I have ads on google.co.uk and I am being redirected on my banking site to another page that is asking for my full memoreable information. The bank have confirmed this is not a correct page. I have kaspersky running and it does not detect anything.
Here is my log below, I would be very grateful if someone can help.
Thank you
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NetVeda Safety.Net (ipcSvc) - Unknown owner - C:\Program Files\NetVeda\Safety.Net\ipcsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
Full Version: Being redirected on banking site
UPDATE
SDFIX removed some stuff and so did SpyBot SnD. Please find below new HJT log and SDFIX log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:39, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\ray cliff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NetVeda Safety.Net (ipcSvc) - Unknown owner - C:\Program Files\NetVeda\Safety.Net\ipcsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
--
End of file - 5637 bytes
SDFix: Version 1.234
Run by ray cliff on 12/10/2008 at 16:10
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds - Deleted
C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds - Deleted
C:\WINDOWS\system32\twain_32\local.ds - Deleted
C:\WINDOWS\system32\twain_32\user.ds - Deleted
C:\WINDOWS\system32\twext.exe - Deleted
Folder C:\Documents and Settings\LocalService\Application Data\twain_32 - Removed
Folder C:\Documents and Settings\NetworkService\Application Data\twain_32 - Removed
Folder C:\WINDOWS\system32\twain_32 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 16:25:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\lxdacoms.exe"="C:\\WINDOWS\\system32\\lxdacoms.exe:*:Enabled:Lexmark Communications System"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Drivers\\Drivers2\\MirandaPortable\\App\\miranda\\miranda32.exe"="E:\\Drivers\\Drivers2\\MirandaPortable\\App\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"E:\\Drivers\\Drivers2\\WLM Lite 8.5.exe"="E:\\Drivers\\Drivers2\\WLM Lite 8.5.exe:*:Enabled:Windows Live Messenger Lite"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 8 Mar 2008 0 A..H. --- "C:\WINDOWS\fsrv.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 17 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
Internet explorer seems to be working normally now. No ads on google.co.uk and my banking site is not redirecting to any page asking for my full memorable info.
Let me know what you think though.
Thank you.
SDFIX removed some stuff and so did SpyBot SnD. Please find below new HJT log and SDFIX log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:39, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\ray cliff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NetVeda Safety.Net (ipcSvc) - Unknown owner - C:\Program Files\NetVeda\Safety.Net\ipcsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
--
End of file - 5637 bytes
SDFix: Version 1.234
Run by ray cliff on 12/10/2008 at 16:10
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds - Deleted
C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds - Deleted
C:\WINDOWS\system32\twain_32\local.ds - Deleted
C:\WINDOWS\system32\twain_32\user.ds - Deleted
C:\WINDOWS\system32\twext.exe - Deleted
Folder C:\Documents and Settings\LocalService\Application Data\twain_32 - Removed
Folder C:\Documents and Settings\NetworkService\Application Data\twain_32 - Removed
Folder C:\WINDOWS\system32\twain_32 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 16:25:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\lxdacoms.exe"="C:\\WINDOWS\\system32\\lxdacoms.exe:*:Enabled:Lexmark Communications System"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Drivers\\Drivers2\\MirandaPortable\\App\\miranda\\miranda32.exe"="E:\\Drivers\\Drivers2\\MirandaPortable\\App\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"E:\\Drivers\\Drivers2\\WLM Lite 8.5.exe"="E:\\Drivers\\Drivers2\\WLM Lite 8.5.exe:*:Enabled:Windows Live Messenger Lite"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 8 Mar 2008 0 A..H. --- "C:\WINDOWS\fsrv.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 17 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
Internet explorer seems to be working normally now. No ads on google.co.uk and my banking site is not redirecting to any page asking for my full memorable info.
Let me know what you think though.
Thank you.
Hello, jerrycliff.
to BleepingComputer.com
My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
Yes, it does look like SDFix removed the particular infection you had.
Please do an online scan with Kaspersky WebScanner.
We need to create an OTViewIt Report
In your next reply, please include the following:
Billy3
to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
- In the meantime, please refrain from making any changes to your computer.
- Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
- If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
- Finally, please reply using the
button in the lower left hand corner of your screen.
Yes, it does look like SDFix removed the particular infection you had.
Please do an online scan with Kaspersky WebScanner.
- Please visit the Kaspersky Online Scanner website.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. - Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- Save the file to your desktop.
- Copy and paste that information in your next post.
We need to create an OTViewIt Report
- Please download OTViewIt by OldTimer.
- Save it to your desktop.
- Double click on the
icon on your desktop. - Click the "Scan All Users" checkbox.
- Push the
button. - Two reports will open, copy and paste them in a reply here:
- OTViewIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
In your next reply, please include the following:
- Kaspersky's Log
- OTViewIt.txt
- Extra.txt
Billy3
Hi Billy, thanks for helping me.
I am running Kaspersky internet security 2009 and have been since the infection. I did a full scan of EVERYTHING last night with the most up to date databases and it found nothing except some vulnerabilities.
It has found vulnerabilities since I installed it and I have gradually whittled the list down. At present it only has items from microsoft office in it as for some reason my computer will not let me install office SP3 and I have lost the original disks.
Please find below the extras.Txt and OTViewIt.Txt. If you still want me to do the Kaspersky online scan I will but I would think it uses the same databases as the Kaspersky programme does it not?
Also for your info I have Spyboy S&D installed and the latest scan with the latest update revealed nothing.
I also downloaded Malwarebytes last night and it's scan also revealed nothing.
I am fairly confident I am clean, but a second opinion is never a bad thing.
Thanks again.
OTViewIt logfile created on: 18/10/2008 17:42:54 - Run 2
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\AntiSpywareProgrammes
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1015.48 Mb Total Physical Memory | 614.95 Mb Available Physical Memory | 60.56% Memory free
2.39 Gb Paging File | 1.95 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 65.18 Gb Free Space | 50.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MYSELF-Z6383S9J
Current User Name: ray cliff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2004/09/07 14:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/04/25 18:21:30 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/04/25 18:21:30 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/01/29 17:57:30 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdacoms.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/08/23 06:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/14 05:42:30 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/18 17:23:39 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\AntiSpywareProgrammes\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/04/25 18:21:30 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/07/30 20:22:34 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
File not found -- -- (ipcSvc [Auto | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/01/29 17:57:30 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdacoms.exe -- (lxda_device [Auto | Running])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
========== Driver Services ==========
[2004/10/01 11:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/02/27 14:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt [System | Running])
[2001/08/23 13:00:00 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2 [On_Demand | Stopped])
[2001/08/23 13:00:00 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback [Auto | Running])
[2001/08/23 13:00:00 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks [Auto | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/08/03 22:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/08/03 22:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys -- (HSF_DP [On_Demand | Running])
[2001/08/23 13:00:00 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft [On_Demand | Stopped])
[2005/06/21 17:12:34 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2005/05/07 15:09:14 | 00,147,456 | ---- | M] (NetVeda LLC) -- C:\WINDOWS\system32\drivers\ipcimxps.sys -- (ipcimxps [On_Demand | Running])
[2005/05/25 22:35:58 | 00,039,040 | ---- | M] (NetVeda LLC) -- C:\WINDOWS\system32\drivers\ipctdixp.sys -- (IpcTdiXP [System | Running])
[2001/08/23 13:00:00 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56 [Auto | Running])
[2008/04/16 14:23:44 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/01/29 18:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2008/03/13 19:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV [On_Demand | Running])
[2008/10/07 21:11:09 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/03/25 20:07:10 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2004/08/03 22:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/12/11 23:34:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/23 13:00:00 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample [On_Demand | Stopped])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/23 13:00:00 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax [Auto | Running])
[2008/05/26 23:19:04 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2001/08/23 13:00:00 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones [Auto | Running])
[2007/09/16 20:10:28 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2001/08/23 13:00:00 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124 [Auto | Running])
[2006/07/26 18:22:42 | 01,958,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000 [On_Demand | Stopped])
[2004/08/03 22:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys -- (winachsf [On_Demand | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.co.uk
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.co.uk
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (267103 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9252 more lines...
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
========== (O3) Toolbars ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F4D76F09-7896-458A-890F-E1F05C46069F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F4D76F09-7896-458A-890F-E1F05C46069F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=ALCXMNTR.EXE (Realtek Semiconductor Corp.)
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" (Kaspersky Lab)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
========== (O4) Startup Folders ==========
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=28
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Banner Ad Blocker: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008/04/25 18:08:42 | 00,001,411 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 03:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 03:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 03:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Banner Ad Blocker: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008/04/25 18:08:42 | 00,001,411 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 03:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [2008/04/25 18:22:54 | 00,222,472 | ---- | M] (Kaspersky Lab)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{C2A80015-C447-4dc4-82DD-AED83D6ED57E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{C2A80015-C447-4dc4-82DD-AED83D6ED57E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
========== (O17) DNS Name Servers ==========
{5E979162-1D97-49B6-A8AA-5B4095504325} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{BC01B4D9-A5B4-4275-8F6F-E46ABFE935A5} (Servers: | Description: )
{C5E7DE97-EE24-4874-B88C-9C972F73CA4F} (Servers: | Description: 1394 Net Adapter)
========== (O20) AppInit_DLLs ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
>[2008/10/07 21:11:08 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll
>[2008/04/25 18:21:50 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll
>[2008/04/25 18:22:22 | 00,011,016 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2007/02/06 01:15:36 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
========== Files/Folders - Created Within 30 Days ==========
[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/17 22:31:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ray cliff\Application Data\Malwarebytes
[2008/10/17 22:31:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/15 02:33:05 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 02:32:40 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 02:32:38 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 02:32:37 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 02:32:36 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 02:32:36 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/13 13:26:03 | 00,684,032 | ---- | C] () -- C:\Documents and Settings\ray cliff\Desktop\esa_training_document.doc
[2008/10/13 11:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/10/13 11:06:45 | 15,984,024 | ---- | C] () -- C:\Documents and Settings\ray cliff\Desktop\jre-6u7-windows-i586-p.exe
[2008/10/12 16:09:10 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/12 16:06:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/12 16:01:41 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/10/12 11:41:46 | 00,000,000 | ---D | C] -- C:\AntiSpywareProgrammes
[2008/10/12 10:49:48 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/12 10:49:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/12 10:29:49 | 00,000,000 | ---D | C] -- C:\HJT
[2008/10/12 10:19:28 | 01,458,812 | ---- | C] () -- C:\Documents and Settings\ray cliff\Desktop\SDFix.exe
[2008/10/08 01:08:43 | 12,336,8360 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ray cliff\Desktop\Office2003SP3-KB923618-FullFile-ENU.exe
[2008/10/08 00:30:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/08 00:14:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/10/08 00:14:31 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/10/08 00:14:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/10/08 00:14:22 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2008/10/08 00:14:22 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2008/10/08 00:14:22 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2008/10/08 00:14:22 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2008/10/08 00:14:21 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2008/10/08 00:14:20 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2008/10/08 00:14:20 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2008/10/08 00:14:20 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2008/10/08 00:14:20 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2008/10/08 00:14:19 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2008/10/08 00:14:19 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2008/10/08 00:14:19 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2008/10/08 00:14:18 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2008/10/08 00:14:18 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2008/10/08 00:14:18 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2008/10/08 00:14:18 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2008/10/08 00:14:18 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll
[2008/10/08 00:14:18 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2008/10/08 00:14:18 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2008/10/08 00:14:18 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2008/10/08 00:14:17 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2008/10/08 00:14:17 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2008/10/08 00:14:16 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2008/10/08 00:14:16 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll
[2008/10/08 00:14:16 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2008/10/08 00:14:16 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2008/10/08 00:14:16 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2008/10/08 00:14:16 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2008/10/08 00:14:16 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2008/10/08 00:14:16 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2008/10/08 00:14:16 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2008/10/08 00:14:16 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2008/10/08 00:14:16 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2008/10/08 00:14:16 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2008/10/08 00:14:16 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2008/10/08 00:14:16 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2008/10/08 00:14:15 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2008/10/08 00:14:15 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2008/10/08 00:14:15 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2008/10/08 00:14:15 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2008/10/08 00:14:15 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2008/10/08 00:14:15 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2008/10/08 00:14:15 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2008/10/08 00:14:15 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2008/10/08 00:14:15 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2008/10/08 00:14:15 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2008/10/08 00:14:14 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2008/10/08 00:14:14 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2008/10/08 00:14:14 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2008/10/08 00:14:13 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2008/10/08 00:14:13 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2008/10/08 00:14:13 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2008/10/08 00:14:13 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2008/10/08 00:14:13 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2008/10/08 00:14:13 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2008/10/08 00:14:13 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2008/10/08 00:14:13 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2008/10/08 00:14:13 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2008/10/08 00:14:13 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2008/10/08 00:14:13 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2008/10/08 00:14:13 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2008/10/08 00:14:13 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2008/10/08 00:14:13 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2008/10/08 00:14:13 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2008/10/08 00:14:13 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2008/10/08 00:14:13 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2008/10/08 00:14:12 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2008/10/08 00:14:12 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2008/10/08 00:14:12 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2008/10/08 00:14:12 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2008/10/08 00:14:10 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2008/10/08 00:14:09 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2008/10/08 00:14:09 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2008/10/08 00:14:09 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2008/10/08 00:14:09 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2008/10/08 00:14:07 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll
[2008/10/08 00:14:06 | 00,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2008/10/08 00:14:06 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2008/10/08 00:14:06 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp43dmod.dll
[2008/10/08 00:14:06 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2008/10/08 00:14:05 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2008/10/08 00:14:05 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2008/10/08 00:14:04 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2008/10/08 00:14:04 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2008/10/08 00:14:04 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2008/10/08 00:14:04 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2008/10/08 00:14:04 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/10/08 00:14:04 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2008/10/08 00:14:04 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2008/10/08 00:14:04 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2008/10/08 00:14:04 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2008/10/08 00:14:04 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2008/10/08 00:13:52 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2008/10/08 00:13:08 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/10/08 00:13:07 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/10/08 00:12:59 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/10/08 00:12:55 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/10/08 00:12:53 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/10/08 00:12:51 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/10/08 00:12:50 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/10/08 00:12:50 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/10/08 00:12:50 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/10/08 00:12:49 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/10/08 00:12:49 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/10/08 00:12:49 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/10/08 00:12:48 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/10/08 00:12:48 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/10/08 00:12:48 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/10/08 00:12:47 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/10/08 00:12:46 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/10/08 00:12:46 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/10/08 00:12:45 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/10/08 00:12:45 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/10/08 00:12:45 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/10/08 00:12:44 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/10/08 00:12:44 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/10/08 00:12:44 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/10/08 00:12:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/10/08 00:12:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/10/08 00:12:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/10/08 00:12:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/10/08 00:12:30 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/10/08 00:12:29 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/10/08 00:12:28 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/10/08 00:12:27 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/10/08 00:12:27 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/10/08 00:12:27 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/10/08 00:12:24 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/10/08 00:12:24 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/10/08 00:12:23 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/10/08 00:12:23 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/10/08 00:12:23 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/10/08 00:12:21 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/10/08 00:12:18 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/10/08 00:12:18 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/10/08 00:12:17 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/10/08 00:12:17 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/10/08 00:12:17 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/10/08 00:12:16 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/10/08 00:12:15 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/10/08 00:12:10 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/10/08 00:12:10 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/10/08 00:12:06 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/10/08 00:11:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/08 00:11:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/08 00:11:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/08 00:11:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/10/07 23:58:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asferror.dll
[2008/10/07 23:58:04 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2008/10/07 23:57:57 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2008/10/07 23:57:57 | 00,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4dmod.dll
[2008/10/07 23:57:56 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds32.ax
[2008/10/07 23:57:56 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2008/10/07 23:57:56 | 00,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2008/10/07 23:57:55 | 00,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2008/10/07 23:57:55 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscds32.ax
[2008/10/07 23:57:55 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2008/10/07 23:57:54 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2008/10/07 23:57:54 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2008/10/07 23:57:54 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2008/10/07 23:57:49 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2008/10/07 23:57:49 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmedia.dll
[2008/10/07 23:57:47 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2008/10/07 23:57:44 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcd.dll
[2008/10/07 23:57:44 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.ocx
[2008/10/07 23:57:43 | 02,940,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll
[2008/10/07 23:57:43 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2008/10/07 23:57:43 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcore.dll
[2008/10/07 23:57:42 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe.dll
[2008/10/07 23:57:42 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll
[2008/10/07 23:57:42 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpui.dll
[2008/10/07 23:57:41 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmstream.dll
[2008/10/07 23:57:41 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmv8ds32.ax
[2008/10/07 23:57:41 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvds32.ax
[2008/10/07 23:51:40 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/10/07 23:49:15 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/10/07 23:08:23 | 00,002,141 | ---- | C] () -- C:\WINDOWS\System32\%LocalXml%
[2008/10/07 23:00:30 | 13,588,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ray cliff\Desktop\O2kSp3.exe
[2008/10/07 18:59:01 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/10/07 18:59:01 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/10/07 18:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2008/10/07 18:58:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2008/10/07 18:56:49 | 00,213,008 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/07 18:53:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/10/07 02:48:43 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2008/10/04 18:24:14 | 00,105,772 | ---- | C] () -- C:\WINDOWS\DEATH_FONT.TTF
[2008/10/04 15:27:08 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\ray cliff\Desktop\Internet.lnk
[2008/10/04 15:13:00 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/04 15:12:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/04 14:42:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2008/10/04 14:37:03 | 00,000,000 | RH-D | C] -- C:\AHCache
[2008/09/29 18:00:56 | 00,000,000 | ---D | C] -- C:\Program Files\Screen Recorder
[2008/09/20 10:58:59 | 00,029,877 | ---- | C] () -- C:\Documents and Settings\ray cliff\Application Data\mdbu.bin
========== Files - Modified Within 30 Days ==========
[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/18 15:52:21 | 00,003,040 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/10/18 15:52:20 | 00,573,472 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/10/18 15:26:47 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/18 15:26:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/18 15:25:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/18 11:13:51 | 03,222,048 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/18 11:13:51 | 00,037,484 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/15 22:35:03 | 00,267,103 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/15 02:40:45 | 01,482,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 02:38:35 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 01:36:33 | 00,684,032 | ---- | M] () -- C:\Documents and Settings\ray cliff\Desktop\esa_training_document.doc
[2008/10/13 18:27:28 | 00,002,141 | ---- | M] () -- C:\WINDOWS\System32\%LocalXml%
[2008/10/13 13:23:24 | 00,266,000 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081015-223503.backup
[2008/10/13 11:06:45 | 15,984,024 | ---- | M] () -- C:\Documents and Settings\ray cliff\Desktop\jre-6u7-windows-i586-p.exe
[2008/10/12 18:45:18 | 00,266,000 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081013-132324.backup
[2008/10/12 16:10:52 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081012-184518.backup
[2008/10/12 16:09:10 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/12 10:19:40 | 01,458,812 | ---- | M] () -- C:\Documents and Settings\ray cliff\Desktop\SDFix.exe
[2008/10/11 18:52:44 | 00,198,656 | ---- | M] () -- C:\Documents and Settings\ray cliff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 01:09:20 | 12,336,8360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ray cliff\Desktop\Office2003SP3-KB923618-FullFile-ENU.exe
[2008/10/08 00:34:57 | 00,400,464 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/08 00:34:57 | 00,060,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/08 00:34:55 | 00,468,864 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/07 23:50:18 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/07 23:00:37 | 13,588,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ray cliff\Desktop\O2kSp3.exe
[2008/10/07 21:11:09 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/07 21:11:06 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/10/07 21:11:06 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/10/07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/04 20:26:14 | 00,043,336 | ---- | M] () -- C:\Documents and Settings\ray cliff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/04 15:27:08 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\ray cliff\Desktop\Internet.lnk
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/30 19:23:26 | 00,230,424 | ---- | M] () -- C:\img2-001.raw
[2008/09/23 16:55:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081012-114425.backup
[2008/09/20 21:17:44 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Lexstat.ini
[2008/09/20 11:59:03 | 00,029,877 | ---- | M] () -- C:\Documents and Settings\ray cliff\Application Data\mdbu.bin
[2008/09/20 10:48:18 | 00,000,009 | ---- | M] () -- C:\Documents and Settings\ray cliff\Application Data\mdb.bin
< End of report >
OTViewIt Extras logfile created on: 18/10/2008 17:42:54 - Run 2
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\AntiSpywareProgrammes
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1015.48 Mb Total Physical Memory | 614.95 Mb Available Physical Memory | 60.56% Memory free
2.39 Gb Paging File | 1.95 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 65.18 Gb Free Space | 50.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MYSELF-Z6383S9J
Current User Name: ray cliff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
""=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/29 17:57:30 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdacoms.exe:*:Enabled:Lexmark Communications System
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- E:\Drivers\Drivers2\MirandaPortable\App\miranda\miranda32.exe:*:Enabled:Miranda IM
File not found -- E:\Drivers\Drivers2\WLM Lite 8.5.exe:*:Enabled:Windows Live Messenger Lite
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 14:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 16:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 23:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}"=Canon ScanGear Starter
"{1F8F3CBD-3FDB-4872-A784-AA5C0F6B5FC6}"=Adobe Photoshop CS3 Cracker by Aravind
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2CCBABCB-6427-4A55-B091-49864623C43F}"=Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}"=Google Gears
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{84918CAE-2B7D-401E-98E0-557F97BA7857}"=Lightroom
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}"=Kaspersky Internet Security 2009
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}"=ScanSoft OmniPage SE 4.0
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}"=Manual CanoScan LiDE 25
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}"=TuneUp Utilities 2007
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}"=Canon CanoScan Toolbox 4.9
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
"AoA DVD Copy_is1"=AoA DVD Copy
"Bonusprint Photoservice_is1"=Bonusprint Photoservice
"BookSmart™ 1.9.7 1.9.7"=BookSmart™ 1.9.7 1.9.7
"DPP"=Canon Utilities Digital Photo Professional 2.2
"DVD Flick_is1"=DVD Flick
"EOS Utility"=Canon Utilities EOS Utility
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ImgBurn"=ImgBurn
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}"=Kaspersky Internet Security 2009
"Lexmark 640 Series"=Lexmark 640 Series
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1"=PeerGuardian 2.0
"PhotoStitch"=Canon Utilities PhotoStitch
"Revo Uninstaller"=Revo Uninstaller 1.75
"SystemRequirementsLab"=System Requirements Lab
"UltimateDefrag V1 FREE Public Domain Version"=UltimateDefrag V1 FREE Public Domain Version
"VLC media player"=VideoLAN VLC media player 0.8.6c
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09/10/2008 22:38:08 | Computer Name = MYSELF-Z6383S9J | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Additional
information is available in the log file C:\DOCUME~1\RAYCLI~1\LOCALS~1\Temp\OHotfix\OHotfix(00010)_Msi.log.
Error - 12/10/2008 10:40:15 | Computer Name = MYSELF-Z6383S9J | Source = Application Hang | ID = 1002
Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/10/2008 10:40:23 | Computer Name = MYSELF-Z6383S9J | Source = Application Hang | ID = 1002
Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/10/2008 12:19:35 | Computer Name = MYSELF-Z6383S9J | Source = Google Update | ID = 20
Description =
Error - 12/10/2008 13:20:06 | Computer Name = MYSELF-Z6383S9J | Source = Google Update | ID = 20
Description =
Error - 12/10/2008 14:20:09 | Computer Name = MYSELF-Z6383S9J | Source = Google Update | ID = 20
Description =
Error - 12/10/2008 15:47:43 | Computer Name = MYSELF-Z6383S9J | Source = Google Update | ID = 20
Description =
Error - 13/10/2008 18:50:59 | Computer Name = MYSELF-Z6383S9J | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1311.
Source file not found(cabinet): C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB.
Verify that the file exists and that you can access it.
Error - 13/10/2008 18:51:05 | Computer Name = MYSELF-Z6383S9J | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127
Error - 14/10/2008 21:31:35 | Computer Name = MYSELF-Z6383S9J | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 17/10/2008 13:49:28 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
Error - 17/10/2008 16:56:34 | Computer Name = MYSELF-Z6383S9J | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000C76FF1F28 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 17/10/2008 16:56:52 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
Error - 17/10/2008 19:31:56 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
Error - 18/10/2008 02:54:40 | Computer Name = MYSELF-Z6383S9J | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000C76FF1F28 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 18/10/2008 02:55:01 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
Error - 18/10/2008 05:48:30 | Computer Name = MYSELF-Z6383S9J | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000C76FF1F28 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 18/10/2008 05:48:51 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
Error - 18/10/2008 10:26:02 | Computer Name = MYSELF-Z6383S9J | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000C76FF1F28 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 18/10/2008 10:26:23 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
< End of report >
I am running Kaspersky internet security 2009 and have been since the infection. I did a full scan of EVERYTHING last night with the most up to date databases and it found nothing except some vulnerabilities.
It has found vulnerabilities since I installed it and I have gradually whittled the list down. At present it only has items from microsoft office in it as for some reason my computer will not let me install office SP3 and I have lost the original disks.
Please find below the extras.Txt and OTViewIt.Txt. If you still want me to do the Kaspersky online scan I will but I would think it uses the same databases as the Kaspersky programme does it not?
Also for your info I have Spyboy S&D installed and the latest scan with the latest update revealed nothing.
I also downloaded Malwarebytes last night and it's scan also revealed nothing.
I am fairly confident I am clean, but a second opinion is never a bad thing.
Thanks again.
OTViewIt logfile created on: 18/10/2008 17:42:54 - Run 2
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\AntiSpywareProgrammes
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1015.48 Mb Total Physical Memory | 614.95 Mb Available Physical Memory | 60.56% Memory free
2.39 Gb Paging File | 1.95 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 65.18 Gb Free Space | 50.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MYSELF-Z6383S9J
Current User Name: ray cliff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2004/09/07 14:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/04/25 18:21:30 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/04/25 18:21:30 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/01/29 17:57:30 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdacoms.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/08/23 06:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/14 05:42:30 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/18 17:23:39 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\AntiSpywareProgrammes\OTViewIt.exe
========== (O23) Win32 Services ==========
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/04/25 18:21:30 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/07/30 20:22:34 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
File not found -- -- (ipcSvc [Auto | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/01/29 17:57:30 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdacoms.exe -- (lxda_device [Auto | Running])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
========== Driver Services ==========
[2004/10/01 11:24:02 | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/02/27 14:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt [System | Running])
[2001/08/23 13:00:00 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2 [On_Demand | Stopped])
[2001/08/23 13:00:00 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback [Auto | Running])
[2001/08/23 13:00:00 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks [Auto | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/08/03 22:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys -- (HSFHWBS2 [On_Demand | Running])
[2004/08/03 22:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys -- (HSF_DP [On_Demand | Running])
[2001/08/23 13:00:00 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft [On_Demand | Stopped])
[2005/06/21 17:12:34 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2005/05/07 15:09:14 | 00,147,456 | ---- | M] (NetVeda LLC) -- C:\WINDOWS\system32\drivers\ipcimxps.sys -- (ipcimxps [On_Demand | Running])
[2005/05/25 22:35:58 | 00,039,040 | ---- | M] (NetVeda LLC) -- C:\WINDOWS\system32\drivers\ipctdixp.sys -- (IpcTdiXP [System | Running])
[2001/08/23 13:00:00 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56 [Auto | Running])
[2008/04/16 14:23:44 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/01/29 18:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2008/03/13 19:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV [On_Demand | Running])
[2008/10/07 21:11:09 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/03/25 20:07:10 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2004/08/03 22:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/12/11 23:34:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/23 13:00:00 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample [On_Demand | Stopped])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/23 13:00:00 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax [Auto | Running])
[2008/05/26 23:19:04 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2001/08/23 13:00:00 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones [Auto | Running])
[2007/09/16 20:10:28 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2001/08/23 13:00:00 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124 [Auto | Running])
[2006/07/26 18:22:42 | 01,958,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000 [On_Demand | Stopped])
[2004/08/03 22:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys -- (winachsf [On_Demand | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.co.uk
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.co.uk
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (267103 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9252 more lines...
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
========== (O3) Toolbars ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F4D76F09-7896-458A-890F-E1F05C46069F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F4D76F09-7896-458A-890F-E1F05C46069F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=ALCXMNTR.EXE (Realtek Semiconductor Corp.)
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" (Kaspersky Lab)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
========== (O4) Startup Folders ==========
========== (O6 & O7) Current Version Policies ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=28
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Banner Ad Blocker: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008/04/25 18:08:42 | 00,001,411 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 03:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 03:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 03:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Banner Ad Blocker: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008/04/25 18:08:42 | 00,001,411 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 03:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [2008/04/25 18:22:54 | 00,222,472 | ---- | M] (Kaspersky Lab)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{C2A80015-C447-4dc4-82DD-AED83D6ED57E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 23:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{C2A80015-C447-4dc4-82DD-AED83D6ED57E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
========== (O17) DNS Name Servers ==========
{5E979162-1D97-49B6-A8AA-5B4095504325} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{BC01B4D9-A5B4-4275-8F6F-E46ABFE935A5} (Servers: | Description: )
{C5E7DE97-EE24-4874-B88C-9C972F73CA4F} (Servers: | Description: 1394 Net Adapter)
========== (O20) AppInit_DLLs ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
>[2008/10/07 21:11:08 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll
>[2008/04/25 18:21:50 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll
>[2008/04/25 18:22:22 | 00,011,016 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2007/02/06 01:15:36 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
========== Files/Folders - Created Within 30 Days ==========
[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/17 22:31:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ray cliff\Application Data\Malwarebytes
[2008/10/17 22:31:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/15 02:33:05 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 02:32:40 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 02:32:38 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 02:32:37 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 02:32:36 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 02:32:36 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/13 13:26:03 | 00,684,032 | ---- | C] () -- C:\Documents and Settings\ray cliff\Desktop\esa_training_document.doc
[2008/10/13 11:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/10/13 11:06:45 | 15,984,024 | ---- | C] () -- C:\Documents and Settings\ray cliff\Desktop\jre-6u7-windows-i586-p.exe
[2008/10/12 16:09:10 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/12 16:06:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/10/12 16:01:41 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/10/12 11:41:46 | 00,000,000 | ---D | C] -- C:\AntiSpywareProgrammes
[2008/10/12 10:49:48 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/12 10:49:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/12 10:29:49 | 00,000,000 | ---D | C] -- C:\HJT
[2008/10/12 10:19:28 | 01,458,812 | ---- | C] () -- C:\Documents and Settings\ray cliff\Desktop\SDFix.exe
[2008/10/08 01:08:43 | 12,336,8360 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ray cliff\Desktop\Office2003SP3-KB923618-FullFile-ENU.exe
[2008/10/08 00:30:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/08 00:14:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/10/08 00:14:31 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/10/08 00:14:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/10/08 00:14:22 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2008/10/08 00:14:22 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2008/10/08 00:14:22 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2008/10/08 00:14:22 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2008/10/08 00:14:21 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2008/10/08 00:14:20 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2008/10/08 00:14:20 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2008/10/08 00:14:20 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2008/10/08 00:14:20 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2008/10/08 00:14:19 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2008/10/08 00:14:19 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2008/10/08 00:14:19 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2008/10/08 00:14:18 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2008/10/08 00:14:18 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2008/10/08 00:14:18 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2008/10/08 00:14:18 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2008/10/08 00:14:18 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll
[2008/10/08 00:14:18 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2008/10/08 00:14:18 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2008/10/08 00:14:18 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2008/10/08 00:14:17 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2008/10/08 00:14:17 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2008/10/08 00:14:16 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2008/10/08 00:14:16 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll
[2008/10/08 00:14:16 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2008/10/08 00:14:16 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2008/10/08 00:14:16 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2008/10/08 00:14:16 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2008/10/08 00:14:16 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2008/10/08 00:14:16 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2008/10/08 00:14:16 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2008/10/08 00:14:16 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2008/10/08 00:14:16 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2008/10/08 00:14:16 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2008/10/08 00:14:16 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2008/10/08 00:14:16 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2008/10/08 00:14:15 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2008/10/08 00:14:15 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2008/10/08 00:14:15 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2008/10/08 00:14:15 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2008/10/08 00:14:15 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2008/10/08 00:14:15 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2008/10/08 00:14:15 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2008/10/08 00:14:15 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2008/10/08 00:14:15 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2008/10/08 00:14:15 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2008/10/08 00:14:14 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2008/10/08 00:14:14 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2008/10/08 00:14:14 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2008/10/08 00:14:13 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2008/10/08 00:14:13 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2008/10/08 00:14:13 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2008/10/08 00:14:13 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2008/10/08 00:14:13 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2008/10/08 00:14:13 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2008/10/08 00:14:13 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2008/10/08 00:14:13 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2008/10/08 00:14:13 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2008/10/08 00:14:13 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2008/10/08 00:14:13 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2008/10/08 00:14:13 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2008/10/08 00:14:13 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2008/10/08 00:14:13 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2008/10/08 00:14:13 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2008/10/08 00:14:13 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2008/10/08 00:14:13 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2008/10/08 00:14:12 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2008/10/08 00:14:12 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2008/10/08 00:14:12 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2008/10/08 00:14:12 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2008/10/08 00:14:10 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2008/10/08 00:14:09 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2008/10/08 00:14:09 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2008/10/08 00:14:09 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2008/10/08 00:14:09 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2008/10/08 00:14:07 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll
[2008/10/08 00:14:06 | 00,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2008/10/08 00:14:06 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2008/10/08 00:14:06 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp43dmod.dll
[2008/10/08 00:14:06 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2008/10/08 00:14:05 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2008/10/08 00:14:05 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2008/10/08 00:14:04 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2008/10/08 00:14:04 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2008/10/08 00:14:04 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2008/10/08 00:14:04 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2008/10/08 00:14:04 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2008/10/08 00:14:04 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2008/10/08 00:14:04 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2008/10/08 00:14:04 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2008/10/08 00:14:04 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2008/10/08 00:14:04 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2008/10/08 00:13:52 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2008/10/08 00:13:08 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/10/08 00:13:07 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/10/08 00:12:59 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/10/08 00:12:55 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/10/08 00:12:53 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/10/08 00:12:51 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/10/08 00:12:50 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/10/08 00:12:50 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/10/08 00:12:50 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/10/08 00:12:49 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/10/08 00:12:49 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/10/08 00:12:49 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/10/08 00:12:48 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/10/08 00:12:48 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/10/08 00:12:48 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/10/08 00:12:47 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/10/08 00:12:46 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/10/08 00:12:46 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/10/08 00:12:45 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/10/08 00:12:45 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/10/08 00:12:45 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/10/08 00:12:44 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/10/08 00:12:44 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/10/08 00:12:44 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/10/08 00:12:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/10/08 00:12:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/10/08 00:12:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/10/08 00:12:31 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/10/08 00:12:30 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/10/08 00:12:29 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/10/08 00:12:28 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/10/08 00:12:27 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/10/08 00:12:27 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/10/08 00:12:27 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/10/08 00:12:24 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/10/08 00:12:24 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/10/08 00:12:23 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/10/08 00:12:23 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/10/08 00:12:23 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/10/08 00:12:21 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/10/08 00:12:18 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/10/08 00:12:18 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/10/08 00:12:17 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/10/08 00:12:17 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/10/08 00:12:17 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/10/08 00:12:16 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/10/08 00:12:15 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/10/08 00:12:10 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/10/08 00:12:10 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/10/08 00:12:06 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/10/08 00:11:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/08 00:11:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/08 00:11:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/08 00:11:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/10/07 23:58:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asferror.dll
[2008/10/07 23:58:04 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2008/10/07 23:57:57 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2008/10/07 23:57:57 | 00,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4dmod.dll
[2008/10/07 23:57:56 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds32.ax
[2008/10/07 23:57:56 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2008/10/07 23:57:56 | 00,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2008/10/07 23:57:55 | 00,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2008/10/07 23:57:55 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscds32.ax
[2008/10/07 23:57:55 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2008/10/07 23:57:54 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2008/10/07 23:57:54 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2008/10/07 23:57:54 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2008/10/07 23:57:49 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2008/10/07 23:57:49 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmedia.dll
[2008/10/07 23:57:47 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2008/10/07 23:57:44 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcd.dll
[2008/10/07 23:57:44 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.ocx
[2008/10/07 23:57:43 | 02,940,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll
[2008/10/07 23:57:43 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2008/10/07 23:57:43 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcore.dll
[2008/10/07 23:57:42 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe.dll
[2008/10/07 23:57:42 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll
[2008/10/07 23:57:42 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpui.dll
[2008/10/07 23:57:41 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmstream.dll
[2008/10/07 23:57:41 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmv8ds32.ax
[2008/10/07 23:57:41 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvds32.ax
[2008/10/07 23:51:40 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/10/07 23:49:15 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/10/07 23:08:23 | 00,002,141 | ---- | C] () -- C:\WINDOWS\System32\%LocalXml%
[2008/10/07 23:00:30 | 13,588,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ray cliff\Desktop\O2kSp3.exe
[2008/10/07 18:59:01 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/10/07 18:59:01 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/10/07 18:58:01 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2008/10/07 18:58:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2008/10/07 18:56:49 | 00,213,008 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/07 18:53:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/10/07 02:48:43 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2008/10/04 18:24:14 | 00,105,772 | ---- | C] () -- C:\WINDOWS\DEATH_FONT.TTF
[2008/10/04 15:27:08 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\ray cliff\Desktop\Internet.lnk
[2008/10/04 15:13:00 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/04 15:12:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/04 14:42:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2008/10/04 14:37:03 | 00,000,000 | RH-D | C] -- C:\AHCache
[2008/09/29 18:00:56 | 00,000,000 | ---D | C] -- C:\Program Files\Screen Recorder
[2008/09/20 10:58:59 | 00,029,877 | ---- | C] () -- C:\Documents and Settings\ray cliff\Application Data\mdbu.bin
========== Files - Modified Within 30 Days ==========
[7 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/18 15:52:21 | 00,003,040 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/10/18 15:52:20 | 00,573,472 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/10/18 15:26:47 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/18 15:26:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/18 15:25:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/18 11:13:51 | 03,222,048 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/18 11:13:51 | 00,037,484 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/15 22:35:03 | 00,267,103 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/10/15 02:40:45 | 01,482,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 02:38:35 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 01:36:33 | 00,684,032 | ---- | M] () -- C:\Documents and Settings\ray cliff\Desktop\esa_training_document.doc
[2008/10/13 18:27:28 | 00,002,141 | ---- | M] () -- C:\WINDOWS\System32\%LocalXml%
[2008/10/13 13:23:24 | 00,266,000 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081015-223503.backup
[2008/10/13 11:06:45 | 15,984,024 | ---- | M] () -- C:\Documents and Settings\ray cliff\Desktop\jre-6u7-windows-i586-p.exe
[2008/10/12 18:45:18 | 00,266,000 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081013-132324.backup
[2008/10/12 16:10:52 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081012-184518.backup
[2008/10/12 16:09:10 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/10/12 10:19:40 | 01,458,812 | ---- | M] () -- C:\Documents and Settings\ray cliff\Desktop\SDFix.exe
[2008/10/11 18:52:44 | 00,198,656 | ---- | M] () -- C:\Documents and Settings\ray cliff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 01:09:20 | 12,336,8360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ray cliff\Desktop\Office2003SP3-KB923618-FullFile-ENU.exe
[2008/10/08 00:34:57 | 00,400,464 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/08 00:34:57 | 00,060,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/08 00:34:55 | 00,468,864 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/07 23:50:18 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/07 23:00:37 | 13,588,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ray cliff\Desktop\O2kSp3.exe
[2008/10/07 21:11:09 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/07 21:11:06 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/10/07 21:11:06 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/10/07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/04 20:26:14 | 00,043,336 | ---- | M] () -- C:\Documents and Settings\ray cliff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/04 15:27:08 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\ray cliff\Desktop\Internet.lnk
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/30 19:23:26 | 00,230,424 | ---- | M] () -- C:\img2-001.raw
[2008/09/23 16:55:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081012-114425.backup
[2008/09/20 21:17:44 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Lexstat.ini
[2008/09/20 11:59:03 | 00,029,877 | ---- | M] () -- C:\Documents and Settings\ray cliff\Application Data\mdbu.bin
[2008/09/20 10:48:18 | 00,000,009 | ---- | M] () -- C:\Documents and Settings\ray cliff\Application Data\mdb.bin
< End of report >
OTViewIt Extras logfile created on: 18/10/2008 17:42:54 - Run 2
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\AntiSpywareProgrammes
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1015.48 Mb Total Physical Memory | 614.95 Mb Available Physical Memory | 60.56% Memory free
2.39 Gb Paging File | 1.95 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 65.18 Gb Free Space | 50.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MYSELF-Z6383S9J
Current User Name: ray cliff
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
""=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/29 17:57:30 | 00,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdacoms.exe:*:Enabled:Lexmark Communications System
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- E:\Drivers\Drivers2\MirandaPortable\App\miranda\miranda32.exe:*:Enabled:Miranda IM
File not found -- E:\Drivers\Drivers2\WLM Lite 8.5.exe:*:Enabled:Windows Live Messenger Lite
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== HKEY_USERS Protocol Defaults ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 14:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 16:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 23:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}"=Canon ScanGear Starter
"{1F8F3CBD-3FDB-4872-A784-AA5C0F6B5FC6}"=Adobe Photoshop CS3 Cracker by Aravind
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2CCBABCB-6427-4A55-B091-49864623C43F}"=Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}"=Google Gears
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{84918CAE-2B7D-401E-98E0-557F97BA7857}"=Lightroom
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}"=Kaspersky Internet Security 2009
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}"=ScanSoft OmniPage SE 4.0
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}"=Manual CanoScan LiDE 25
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}"=TuneUp Utilities 2007
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}"=Canon CanoScan Toolbox 4.9
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
"AoA DVD Copy_is1"=AoA DVD Copy
"Bonusprint Photoservice_is1"=Bonusprint Photoservice
"BookSmart™ 1.9.7 1.9.7"=BookSmart™ 1.9.7 1.9.7
"DPP"=Canon Utilities Digital Photo Professional 2.2
"DVD Flick_is1"=DVD Flick
"EOS Utility"=Canon Utilities EOS Utility
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ImgBurn"=ImgBurn
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}"=Kaspersky Internet Security 2009
"Lexmark 640 Series"=Lexmark 640 Series
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1"=PeerGuardian 2.0
"PhotoStitch"=Canon Utilities PhotoStitch
"Revo Uninstaller"=Revo Uninstaller 1.75
"SystemRequirementsLab"=System Requirements Lab
"UltimateDefrag V1 FREE Public Domain Version"=UltimateDefrag V1 FREE Public Domain Version
"VLC media player"=VideoLAN VLC media player 0.8.6c
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1214440339-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09/10/2008 22:38:08 | Computer Name = MYSELF-Z6383S9J | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Additional
information is available in the log file C:\DOCUME~1\RAYCLI~1\LOCALS~1\Temp\OHotfix\OHotfix(00010)_Msi.log.
Error - 12/10/2008 10:40:15 | Computer Name = MYSELF-Z6383S9J | Source = Application Hang | ID = 1002
Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/10/2008 10:40:23 | Computer Name = MYSELF-Z6383S9J | Source = Application Hang | ID = 1002
Description = Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 12/10/2008 12:19:35 | Computer Name = MYSELF-Z6383S9J | Source = Google Update | ID = 20
Description =
Error - 12/10/2008 13:20:06 | Computer Name = MYSELF-Z6383S9J | Source = Google Update | ID = 20
Description =
Error - 12/10/2008 14:20:09 | Computer Name = MYSELF-Z6383S9J | Source = Google Update | ID = 20
Description =
Error - 12/10/2008 15:47:43 | Computer Name = MYSELF-Z6383S9J | Source = Google Update | ID = 20
Description =
Error - 13/10/2008 18:50:59 | Computer Name = MYSELF-Z6383S9J | Source = MsiInstaller | ID = 11311
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1311.
Source file not found(cabinet): C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB.
Verify that the file exists and that you can access it.
Error - 13/10/2008 18:51:05 | Computer Name = MYSELF-Z6383S9J | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Office
2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127
Error - 14/10/2008 21:31:35 | Computer Name = MYSELF-Z6383S9J | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 17/10/2008 13:49:28 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
Error - 17/10/2008 16:56:34 | Computer Name = MYSELF-Z6383S9J | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000C76FF1F28 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 17/10/2008 16:56:52 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
Error - 17/10/2008 19:31:56 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
Error - 18/10/2008 02:54:40 | Computer Name = MYSELF-Z6383S9J | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000C76FF1F28 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 18/10/2008 02:55:01 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
Error - 18/10/2008 05:48:30 | Computer Name = MYSELF-Z6383S9J | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000C76FF1F28 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 18/10/2008 05:48:51 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
Error - 18/10/2008 10:26:02 | Computer Name = MYSELF-Z6383S9J | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 000C76FF1F28 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 18/10/2008 10:26:23 | Computer Name = MYSELF-Z6383S9J | Source = Service Control Manager | ID = 7000
Description = The NetVeda Safety.Net service failed to start due to the following
error: %%2
< End of report >
Hello, jerrycliff.
That all looks clean, but your logs indicate that you ran SDFix at some point recently. Can you post the SDFix log?
How are things running?
Billy3
That all looks clean, but your logs indicate that you ran SDFix at some point recently. Can you post the SDFix log?
How are things running?
Billy3
Hi Billy, thanks for the quick reply.
I only ran SD Fix once in safe mode as the guide indicates to do.
The log is in my second post in this thread just above your one.
Here is the log
SDFix: Version 1.234
Run by ray cliff on 12/10/2008 at 16:10
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds - Deleted
C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds - Deleted
C:\WINDOWS\system32\twain_32\local.ds - Deleted
C:\WINDOWS\system32\twain_32\user.ds - Deleted
C:\WINDOWS\system32\twext.exe - Deleted
Folder C:\Documents and Settings\LocalService\Application Data\twain_32 - Removed
Folder C:\Documents and Settings\NetworkService\Application Data\twain_32 - Removed
Folder C:\WINDOWS\system32\twain_32 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 16:25:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\lxdacoms.exe"="C:\\WINDOWS\\system32\\lxdacoms.exe:*:Enabled:Lexmark Communications System"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Drivers\\Drivers2\\MirandaPortable\\App\\miranda\\miranda32.exe"="E:\\Drivers\\Drivers2\\MirandaPortable\\App\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"E:\\Drivers\\Drivers2\\WLM Lite 8.5.exe"="E:\\Drivers\\Drivers2\\WLM Lite 8.5.exe:*:Enabled:Windows Live Messenger Lite"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 8 Mar 2008 0 A..H. --- "C:\WINDOWS\fsrv.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 17 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
This was the only time I ran it.
Things seem to be running fine. I just wanted to check there are no remnants lurking around.
Thanks Billy.
I only ran SD Fix once in safe mode as the guide indicates to do.
The log is in my second post in this thread just above your one.
Here is the log
SDFix: Version 1.234
Run by ray cliff on 12/10/2008 at 16:10
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds - Deleted
C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds - Deleted
C:\WINDOWS\system32\twain_32\local.ds - Deleted
C:\WINDOWS\system32\twain_32\user.ds - Deleted
C:\WINDOWS\system32\twext.exe - Deleted
Folder C:\Documents and Settings\LocalService\Application Data\twain_32 - Removed
Folder C:\Documents and Settings\NetworkService\Application Data\twain_32 - Removed
Folder C:\WINDOWS\system32\twain_32 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 16:25:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:eb,56,52,7c,f7,27,9c,89,83,2b,cb,23,e3,6e,2f,ce,a2,0b,d7,c0,db,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,55,67,f2,1f,63,79,b7,e0,95,5c,ae,bb,f3,8e,b5,54,2b,..
"khjeh"=hex:9f,4b,ca,9f,d0,b5,57,93,40,cf,ce,ce,9d,35,6f,88,1d,96,d8,55,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:cb,58,02,10,e6,35,1f,54,06,ca,89,13,b4,f9,3a,32,aa,25,9f,8a,55,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\lxdacoms.exe"="C:\\WINDOWS\\system32\\lxdacoms.exe:*:Enabled:Lexmark Communications System"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Drivers\\Drivers2\\MirandaPortable\\App\\miranda\\miranda32.exe"="E:\\Drivers\\Drivers2\\MirandaPortable\\App\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"E:\\Drivers\\Drivers2\\WLM Lite 8.5.exe"="E:\\Drivers\\Drivers2\\WLM Lite 8.5.exe:*:Enabled:Windows Live Messenger Lite"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 8 Mar 2008 0 A..H. --- "C:\WINDOWS\fsrv.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 17 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
This was the only time I ran it.
Things seem to be running fine. I just wanted to check there are no remnants lurking around.
Thanks Billy.
Hello, jerrycliff.
Congratulations! You now appear clean!
Are things running okay? Do you have any more questions?
System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Clean Up Our Mess
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
You will not be able to restore computer to any earlier than today!
Recommendations
Below are some recommendations to lower your chances of (re)infection.
Billy3
Congratulations! You now appear clean!
Are things running okay? Do you have any more questions?
System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Clean Up Our Mess
- Please download OTCleanIt from one of the following mirrors and save it to your desktop:
- Double click the
icon. - Push the large "Cleanup" button.
- Allow your system to reboot.
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
- Go to Start > Programs > Accessories > System Tools and click "System Restore".
- Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Then go to Start > Run and type: Cleanmgr
- Click "OK".
- Click the "More Options" Tab.
- Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
You will not be able to restore computer to any earlier than today!
Recommendations
Below are some recommendations to lower your chances of (re)infection.
- Install and maintain an outbound firewall
- Install Spyware Blaster and update it regularly
If you wish, the commercial version provides automatic updating. - Install the MVPs hosts file, and update it regularly
You can use the HostMan host file manager to do this automaticly if you wish.
For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file - Install an Anti-Spyware program, and update it regularly
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions. - Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
If you are using Windows Vista- Click the "Start Menu" (or Windows Orb)
- Click "All Programs"
- Click "Windows Update"
- On the left, choose "Change Settings"
- Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
- Press OK and accept the UAC prompt.
Note: You shouldn't need to check this checkbox every single time you update, only the first time. - Click "Check for Updates" in the upper left corner.
- Follow the instructions to install the latest updates.
- Reboot and repeat the "Check for Updates" until there are no more critical updates to install
- Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine. - Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing
.
Billy3
Thanks Billy, you were very helpful.
Hello, jerrycliff.
Since this issue appears resolved, this topic has been closed.
If you need this topic reopened, please send me or another moderator a PM.
Everyone else please begin a new topic.
Billy3
Since this issue appears resolved, this topic has been closed.
If you need this topic reopened, please send me or another moderator a PM.
Everyone else please begin a new topic.
Billy3
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.