\Software\Zepter Software\RegLib*74b861c1\AnyDVD/1]
"1"=dword:444c1dae
"2"=dword:4469288a

[HKEY_USERS\S-1-5-21-746137067-162531612-725345543-1003\Software\Zepter Software\RegLib*74b861c1\CloneDVD2/2]
"1"=dword:4459420d
"2"=dword:44d6822c

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\Explorer]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
e:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-10-10 14:19
ComboFix-quarantined-files.txt 2009-10-10 18:19

Pre-Run: 4,351,975,424 bytes free
Post-Run: 4,366,622,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptOut

791 --- E O F --- 2009-10-04 20:39
Do you think I should run it again?

yuhr · #12 23rd Oct 2009, 09:17

Thank you.
I will, in awhile, and post the results. In the meantime, below are gmer results. Nothing in red, but I am very curious: along with suspicious entries (like noAdware, process Lasso, Bonjour [should I uninstall them?] it lists many Windows entries, Notepad among them, Moxilla entries, etc. On what basis does one discriminate between them? Or you just rely on the line(s) "No malicious items detected"?
A gizmo called Prevx found 1 item, but only paid version can delete it. As soon as I finish typing, I'll close Mozilla
(file:///E:/Program%20Files/Mozilla%20Firefox/components/rpff.dllP
) and will try to delete it manually; now I cannot, as a popup appears: cannot be deleted...in use. If not, I'll invest ~$30 in Prevx. (I suspect that *rpff.dll is not a real malware: Prevx labels the threat as "Medium", it's probably Mozilla's way to gather info about my activities. I don't mind, as long as I am a statistical entry for them; they don't know my name.
One of AMW prodrams (AdAware?) found 2 entries named MSConnectDialer and 1 named Backdoor. No wonder M$ knows what version of Windows I run ands other details about PC guts. Backdoor name loudly speaks for inself.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/18/2009 10:11:50 AM
mbam-log-2009-10-18 (10-11-50).txt

Scan type: Quick Scan
Objects scanned: 105989
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**evilfantasy** · #13 23rd Oct 2009, 10:40

Quote:

(like noAdware, process Lasso, Bonjour [should I uninstall them?]

NoAdware should be uninstalled. The others are safe.

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

yuhr · #14 23rd Oct 2009, 11:42

Logfile created: 10/18/2009 10:27:13
Lavasoft Ad-Aware version: 8.0.8
Extended engine version: 8.1
User performing

yuhr · #15 23rd Oct 2009, 11:59

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/22/2003 8:40:58 PM
System Uptime: 10/23/2009 12:26:35 PM (2 hours ago)

Motherboard: Intel Corporation | | D845PESV
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | J2E1 | 2399/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 3.802 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 8.271 GiB free.
E: is FIXED (NTFS) - 50 GiB total, 47.39 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DLS Synthesizer
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Microsoft Kernel DLS Synthesizer
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic

==== System Restore Points ===================

RP1: 10/11/2009 5:39:19 PM - System Checkpoint
RP2: 10/11/2009 5:41:15 PM - Revo Uninstaller's restore point - NPR_Radio Toolbar
RP3: 10/11/2009 9:00:24 PM - Revo Uninstaller's restore point - Driver Robot 1.1.0.5
RP4: 10/12/2009 2:33:04 PM - Installed QuickTime
RP5: 10/13/2009 7:52:54 PM - System Checkpoint
RP6: 10/13/2009 8:34:59 PM - Revo Uninstaller's restore point - Windows Defender
RP7: 10/13/2009 9:11:41 PM - Removed Windows Defender
RP8: 10/17/2009 10:39:51 AM - Removed Windows Installer Clean Up
RP9: 10/17/2009 10:39:57 AM - Installed Windows Installer Clean Up
RP10: 10/17/2009 11:38:53 AM - Restore Operation
RP11: 10/17/2009 12:13:46 PM - Restore Operation
RP12: 10/17/2009 12:23:38 PM - Revo Uninstaller's restore point - Driver Robot 1.1.0.5
RP13: 10/17/2009 7:13:31 PM - Revo Uninstaller's restore point - Windows Defender
RP14: 10/17/2009 7:14:17 PM - Removed Windows Defender
RP15: 10/17/2009 7:20:52 PM - win def
RP16: 10/17/2009 7:38:53 PM - win def
RP17: 10/18/2009 9:51:40 AM - Revo Uninstaller's restore point - MyConnection PC
RP18: 10/18/2009 9:54:21 AM - Revo Uninstaller's restore point - Driver Robot 1.1.0.5
RP19: 10/18/2009 4:53:32 PM - Restore Operation
RP20: 10/19/2009 7:41:06 PM - Restore Operation
RP21: 10/21/2009 11:46:27 AM - System Checkpoint
RP22: 10/22/2009 3:03:28 PM - System Checkpoint
RP23: 10/23/2009 10:37:47 AM - Revo Uninstaller's restore point - NoAdware v5.0

==== Installed Programs ======================

360Share Pro(remove only)
Access Drivers
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.5
Adobe Shockwave Player
AnyDVD
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Antivirus
AVI Movie Player
Babylon Plug In
Bonjour
Canon MP Navigator EX 1.0
Canon MP610 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
CloneDVD2
Critical Update for Windows Media Player 11 (KB959772)
Deal Info
Driver Robot 1.1.0.5
EarthLink FastLane
EarthLink MailBox
EarthLink Wireless High Speed
Easy-WebPrint
Easy CD Creator 5 Basic
eFax Messenger 4.2
Exterminate3
FaxDrive
FormatFactory 2.15
FUJIFILM FinePixViewer S Ver.2.0
Google Gears
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
ieSpell (remove only)
Instant Memory Cleaner 7.20
Internet Keyboard Elite
iTunes
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 16
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
KB408682
KC Softwares SUMo
LightScribe System Software
LightScribe Template Labeler
Logitech Desktop Messenger
Logitech MouseWare 9.79
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser
Mirar
Mozilla Firefox (3.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyConnection PC
NVDVD
OGA Notifier 2.0.0048.0
Opera 9.64
Panicware Pop-Up Stopper Pro
PaperPort
PC Matic 1.0.0.0
PowerDVD
Prevx 3.0
Prism Video Converter
QuickTime
RamBooster
Redistributed Files
Revo Uninstaller 1.83
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Skype™ 4.1
SnagIt 6
SnagIt 7
SUPERAntiSpyware Free Edition
TClockEx
The Cleaner v6.0 Beta
TotalAccess Core Applications
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6d
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
WordWeb

==== Event Viewer Messages From Past Week ========

10/18/2009 11:39:36 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
10/17/2009 9:44:20 AM, error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: An error occurred while reading or writing to a file.
10/17/2009 7:06:55 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
10/17/2009 12:17:03 PM, error: WinDefend [2004] -
10/17/2009 10:31:17 AM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The system cannot find the file specified.
10/17/2009 10:16:40 PM, error: Print [6161] - The document Microsoft Word - Document1 owned by Yury failed to print on printer Canon MP610 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 17072. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\YUHRTW. Win32 error code returned by the print processor: 0 (0x0).
10/17/2009 1:18:18 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================

yuhr · #16 23rd Oct 2009, 13:21

There is a new problem: my keyboard types only once in a second, i. e. I have to hold ANY key down for ~1' for it to type or to move cursor and I hear every motion from PC int. speaker

**evilfantasy** · #17 23rd Oct 2009, 17:34

Have you tried restarting the computer?

Go to Add or Remove Programs and uninstall:

Ask Toolbar
Driver Robot 1.1.0.5
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1

I need you to run DDS again and post the first log called DDS.txt. You didn't post that one.

yuhr · #18 24th Oct 2009, 11:22

Quote:

Have you tried restarting the computer?

Go to Add or Remove Programs and uninstall:

Ask Toolbar
Driver Robot 1.1.0.5Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1

My typing had been excruciatingly slow, I could not go through all the details. When the keyboard became slow, restarting, shutting down, System Restore and a few other things didn't work either. Two or three hours later they got their function back, spontaneously; after restarting the keyboard recovered but I was exhausted and shut the PC down. After all, lately it's been on for 10-12 h/day, probably it needed some R+R

.
As far as I know, Ask Toolbar (I hate it!) and Driver Robot (worthless) had been uninstalled by Revo Uninstaller, which cleans Registry as well. Just in case, I usually run Start>Search and regedit>Find afterwards.
Now I'll uninstall mentioned Java entries.
Sometimes, one or another application announces that it cannot function without Java ... .If it happens again, I'll install relevant Java...if asked for again and uninstall it after I am done with a particular SW. Agree?

Quote:

I need you to run DDS again and post the first log called DDS.txt. You didn't post that one.

I thought I'd posted it, above. I saved your instructions and will read them again.
See you in awhile.

**evilfantasy** · #19 24th Oct 2009, 11:51

You have Java(TM) 6 Update 16 installed. The others are older versions that are useless and open to an attack by malware.

yuhr · #20 24th Oct 2009, 14:06

Ask Toolbar is not actually preset - see attached. Perhaps, some leftovers are still present in the Registry, as I am afraid to delete Registry lines that do not contain words Ask Toolbar, or Java, etc., instead are marked with digits or gibberish (to me). Do you think its save to delete all bold lines found by Uninstaller below My Computer? The same with Driver Robot. All Java entries resisted installation, e. g. after I confirmed "Uninstall", Java offered me to update current version instead, etc. If you advise, I'll perform manual cleaning, though other entities of Java are still present in the PC, and I am afraid to delete shared files and keys (On the other hand, if those remaining Javas wont work, I may completely uninstall everything called Java, and then reinstall only necessary Javas.
I just realized, then I did not Restart before running dds again. If needed, I'll do it.
I found few other programs I never use or am not sure. Here they are:
Apple Mobile Device Support
EarthLink FastLane
EarthLink MailBox
EarthLink Wireless High Speed
I don’t have Earthlink anymore and use my rather primitive old cell phone as a phone only. The only Apple SW I have is iTunes (AFAIK)

Deal Info
Bonjour
Exterminate3
Instant Memory Cleaner 7.20
KB408682
KC Softwares SUMo
MirarMSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
OGA Notifier 2.0.0048.0Microsoft .NET Framework 2.0 Service Pack 2
I do not remenber ever installing the above nor ever actively using them. What is your advice?

Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser
I, probably, installed them following microsoft.com suggestions. I usually don’t understand its technospeak and just obey “this update is very important. Do I need them all?
----------------------------------

This post is long enough as is, I'll post both dds files in the next one, after you advise re: Restart.