Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
18 replies to this topic

#1 -Maverick-

-Maverick-

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 September 2008 - 02:45 PM

I received your instructions and followed them step by step. Here is my Hijackthislog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:07 PM, on 24/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [touzen] C:\WINDOWS\system32\zoowaf.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunServices: [touzen] C:\WINDOWS\system32\zoowaf.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153423829260
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SmartLinkService (eb52hoouuy) - Unknown owner - C:\WINDOWS\system32\bipucege.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7923 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 01 October 2008 - 06:00 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

I am still in training so my responses to you must be checked by an instructor first.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Please also tell me of any changes you have made to your computer since your topic was started.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 -Maverick-

-Maverick-
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 03 October 2008 - 09:34 AM

Hi PropagandaPanda!

Thank you for responding to my log. I downloaded your OTVIEWIT and I saved my logs. When I tried to connect to the internet, my google page came up, but when I tried to access your website my google did not respond. I tried to do a different search thinking maybe your website was down, but google did not respond once again. I also can't find my saved logs from OTVIEWIT. Help please!

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 03 October 2008 - 10:40 AM

Hello -Maverick-.

If you have lost the logs, just take a new scan and post those.

Are you posting from another computer right now? Would it be possible to transfer the logs to a working computer and post them?

With Regards,
The Panda

#5 -Maverick-

-Maverick-
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 03 October 2008 - 05:07 PM

Hi Panda! I was posting from a different computer. Now I'm back on my home computer and found my OGT Logs:

OTViewIt logfile created on: 02/10/2008 5:23:34 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = D:\My Documents\Security Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 47.73 Mb Available Physical Memory | 18.68% Memory free
616.66 Mb Paging File | 169.84 Mb Available in Paging File | 27.54% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.70 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 40.27 Gb Free Space | 73.21% Space Free | Partition Type: FAT32
Drive E: | 8.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/04/23 13:57:38 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2008/07/19 10:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/02/22 04:25:20 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
[2004/08/04 08:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
[2004/08/04 08:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/09/28 18:56:38 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfHost.exe
[2007/04/23 13:59:14 | 01,128,448 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
[2004/08/04 08:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/10/02 17:22:48 | 00,419,840 | ---- | M] (OldTimer Tools) -- D:\My Documents\Security Programs\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/04/13 20:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [Disabled | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (eb52hoouuy [Auto | Stopped])
[2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2005/10/06 18:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])
[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])

========== Driver Services ==========

[2008/07/19 10:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2008/07/19 10:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 10:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 10:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 10:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 10:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2001/08/17 09:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2 [On_Demand | Running])
[2001/08/17 08:11:44 | 00,026,698 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\DLH5XND5.sys -- (DLH5X [On_Demand | Running])
[2001/08/17 09:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback [Auto | Running])
[2001/08/17 09:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks [Auto | Running])
[2001/08/17 09:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft [On_Demand | Running])
[2001/08/17 09:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56 [Auto | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2001/08/17 09:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/08/03 18:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 09:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample [On_Demand | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2001/08/17 09:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax [Auto | Running])
[2001/08/17 09:28:10 | 00,073,279 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone [Auto | Running])
[2004/10/15 18:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer [Boot | Running])
[2001/08/17 09:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones [Auto | Running])
[2001/08/17 09:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124 [Auto | Running])
[2008/04/13 14:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp [Boot | Running])
[2002/07/24 04:30:00 | 00,032,128 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2008/04/13 14:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Boot | Running])
[2004/10/15 18:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n [Auto | Running])
[2004/10/15 18:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg4n.sys -- (wg4n [Auto | Running])
[2004/10/15 18:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg5n.sys -- (wg5n [Auto | Running])
[2004/10/15 18:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg6n.sys -- (wg6n [Auto | Running])
[2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb [On_Demand | Running])
[2004/10/15 18:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])
[2004/08/04 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [Boot | Running])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Running])
[1998/10/15 16:48:10 | 00,919,104 | ---- | M] (YAMAHA Corporation) -- C:\WINDOWS\system32\drivers\ydsxg.sys -- (ydsxg [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (263774 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
9148 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui (Sygate Technologies, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"touzen"=C:\WINDOWS\system32\zoowaf.exe File not found
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========

[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[1999/02/17 16:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
Transfer with Image Converter 2: C:\Program Files\Sony\Image Converter 2\menu.htm [2004/11/12 21:12:28 | 00,001,350 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Absolute Poker -- C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Absolute Poker -- C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{7F9DB11C-E358-4ca6-A83D-ACC663939424}: Bonjour -- C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Uninstall BitDefender Online Scanner v8 -- C:\WINDOWS\bdoscandel.exe ()
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}: UltimateBet -- C:\Program Files\UltimateBet\UltimateBet.exe (UltimateBet)
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}: UltimateBet -- C:\Program Files\UltimateBet\UltimateBet.exe (UltimateBet)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: PartyPoker.com -- C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: PartyPoker.com -- C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
gap.com\www: https in My Computer
scotiabank.com\www.scotiaonline: https in My Computer
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
30 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
30 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
gap.com\www: https in My Computer
scotiabank.com\www.scotiaonline: https in My Computer
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1153423829260 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{78466ADE-87CE-4765-B4BE-8DF4A866723E} (Servers: | Description: D-Link DL10050-based Ethernet Adapter (Generic))

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/07/20 15:14:01 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/09/30 21:50:04 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/30 21:49:48 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/30 21:49:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/30 21:46:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg6n.sys
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg5n.sys
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg4n.sys
[2008/09/24 13:49:07 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys
[2008/09/24 13:49:06 | 00,060,496 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys
[2008/09/24 13:49:06 | 00,021,075 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[2008/09/24 13:49:00 | 00,083,096 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\SSSensor.dll
[2008/09/24 13:48:45 | 00,000,000 | ---D | C] -- C:\Program Files\Sygate
[2008/09/23 13:56:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/09/23 11:29:04 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/09/23 11:28:36 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/09/19 21:04:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/19 21:04:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/18 21:40:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/18 21:23:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/18 21:23:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/18 21:23:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/18 21:23:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/18 21:17:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/18 21:02:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/18 21:02:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/09/06 20:55:51 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/09/06 20:55:47 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/06 20:55:43 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/09/06 20:55:43 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/09/06 20:55:38 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/06 20:55:36 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/09/06 20:55:33 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/06 20:55:33 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/09/06 20:55:33 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/06 20:55:27 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/09/06 20:55:26 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/06 20:55:26 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/06 20:55:15 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/06 20:55:13 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/06 20:55:09 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/06 20:55:02 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/06 20:55:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/06 20:54:55 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/06 20:54:55 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/06 20:54:55 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/06 20:54:52 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/06 20:54:51 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/06 20:54:48 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/06 20:54:48 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/06 20:54:48 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/06 20:54:45 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/09/06 20:54:40 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/06 20:54:23 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/06 20:54:19 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/06 20:54:19 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/06 20:54:19 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/06 20:54:17 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/09/06 20:54:17 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/06 20:54:16 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/09/06 20:54:16 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/06 20:54:11 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/06 20:54:11 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/06 20:53:37 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/06 20:53:36 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/06 20:53:36 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/06 20:53:36 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/06 20:53:03 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/06 20:53:02 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/06 20:52:47 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/06 20:52:40 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/06 20:52:40 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/09/06 20:52:39 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2008/09/06 20:52:36 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/06 20:52:29 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/06 20:52:26 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/06 20:52:26 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/06 20:52:26 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/06 20:52:26 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/06 20:52:26 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/06 20:52:26 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/06 20:52:26 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/06 20:52:26 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/06 20:52:20 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/06 20:52:20 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/06 20:52:20 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/06 20:52:20 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/06 20:52:20 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/06 20:52:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/06 20:52:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/06 20:52:17 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/06 20:52:17 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/06 20:52:16 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/06 20:52:11 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/06 20:52:10 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/06 20:52:00 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/09/06 20:52:00 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/06 20:52:00 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/06 20:51:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/06 20:51:58 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/06 20:51:56 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/06 20:51:47 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/06 20:51:45 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/06 20:51:45 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/09/06 20:51:42 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/09/05 17:14:03 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/02 16:54:32 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Outlook.lnk
[2008/10/02 16:39:04 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/09/30 21:50:04 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/24 13:56:48 | 09,187,328 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/09/24 13:56:46 | 04,840,448 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/09/24 13:55:43 | 00,013,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/24 13:52:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/24 13:52:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/21 13:51:59 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/19 21:04:58 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/18 21:46:10 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2008/09/18 21:45:27 | 00,409,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/18 21:45:26 | 00,481,756 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/18 21:45:26 | 00,065,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/18 21:39:15 | 00,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/18 21:36:22 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/18 21:12:41 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/12 22:46:03 | 00,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/09/12 20:41:19 | 00,263,774 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/09/12 19:59:59 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/09/12 19:40:42 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/09/11 16:20:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/09/11 16:20:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/09/10 13:08:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/09/10 13:08:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/09/09 17:15:50 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/09/09 17:15:50 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/09/09 17:15:50 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/09/04 19:04:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/09/04 19:04:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/09/04 16:12:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/09/04 16:12:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/09/03 20:12:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/09/03 20:12:18 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/09/03 16:20:36 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/09/03 16:20:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/09/02 20:02:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/09/02 20:02:58 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
< End of report >

Log # 2 :

OTViewIt Extras logfile created on: 02/10/2008 5:23:34 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = D:\My Documents\Security Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 47.73 Mb Available Physical Memory | 18.68% Memory free
616.66 Mb Paging File | 169.84 Mb Available in Paging File | 27.54% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.70 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 40.27 Gb Free Space | 73.21% Space Free | Partition Type: FAT32
Drive E: | 8.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/04/17 14:37:02 | 00,204,800 | ---- | M] (InterVideo Inc.) -- C:\Program Files\DVD7\WinDVD.exe:*:Enabled:WinDVD
[2005/10/27 18:44:40 | 03,887,104 | ---- | M] (Shareaza Development Team) -- C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza
File not found -- C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade 1.01
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
File not found -- C:\Program Files\Firefox\firefox.exe:*:Disabled:Firefox
[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}"=Sony MP4 Shared Library
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}"=HLPPDOCK
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}"=CR2
"{43E05D0C-E145-4FF4-A749-EAF822DBDCA4}"=Jetfighter V Homeland Protector
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}"=CardRd81
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{66A3B78C-3BCE-4B53-ACDE-2C812FB8285F}"=Image Converter 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{7784A172-61F1-445E-8368-601607E0DD22}"=miniMEDIA
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{90885A82-9673-49EA-AB39-AF776639C67C}"=DVD7
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}"=SFR2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{AF767F06-A1F3-11D5-AA2E-0008C760B784}"=Disney's Magic Artist Deluxe
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}"=essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}"=Bonjour
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}"=Sygate Personal Firewall
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}"=OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}"=SKIN0001
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"avast!"=avast! Antivirus
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}"=Bonjour
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 1.53
"MechWarrior 3"=MechWarrior 3
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NeroVision!UninstallKey"=Nero Digital
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey"=NeroVision Express Content
"PartyPoker"=PartyPoker
"PokerStars"=PokerStars
"RegHealer_is2"=Registry Healer 4.4.1 uninstall
"SE440BX2 WinNT audio driver copy"=SE440BX2 WinNT audio driver copy
"Shareaza_is1"=Shareaza version 2.2.1.0
"Tux Paint Stamps_is1"=Tux Paint Stamps 2005-11-25
"Tux Paint_is1"=Tux Paint 0.9.15
"Tweak UI 2.10"=Tweak UI
"UltimateBet"=UltimateBet
"Winamp"=Winamp (remove only)
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 05/06/2008 9:24:12 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 9:24:23 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 9:24:39 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 10:07:42 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 06/06/2008 7:47:56 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 06/06/2008 7:47:56 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 06/06/2008 7:48:45 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 12/08/2008 9:28:48 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3E0GEBG5\items.v85_0[1].swf
failed, 0000A413.

[ Application Events ]
Error - 15/07/2008 6:18:32 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module dhtmled.ocx, version 6.1.0.9232, fault address 0x0000bbff.

Error - 28/07/2008 12:05:13 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module mshtml.dll, version 7.0.6000.16674, fault address 0x0006770e.

Error - 17/08/2008 6:38:07 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application shareaza.exe, version 2.2.1.0, faulting module
shareaza.exe, version 2.2.1.0, fault address 0x00061e89.

Error - 23/08/2008 12:36:48 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mshtml.dll, version 7.0.6000.16705, fault address 0x000676ae.

Error - 21/09/2008 2:08:13 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 21/09/2008 2:10:37 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 21/09/2008 2:11:26 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 24/09/2008 3:27:56 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5512, fault address 0x00056165.

Error - 24/09/2008 3:28:24 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 01/10/2008 6:18:44 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.3.4.1273, faulting module
ml_pmp.dll, version 0.0.0.0, fault address 0x000087a4.

[ System Events ]
Error - 24/09/2008 1:52:45 PM | Computer Name = BOURGON | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 24/09/2008 1:52:45 PM | Computer Name = BOURGON | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 24/09/2008 1:55:02 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 24/09/2008 1:55:38 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 24/09/2008 1:55:38 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 24/09/2008 1:56:13 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 24/09/2008 1:56:13 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 24/09/2008 1:56:41 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 30/09/2008 3:50:25 PM | Computer Name = BOURGON | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 30/09/2008 6:52:41 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >

I also did a second Hijackthis scan, because I downloaded through the link in my first log the new version of Ad-aware, so here is my new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:20 PM, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153423829260
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7690 bytes


Thank you for working on my computer! I realy appreciate this.

#6 -Maverick-

-Maverick-
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 03 October 2008 - 05:07 PM

Hi Panda! I was posting from a different computer. Now I'm back on my home computer and found my OGT Logs:

OTViewIt logfile created on: 02/10/2008 5:23:34 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = D:\My Documents\Security Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 47.73 Mb Available Physical Memory | 18.68% Memory free
616.66 Mb Paging File | 169.84 Mb Available in Paging File | 27.54% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.70 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 40.27 Gb Free Space | 73.21% Space Free | Partition Type: FAT32
Drive E: | 8.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/04/23 13:57:38 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2008/07/19 10:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/02/22 04:25:20 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
[2004/08/04 08:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
[2004/08/04 08:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/09/28 18:56:38 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfHost.exe
[2007/04/23 13:59:14 | 01,128,448 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
[2004/08/04 08:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/10/02 17:22:48 | 00,419,840 | ---- | M] (OldTimer Tools) -- D:\My Documents\Security Programs\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/04/13 20:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [Disabled | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (eb52hoouuy [Auto | Stopped])
[2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2005/10/06 18:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])
[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])

========== Driver Services ==========

[2008/07/19 10:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2008/07/19 10:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 10:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 10:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 10:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 10:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2001/08/17 09:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2 [On_Demand | Running])
[2001/08/17 08:11:44 | 00,026,698 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\DLH5XND5.sys -- (DLH5X [On_Demand | Running])
[2001/08/17 09:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback [Auto | Running])
[2001/08/17 09:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks [Auto | Running])
[2001/08/17 09:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft [On_Demand | Running])
[2001/08/17 09:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56 [Auto | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2001/08/17 09:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/08/03 18:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 09:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample [On_Demand | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2001/08/17 09:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax [Auto | Running])
[2001/08/17 09:28:10 | 00,073,279 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone [Auto | Running])
[2004/10/15 18:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer [Boot | Running])
[2001/08/17 09:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones [Auto | Running])
[2001/08/17 09:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124 [Auto | Running])
[2008/04/13 14:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp [Boot | Running])
[2002/07/24 04:30:00 | 00,032,128 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2008/04/13 14:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Boot | Running])
[2004/10/15 18:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n [Auto | Running])
[2004/10/15 18:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg4n.sys -- (wg4n [Auto | Running])
[2004/10/15 18:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg5n.sys -- (wg5n [Auto | Running])
[2004/10/15 18:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg6n.sys -- (wg6n [Auto | Running])
[2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb [On_Demand | Running])
[2004/10/15 18:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])
[2004/08/04 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [Boot | Running])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Running])
[1998/10/15 16:48:10 | 00,919,104 | ---- | M] (YAMAHA Corporation) -- C:\WINDOWS\system32\drivers\ydsxg.sys -- (ydsxg [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (263774 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
9148 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui (Sygate Technologies, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"touzen"=C:\WINDOWS\system32\zoowaf.exe File not found
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========

[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[1999/02/17 16:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
Transfer with Image Converter 2: C:\Program Files\Sony\Image Converter 2\menu.htm [2004/11/12 21:12:28 | 00,001,350 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Absolute Poker -- C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Absolute Poker -- C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{7F9DB11C-E358-4ca6-A83D-ACC663939424}: Bonjour -- C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Uninstall BitDefender Online Scanner v8 -- C:\WINDOWS\bdoscandel.exe ()
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}: UltimateBet -- C:\Program Files\UltimateBet\UltimateBet.exe (UltimateBet)
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}: UltimateBet -- C:\Program Files\UltimateBet\UltimateBet.exe (UltimateBet)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: PartyPoker.com -- C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: PartyPoker.com -- C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
gap.com\www: https in My Computer
scotiabank.com\www.scotiaonline: https in My Computer
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
30 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
30 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-329068152-1993962763-1708537768-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
gap.com\www: https in My Computer
scotiabank.com\www.scotiaonline: https in My Computer
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1153423829260 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{78466ADE-87CE-4765-B4BE-8DF4A866723E} (Servers: | Description: D-Link DL10050-based Ethernet Adapter (Generic))

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/07/20 15:14:01 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/09/30 21:50:04 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/30 21:49:48 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/30 21:49:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/30 21:46:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg6n.sys
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg5n.sys
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg4n.sys
[2008/09/24 13:49:07 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys
[2008/09/24 13:49:06 | 00,060,496 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys
[2008/09/24 13:49:06 | 00,021,075 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[2008/09/24 13:49:00 | 00,083,096 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\SSSensor.dll
[2008/09/24 13:48:45 | 00,000,000 | ---D | C] -- C:\Program Files\Sygate
[2008/09/23 13:56:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/09/23 11:29:04 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/09/23 11:28:36 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/09/19 21:04:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/19 21:04:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/18 21:40:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/18 21:23:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/18 21:23:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/18 21:23:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/18 21:23:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/18 21:17:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/18 21:02:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/18 21:02:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/09/06 20:55:51 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/09/06 20:55:47 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/06 20:55:43 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/09/06 20:55:43 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/09/06 20:55:38 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/06 20:55:36 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/09/06 20:55:33 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/06 20:55:33 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/09/06 20:55:33 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/06 20:55:27 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/09/06 20:55:26 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/06 20:55:26 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/06 20:55:15 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/06 20:55:13 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/06 20:55:09 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/06 20:55:02 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/06 20:55:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/06 20:54:55 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/06 20:54:55 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/06 20:54:55 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/06 20:54:52 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/06 20:54:51 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/06 20:54:48 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/06 20:54:48 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/06 20:54:48 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/06 20:54:45 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/09/06 20:54:40 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/06 20:54:23 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/06 20:54:19 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/06 20:54:19 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/06 20:54:19 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/06 20:54:17 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/09/06 20:54:17 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/06 20:54:16 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/09/06 20:54:16 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/06 20:54:11 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/06 20:54:11 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/06 20:53:37 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/06 20:53:36 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/06 20:53:36 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/06 20:53:36 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/06 20:53:03 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/06 20:53:02 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/06 20:52:47 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/06 20:52:40 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/06 20:52:40 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/09/06 20:52:39 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2008/09/06 20:52:36 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/06 20:52:29 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/06 20:52:26 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/06 20:52:26 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/06 20:52:26 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/06 20:52:26 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/06 20:52:26 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/06 20:52:26 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/06 20:52:26 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/06 20:52:26 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/06 20:52:20 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/06 20:52:20 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/06 20:52:20 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/06 20:52:20 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/06 20:52:20 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/06 20:52:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/06 20:52:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/06 20:52:17 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/06 20:52:17 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/06 20:52:16 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/06 20:52:11 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/06 20:52:10 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/06 20:52:00 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/09/06 20:52:00 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/06 20:52:00 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/06 20:51:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/06 20:51:58 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/06 20:51:56 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/06 20:51:47 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/06 20:51:45 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/06 20:51:45 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/09/06 20:51:42 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/09/05 17:14:03 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/02 16:54:32 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Outlook.lnk
[2008/10/02 16:39:04 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/09/30 21:50:04 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/24 13:56:48 | 09,187,328 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/09/24 13:56:46 | 04,840,448 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/09/24 13:55:43 | 00,013,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/24 13:52:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/24 13:52:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/21 13:51:59 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/19 21:04:58 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/18 21:46:10 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2008/09/18 21:45:27 | 00,409,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/18 21:45:26 | 00,481,756 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/18 21:45:26 | 00,065,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/18 21:39:15 | 00,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/18 21:36:22 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/18 21:12:41 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/12 22:46:03 | 00,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/09/12 20:41:19 | 00,263,774 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/09/12 19:59:59 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/09/12 19:40:42 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/09/11 16:20:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/09/11 16:20:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/09/10 13:08:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/09/10 13:08:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/09/09 17:15:50 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/09/09 17:15:50 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/09/09 17:15:50 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/09/04 19:04:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/09/04 19:04:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/09/04 16:12:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/09/04 16:12:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/09/03 20:12:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/09/03 20:12:18 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/09/03 16:20:36 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/09/03 16:20:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/09/02 20:02:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/09/02 20:02:58 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
< End of report >

Log # 2 :

OTViewIt Extras logfile created on: 02/10/2008 5:23:34 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = D:\My Documents\Security Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 47.73 Mb Available Physical Memory | 18.68% Memory free
616.66 Mb Paging File | 169.84 Mb Available in Paging File | 27.54% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.70 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 40.27 Gb Free Space | 73.21% Space Free | Partition Type: FAT32
Drive E: | 8.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/04/17 14:37:02 | 00,204,800 | ---- | M] (InterVideo Inc.) -- C:\Program Files\DVD7\WinDVD.exe:*:Enabled:WinDVD
[2005/10/27 18:44:40 | 03,887,104 | ---- | M] (Shareaza Development Team) -- C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza
File not found -- C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade 1.01
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
File not found -- C:\Program Files\Firefox\firefox.exe:*:Disabled:Firefox
[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}"=Sony MP4 Shared Library
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}"=HLPPDOCK
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}"=CR2
"{43E05D0C-E145-4FF4-A749-EAF822DBDCA4}"=Jetfighter V Homeland Protector
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}"=CardRd81
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{66A3B78C-3BCE-4B53-ACDE-2C812FB8285F}"=Image Converter 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{7784A172-61F1-445E-8368-601607E0DD22}"=miniMEDIA
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{90885A82-9673-49EA-AB39-AF776639C67C}"=DVD7
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}"=SFR2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{AF767F06-A1F3-11D5-AA2E-0008C760B784}"=Disney's Magic Artist Deluxe
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}"=essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}"=Bonjour
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}"=Sygate Personal Firewall
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}"=OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}"=SKIN0001
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"avast!"=avast! Antivirus
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}"=Bonjour
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 1.53
"MechWarrior 3"=MechWarrior 3
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NeroVision!UninstallKey"=Nero Digital
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey"=NeroVision Express Content
"PartyPoker"=PartyPoker
"PokerStars"=PokerStars
"RegHealer_is2"=Registry Healer 4.4.1 uninstall
"SE440BX2 WinNT audio driver copy"=SE440BX2 WinNT audio driver copy
"Shareaza_is1"=Shareaza version 2.2.1.0
"Tux Paint Stamps_is1"=Tux Paint Stamps 2005-11-25
"Tux Paint_is1"=Tux Paint 0.9.15
"Tweak UI 2.10"=Tweak UI
"UltimateBet"=UltimateBet
"Winamp"=Winamp (remove only)
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 05/06/2008 9:24:12 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 9:24:23 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 9:24:39 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 10:07:42 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 06/06/2008 7:47:56 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 06/06/2008 7:47:56 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 06/06/2008 7:48:45 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 12/08/2008 9:28:48 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3E0GEBG5\items.v85_0[1].swf
failed, 0000A413.

[ Application Events ]
Error - 15/07/2008 6:18:32 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module dhtmled.ocx, version 6.1.0.9232, fault address 0x0000bbff.

Error - 28/07/2008 12:05:13 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module mshtml.dll, version 7.0.6000.16674, fault address 0x0006770e.

Error - 17/08/2008 6:38:07 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application shareaza.exe, version 2.2.1.0, faulting module
shareaza.exe, version 2.2.1.0, fault address 0x00061e89.

Error - 23/08/2008 12:36:48 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mshtml.dll, version 7.0.6000.16705, fault address 0x000676ae.

Error - 21/09/2008 2:08:13 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 21/09/2008 2:10:37 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 21/09/2008 2:11:26 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 24/09/2008 3:27:56 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5512, fault address 0x00056165.

Error - 24/09/2008 3:28:24 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 01/10/2008 6:18:44 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.3.4.1273, faulting module
ml_pmp.dll, version 0.0.0.0, fault address 0x000087a4.

[ System Events ]
Error - 24/09/2008 1:52:45 PM | Computer Name = BOURGON | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 24/09/2008 1:52:45 PM | Computer Name = BOURGON | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 24/09/2008 1:55:02 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 24/09/2008 1:55:38 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 24/09/2008 1:55:38 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 24/09/2008 1:56:13 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 24/09/2008 1:56:13 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 24/09/2008 1:56:41 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 30/09/2008 3:50:25 PM | Computer Name = BOURGON | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 30/09/2008 6:52:41 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >

I also did a second Hijackthis scan, because I downloaded through the link in my first log the new version of Ad-aware, so here is my new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:20 PM, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153423829260
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7690 bytes


Thank you for working on my computer! I realy appreciate this.

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 04 October 2008 - 08:56 AM

Hello -maverick-.

I'm not seeing much in your logs. Could you please describe in more detail the problems you are having? Can you tell me what messages Avast! spits out exactly?

I see that you have some poker game programs installed. You should know that some are bundled with adware, though the ones you have are probably safe.

Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "touzen"=-
    
    :services
    eb52hoouuy
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.



Please post back with:
-the OTMoveIt log
-the Kaspersky log
-a new OTViewIt log (only OTViewIt.exe will appear this time)
-a detailed description of your problems

With Regards,
The Panda

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 06 October 2008 - 10:48 AM

Hello -maverick-.

Do you still need help?

With Regards,
The Panda

#9 -Maverick-

-Maverick-
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 06 October 2008 - 06:31 PM

Hi Panda!

I do still need HELP, I'm sorry i haven't been on but I had a family responsibilities that I had to take care of. Anyways I did the Kaspersky scan it did not give me a report, it did not find anything. Here is my new OTview log:

OTViewIt logfile created on: 06/10/2008 6:01:28 PM - Run 2
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 73.16 Mb Available Physical Memory | 28.63% Memory free
689.66 Mb Paging File | 158.73 Mb Available in Paging File | 23.02% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.77 Gb Free Space | 50.04% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 40.27 Gb Free Space | 73.21% Space Free | Partition Type: FAT32
Drive E: | 8.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/04/13 20:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
[2008/04/13 20:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
[2008/04/13 20:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 20:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008/04/13 20:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2007/04/23 13:57:38 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2008/07/19 10:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/04/13 20:12:16 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[2008/04/13 20:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/10/04 18:35:07 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Owner\Local Settings\Temp\jkos-Owner\binaries\ScanningProcess.exe
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
[2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/10/06 18:00:39 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Alerter [Disabled | Stopped])
[2008/04/13 20:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe -- (ALG [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AppMgmt [Disabled | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AudioSrv [Auto | Running])
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (BITS [On_Demand | Running])
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Browser [Auto | Stopped])
[2008/04/13 20:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [Disabled | Stopped])
[2008/04/13 20:12:14 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv [Disabled | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/04/13 20:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (CryptSvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (DcomLaunch [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dhcp [Auto | Running])
[2008/04/13 20:12:17 | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (dmserver [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dnscache [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dot3svc [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (EapHost [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ERSvc [Disabled | Stopped])
[2008/04/13 20:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (Eventlog [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (EventSystem [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (FastUserSwitchingCompatibility [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (helpsvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (HidServ [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (hkmsvc [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (HTTPFilter [On_Demand | Stopped])
[2008/04/13 20:12:22 | 00,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imapi.exe -- (ImapiService [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanserver [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanworkstation [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (LmHosts [Disabled | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Messenger [Disabled | Stopped])
[2008/04/13 20:12:25 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc [On_Demand | Stopped])
[2008/04/13 20:12:27 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC [On_Demand | Stopped])
[2008/04/13 20:12:28 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (napagent [On_Demand | Stopped])
[2008/04/13 20:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDE [Disabled | Stopped])
[2008/04/13 20:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm [Disabled | Stopped])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (Netlogon [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Netman [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Nla [On_Demand | Running])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (NtmsSvc [On_Demand | Stopped])
[2008/04/13 20:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (PlugPlay [Auto | Running])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent [Auto | Running])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasAuto [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasMan [On_Demand | Running])
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RemoteAccess [Disabled | Stopped])
[2008/04/13 20:12:24 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\locator.exe -- (RpcLocator [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RpcSs [Auto | Running])
[2004/08/04 08:00:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvp.exe -- (RSVP [On_Demand | Stopped])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (SamSs [Auto | Running])
[2008/04/13 20:12:33 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Schedule [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (seclogon [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SENS [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SharedAccess [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ShellHWDetection [Auto | Running])
[2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService [Auto | Running])
[2008/04/13 20:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (srservice [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SSDPSRV [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (stisvc [Auto | Running])
[2008/04/13 20:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (SwPrv [On_Demand | Stopped])
[2008/04/13 20:12:35 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TapiSrv [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TermService [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Themes [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TrkWks [Disabled | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (upnphost [On_Demand | Stopped])
[2008/04/13 20:12:38 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ups.exe -- (UPS [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/04/13 20:12:38 | 00,289,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssvc.exe -- (VSS [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (W32Time [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WebClient [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (winmgmt [Auto | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2005/10/06 18:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WmdmPmSN [On_Demand | Stopped])
[2008/04/13 20:12:40 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wscsvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wuauserv [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WudfSvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WZCSVC [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (xmlprov [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/19 10:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2008/04/13 14:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI [Boot | Running])
[2004/08/04 08:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC [Disabled | Stopped])
[2008/04/13 12:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys -- (aec [On_Demand | Stopped])
[2008/06/20 07:40:08 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD [System | Running])
[2008/07/19 10:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 10:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 10:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 10:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 10:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2008/04/13 14:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac [On_Demand | Stopped])
[2008/04/13 14:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2008/04/13 14:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc [On_Demand | Stopped])
[2001/08/17 09:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub [On_Demand | Running])
[2001/08/17 09:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2 [On_Demand | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
[2004/08/04 08:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio [System | Stopped])
[2008/04/13 15:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs [Disabled | Running])
[2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom [System | Running])
[2008/04/13 14:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk [Boot | Running])
[2001/08/17 08:11:44 | 00,026,698 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\DLH5XND5.sys -- (DLH5X [On_Demand | Running])
[2008/04/13 14:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot [Disabled | Stopped])
[2008/04/13 14:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload [Disabled | Stopped])
[2008/04/13 14:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic [On_Demand | Stopped])
[2008/04/13 14:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud [On_Demand | Stopped])
[2001/08/17 09:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback [Auto | Running])
[2008/04/13 15:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat [Disabled | Running])
[2008/04/13 14:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc [On_Demand | Running])
[2008/04/13 14:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips [System | Running])
[2008/04/13 14:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk [On_Demand | Running])
[2008/04/13 14:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr [Boot | Running])
[2001/08/17 09:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks [Auto | Running])
[2004/08/04 08:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk [Boot | Running])
[2008/04/13 14:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc [On_Demand | Running])
[2008/04/13 14:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb [On_Demand | Running])
[2001/08/17 09:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft [On_Demand | Running])
[2008/04/13 14:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP [On_Demand | Running])
[2008/04/13 15:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt [System | Running])
[2008/04/13 14:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi [System | Running])
[2008/04/13 14:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver [On_Demand | Stopped])
[2008/04/13 14:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp [On_Demand | Stopped])
[2008/04/13 14:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat [On_Demand | Running])
[2008/04/13 15:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec [System | Running])
[2008/04/13 14:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM [On_Demand | Stopped])
[2008/04/13 14:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp [Boot | Running])
[2001/08/17 09:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56 [Auto | Running])
[2008/04/13 14:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass [System | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/04/13 14:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer [On_Demand | Stopped])
[2008/04/13 14:31:43 | 00,092,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD [Boot | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd [System | Running])
[2008/04/13 15:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem [On_Demand | Running])
[2001/08/17 09:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008/04/13 14:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass [System | Running])
[2004/08/04 08:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid [On_Demand | Running])
[2008/04/13 14:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr [Boot | Running])
[2008/04/13 14:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV [On_Demand | Running])
[2008/04/13 15:17:01 | 00,456,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb [System | Running])
[2008/04/13 14:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs [System | Running])
[2008/04/13 14:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV [On_Demand | Stopped])
[2008/04/13 14:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK [On_Demand | Stopped])
[2008/04/13 14:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM [On_Demand | Stopped])
[2008/04/13 14:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios [On_Demand | Running])
[2008/04/13 15:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup [Boot | Running])
[2008/04/13 15:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
[2008/04/13 14:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi [On_Demand | Running])
[2008/04/13 14:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio [On_Demand | Running])
[2008/04/13 15:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan [On_Demand | Running])
[2008/04/13 14:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy [On_Demand | Running])
[2008/04/13 14:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS [System | Running])
[2008/04/13 15:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT [System | Running])
[2008/04/13 14:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs [System | Running])
[2008/04/13 15:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
[2004/08/04 08:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
[2004/08/03 18:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 08:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
[2008/04/13 14:31:31 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys -- (P3 [System | Running])
[2008/04/13 14:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport [On_Demand | Running])
[2008/04/13 14:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr [Boot | Running])
[2004/08/04 08:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm [Auto | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2008/04/13 14:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI [Boot | Running])
[2008/04/13 14:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia [Disabled | Stopped])
[2008/04/13 15:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport [On_Demand | Running])
[2008/04/13 14:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched [On_Demand | Running])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 08:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd [System | Running])
[2008/04/13 15:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp [On_Demand | Running])
[2008/04/13 14:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe [On_Demand | Running])
[2004/08/04 08:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti [On_Demand | Running])
[2008/04/13 15:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss [System | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD [System | Running])
[2008/04/13 20:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD [On_Demand | Stopped])
[2008/04/13 14:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook [System | Running])
[2001/08/17 09:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample [On_Demand | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/04/13 14:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum [On_Demand | Running])
[2008/04/13 15:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial [System | Running])
[2008/04/13 14:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy [System | Stopped])
[2001/08/17 09:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax [Auto | Running])
[2001/08/17 09:28:10 | 00,073,279 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone [Auto | Running])
[2008/04/13 14:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter [On_Demand | Stopped])
[2008/04/13 14:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys -- (sr [Boot | Running])
[2008/04/13 15:15:11 | 00,334,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv [On_Demand | Running])
[2008/04/13 14:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum [On_Demand | Running])
[2008/04/13 14:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi [On_Demand | Stopped])
[2008/04/13 15:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio [On_Demand | Stopped])
[2008/06/20 07:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip [System | Running])
[2008/04/13 20:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE [On_Demand | Stopped])
[2008/04/13 20:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP [On_Demand | Stopped])
[2004/10/15 18:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer [Boot | Running])
[2008/04/13 20:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD [System | Running])
[2001/08/17 09:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones [Auto | Running])
[2008/04/13 14:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs [Disabled | Stopped])
[2008/04/13 14:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys -- (Update [On_Demand | Running])
[2008/04/13 14:45:39 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp [On_Demand | Running])
[2008/04/13 14:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub [On_Demand | Running])
[2008/04/13 14:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan [On_Demand | Stopped])
[2008/04/13 14:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR [On_Demand | Stopped])
[2008/04/13 14:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci [On_Demand | Running])
[2001/08/17 09:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124 [Auto | Running])
[2008/04/13 14:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys -- (VgaSave [System | Running])
[2008/04/13 14:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp [Boot | Running])
[2002/07/24 04:30:00 | 00,032,128 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2008/04/13 14:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Boot | Running])
[2008/04/13 14:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap [Boot | Running])
[2008/04/13 14:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp [On_Demand | Running])
[2008/04/13 15:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud [On_Demand | Stopped])
[2004/10/15 18:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n [Auto | Running])
[2004/10/15 18:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg4n.sys -- (wg4n [Auto | Running])
[2004/10/15 18:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg5n.sys -- (wg5n [Auto | Running])
[2004/10/15 18:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg6n.sys -- (wg6n [Auto | Running])
[2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
[2004/10/15 18:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])
[2004/08/04 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [Boot | Running])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[1998/10/15 16:48:10 | 00,919,104 | ---- | M] (YAMAHA Corporation) -- C:\WINDOWS\system32\drivers\ydsxg.sys -- (ydsxg [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (263774 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
9148 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui (Sygate Technologies, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========

[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[1999/02/17 16:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
Transfer with Image Converter 2: C:\Program Files\Sony\Image Converter 2\menu.htm [2004/11/12 21:12:28 | 00,001,350 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Button: Absolute Poker -- %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Menu: Absolute Poker -- %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{7F9DB11C-E358-4ca6-A83D-ACC663939424}: Button: Bonjour -- %ProgramFiles%\Bonjour\ExplorerPlugin.dll [2005/11/28 13:11:26 | 00,454,656 | ---- | M] (Apple Computer, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}: Button: UltimateBet -- %ProgramFiles%\UltimateBet\UltimateBet.exe [2008/01/16 11:45:46 | 03,667,272 | ---- | M] (UltimateBet)
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}: Menu: UltimateBet -- %ProgramFiles%\UltimateBet\UltimateBet.exe [2008/01/16 11:45:46 | 03,667,272 | ---- | M] (UltimateBet)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 12:22:06 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 12:22:06 | 00,110,592 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/30 14:45:34 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKLM] -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 13:11:26 | 00,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} [HKLM] -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> [2008/01/16 11:45:46 | 03,667,272 | ---- | M] (UltimateBet)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/07/21 12:22:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
gap.com\www: https in My Computer
scotiabank.com\www.scotiaonline: https in My Computer
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1153423829260 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{78466ADE-87CE-4765-B4BE-8DF4A866723E} (Servers: | Description: D-Link DL10050-based Ethernet Adapter (Generic))

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>[2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

"UserInit"=C:\WINDOWS\system32\userinit.exe,
>[2008/04/13 20:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe

"UIHost"=logonui.exe
>[2008/04/13 20:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe

"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>[2008/04/13 20:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
>[2008/04/13 20:12:41 | 00,300,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sysdm.cpl


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>[2008/04/13 20:11:58 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msapsspc.dll
>[2008/04/13 20:12:05 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
>[2008/04/13 20:11:52 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\digest.dll
>[2008/04/13 20:12:00 | 00,290,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msnsspc.dll

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,
>[2008/04/13 20:12:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,
>[2008/04/13 20:11:56 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kerberos.dll
>[2008/04/13 20:12:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll
>[2008/04/13 20:12:05 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
>[2008/04/13 20:12:08 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdigest.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/07/20 15:14:01 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/06 18:00:09 | 00,416,768 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/04 18:22:01 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2008/10/04 18:17:22 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/04 18:16:16 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/09/30 21:50:04 | 00,000,811 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ad-Aware.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/30 21:49:48 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/30 21:49:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/30 21:46:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg6n.sys
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg5n.sys
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg4n.sys
[2008/09/24 13:49:07 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys
[2008/09/24 13:49:06 | 00,060,496 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys
[2008/09/24 13:49:06 | 00,021,075 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[2008/09/24 13:49:00 | 00,083,096 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\SSSensor.dll
[2008/09/24 13:48:45 | 00,000,000 | ---D | C] -- C:\Program Files\Sygate
[2008/09/23 13:56:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/09/23 11:29:04 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/09/23 11:28:36 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/09/19 21:04:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/19 21:04:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/18 21:40:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/18 21:23:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/18 21:23:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/18 21:23:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/18 21:23:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/18 21:17:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/18 21:02:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/18 21:02:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/09/06 20:55:51 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/09/06 20:55:47 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/06 20:55:43 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/09/06 20:55:43 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/09/06 20:55:39 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2008/09/06 20:55:39 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2008/09/06 20:55:38 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/06 20:55:38 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2008/09/06 20:55:38 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2008/09/06 20:55:38 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2008/09/06 20:55:38 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2008/09/06 20:55:36 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/09/06 20:55:35 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2008/09/06 20:55:33 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/06 20:55:33 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/09/06 20:55:33 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/06 20:55:27 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/09/06 20:55:26 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/06 20:55:26 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/06 20:55:15 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/06 20:55:13 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/06 20:55:09 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2008/09/06 20:55:09 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2008/09/06 20:55:09 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2008/09/06 20:55:09 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2008/09/06 20:55:09 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2008/09/06 20:55:09 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2008/09/06 20:55:09 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2008/09/06 20:55:09 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/06 20:55:08 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2008/09/06 20:55:08 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2008/09/06 20:55:08 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2008/09/06 20:55:08 | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2008/09/06 20:55:08 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2008/09/06 20:55:02 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/06 20:55:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/06 20:54:57 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2008/09/06 20:54:57 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2008/09/06 20:54:55 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/06 20:54:55 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/06 20:54:55 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/06 20:54:53 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2008/09/06 20:54:52 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/06 20:54:51 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/06 20:54:48 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/06 20:54:48 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/06 20:54:48 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/06 20:54:45 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/09/06 20:54:40 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/06 20:54:31 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2008/09/06 20:54:23 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/06 20:54:19 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/06 20:54:19 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/06 20:54:19 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/06 20:54:19 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2008/09/06 20:54:18 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2008/09/06 20:54:18 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2008/09/06 20:54:17 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2008/09/06 20:54:17 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2008/09/06 20:54:17 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/09/06 20:54:17 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/06 20:54:16 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/09/06 20:54:16 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/06 20:54:11 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/06 20:54:11 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/06 20:53:37 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/06 20:53:36 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/06 20:53:36 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/06 20:53:36 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/06 20:53:31 | 00,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2008/09/06 20:53:31 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2008/09/06 20:53:03 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/06 20:53:02 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/06 20:52:47 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/06 20:52:41 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2008/09/06 20:52:41 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2008/09/06 20:52:41 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2008/09/06 20:52:41 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2008/09/06 20:52:40 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/06 20:52:40 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/09/06 20:52:39 | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2008/09/06 20:52:39 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2008/09/06 20:52:36 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/06 20:52:29 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/06 20:52:26 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/06 20:52:26 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/06 20:52:26 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/06 20:52:26 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/06 20:52:26 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/06 20:52:26 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/06 20:52:26 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/06 20:52:26 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/06 20:52:20 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/06 20:52:20 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/06 20:52:20 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/06 20:52:20 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/06 20:52:20 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/06 20:52:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/06 20:52:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/06 20:52:17 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/06 20:52:17 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/06 20:52:16 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/06 20:52:11 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/06 20:52:10 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/06 20:52:03 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2008/09/06 20:52:00 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2008/09/06 20:52:00 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/09/06 20:52:00 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2008/09/06 20:52:00 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/06 20:52:00 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/06 20:51:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/06 20:51:58 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/06 20:51:57 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2008/09/06 20:51:57 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2008/09/06 20:51:57 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2008/09/06 20:51:57 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2008/09/06 20:51:57 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2008/09/06 20:51:56 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2008/09/06 20:51:56 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2008/09/06 20:51:56 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2008/09/06 20:51:56 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/06 20:51:56 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2008/09/06 20:51:56 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2008/09/06 20:51:56 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2008/09/06 20:51:56 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2008/09/06 20:51:56 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2008/09/06 20:51:56 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2008/09/06 20:51:56 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2008/09/06 20:51:56 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2008/09/06 20:51:56 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2008/09/06 20:51:55 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2008/09/06 20:51:55 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2008/09/06 20:51:55 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2008/09/06 20:51:54 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2008/09/06 20:51:54 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2008/09/06 20:51:54 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2008/09/06 20:51:54 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2008/09/06 20:51:54 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2008/09/06 20:51:53 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2008/09/06 20:51:53 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2008/09/06 20:51:53 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2008/09/06 20:51:53 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2008/09/06 20:51:53 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2008/09/06 20:51:53 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2008/09/06 20:51:53 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2008/09/06 20:51:53 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2008/09/06 20:51:53 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2008/09/06 20:51:53 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2008/09/06 20:51:53 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2008/09/06 20:51:47 | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2008/09/06 20:51:47 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/06 20:51:45 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/06 20:51:45 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/09/06 20:51:44 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2008/09/06 20:51:44 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2008/09/06 20:51:44 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2008/09/06 20:51:44 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2008/09/06 20:51:44 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2008/09/06 20:51:44 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2008/09/06 20:51:44 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2008/09/06 20:51:42 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/06 18:00:39 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/06 17:39:01 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/04 18:22:09 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2008/10/04 18:16:38 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/10/03 17:47:18 | 09,187,328 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/10/03 17:47:18 | 04,840,448 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/10/03 17:46:37 | 00,013,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/03 17:44:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/03 17:43:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/02 19:22:29 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Outlook.lnk
[2008/09/30 21:50:04 | 00,000,811 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ad-Aware.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/21 13:51:59 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/19 21:04:58 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/18 21:46:10 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2008/09/18 21:45:27 | 00,409,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/18 21:45:26 | 00,481,756 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/18 21:45:26 | 00,065,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/18 21:39:15 | 00,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/18 21:36:22 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/18 21:12:41 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/12 22:46:03 | 00,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/09/12 20:41:19 | 00,263,774 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/09/12 19:59:59 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/09/12 19:40:42 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/09/11 16:20:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/09/11 16:20:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/09/10 13:08:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/09/10 13:08:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/09/09 17:15:50 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/09/09 17:15:50 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/09/09 17:15:50 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
< End of report >

OTViewIt Extras logfile created on: 06/10/2008 6:01:28 PM - Run 2
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 73.16 Mb Available Physical Memory | 28.63% Memory free
689.66 Mb Paging File | 158.73 Mb Available in Paging File | 23.02% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.77 Gb Free Space | 50.04% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 40.27 Gb Free Space | 73.21% Space Free | Partition Type: FAT32
Drive E: | 8.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/04/17 14:37:02 | 00,204,800 | ---- | M] (InterVideo Inc.) -- C:\Program Files\DVD7\WinDVD.exe:*:Enabled:WinDVD
[2005/10/27 18:44:40 | 03,887,104 | ---- | M] (Shareaza Development Team) -- C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza
File not found -- C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade 1.01
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
File not found -- C:\Program Files\Firefox\firefox.exe:*:Disabled:Firefox
[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -- C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])
[2008/04/13 20:12:01 | 01,428,992 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll http\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll http\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll https\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll https\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
ipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:55 | 00,138,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])
[2008/04/11 15:04:26 | 00,691,712 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])
msdaipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2008/04/13 20:11:55 | 00,138,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[2008/04/13 20:12:01 | 01,428,992 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[2008/04/13 20:12:08 | 00,075,776 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (HKLM) [AP Class Install Handler filter]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2008/04/13 20:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}"=Sony MP4 Shared Library
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}"=HLPPDOCK
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}"=CR2
"{43E05D0C-E145-4FF4-A749-EAF822DBDCA4}"=Jetfighter V Homeland Protector
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}"=CardRd81
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{66A3B78C-3BCE-4B53-ACDE-2C812FB8285F}"=Image Converter 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{7784A172-61F1-445E-8368-601607E0DD22}"=miniMEDIA
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{90885A82-9673-49EA-AB39-AF776639C67C}"=DVD7
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}"=SFR2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{AF767F06-A1F3-11D5-AA2E-0008C760B784}"=Disney's Magic Artist Deluxe
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}"=essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}"=Bonjour
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}"=Sygate Personal Firewall
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}"=OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}"=SKIN0001
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"avast!"=avast! Antivirus
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}"=Bonjour
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 1.53
"MechWarrior 3"=MechWarrior 3
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NeroVision!UninstallKey"=Nero Digital
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey"=NeroVision Express Content
"PartyPoker"=PartyPoker
"PokerStars"=PokerStars
"RegHealer_is2"=Registry Healer 4.4.1 uninstall
"SE440BX2 WinNT audio driver copy"=SE440BX2 WinNT audio driver copy
"Shareaza_is1"=Shareaza version 2.2.1.0
"Tux Paint Stamps_is1"=Tux Paint Stamps 2005-11-25
"Tux Paint_is1"=Tux Paint 0.9.15
"Tweak UI 2.10"=Tweak UI
"UltimateBet"=UltimateBet
"Winamp"=Winamp (remove only)
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 05/06/2008 9:24:12 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 9:24:23 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 9:24:39 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 10:07:42 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 06/06/2008 7:47:56 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 06/06/2008 7:47:56 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 06/06/2008 7:48:45 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 12/08/2008 9:28:48 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3E0GEBG5\items.v85_0[1].swf
failed, 0000A413.

[ Application Events ]
Error - 15/07/2008 6:18:32 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module dhtmled.ocx, version 6.1.0.9232, fault address 0x0000bbff.

Error - 28/07/2008 12:05:13 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module mshtml.dll, version 7.0.6000.16674, fault address 0x0006770e.

Error - 17/08/2008 6:38:07 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application shareaza.exe, version 2.2.1.0, faulting module
shareaza.exe, version 2.2.1.0, fault address 0x00061e89.

Error - 23/08/2008 12:36:48 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mshtml.dll, version 7.0.6000.16705, fault address 0x000676ae.

Error - 21/09/2008 2:08:13 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 21/09/2008 2:10:37 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 21/09/2008 2:11:26 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 24/09/2008 3:27:56 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5512, fault address 0x00056165.

Error - 24/09/2008 3:28:24 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 01/10/2008 6:18:44 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.3.4.1273, faulting module
ml_pmp.dll, version 0.0.0.0, fault address 0x000087a4.

[ System Events ]
Error - 24/09/2008 1:55:38 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 24/09/2008 1:56:13 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 24/09/2008 1:56:13 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 24/09/2008 1:56:41 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 30/09/2008 3:50:25 PM | Computer Name = BOURGON | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 30/09/2008 6:52:41 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 03/10/2008 5:43:36 PM | Computer Name = BOURGON | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 03/10/2008 5:43:36 PM | Computer Name = BOURGON | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 03/10/2008 5:46:06 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 03/10/2008 5:56:25 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >

I also tried to do a Avast Scan and it kept telling me the following message:

C:\System Volume Information.restore{77C7AA5F-684E-4787-BD08
Win32: Trojan-gen{other}
Virus/WORM
VPS: 01006-0,06/10/2008

Does this mean my computer is still not safe to use connected to the internet? I did my best to follow your instructions.

Thanks alot for helping me!

Hi Panda!

I do still need HELP, I'm sorry i haven't been on but I had a family responsibilities that I had to take care of. Anyways I did the Kaspersky scan it did not give me a report, it did not find anything. Here is my new OTview log:

OTViewIt logfile created on: 06/10/2008 6:01:28 PM - Run 2
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 73.16 Mb Available Physical Memory | 28.63% Memory free
689.66 Mb Paging File | 158.73 Mb Available in Paging File | 23.02% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.77 Gb Free Space | 50.04% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 40.27 Gb Free Space | 73.21% Space Free | Partition Type: FAT32
Drive E: | 8.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/04/13 20:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
[2008/04/13 20:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
[2008/04/13 20:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 20:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008/04/13 20:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2007/04/23 13:57:38 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2008/07/19 10:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/04/13 20:12:16 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[2008/04/13 20:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/10/04 18:35:07 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Owner\Local Settings\Temp\jkos-Owner\binaries\ScanningProcess.exe
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
[2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/10/06 18:00:39 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Alerter [Disabled | Stopped])
[2008/04/13 20:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe -- (ALG [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AppMgmt [Disabled | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AudioSrv [Auto | Running])
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (BITS [On_Demand | Running])
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Browser [Auto | Stopped])
[2008/04/13 20:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [Disabled | Stopped])
[2008/04/13 20:12:14 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv [Disabled | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/04/13 20:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (CryptSvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (DcomLaunch [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dhcp [Auto | Running])
[2008/04/13 20:12:17 | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (dmserver [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dnscache [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dot3svc [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (EapHost [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ERSvc [Disabled | Stopped])
[2008/04/13 20:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (Eventlog [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (EventSystem [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (FastUserSwitchingCompatibility [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (helpsvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (HidServ [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (hkmsvc [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (HTTPFilter [On_Demand | Stopped])
[2008/04/13 20:12:22 | 00,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imapi.exe -- (ImapiService [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanserver [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanworkstation [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (LmHosts [Disabled | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Messenger [Disabled | Stopped])
[2008/04/13 20:12:25 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc [On_Demand | Stopped])
[2008/04/13 20:12:27 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC [On_Demand | Stopped])
[2008/04/13 20:12:28 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (napagent [On_Demand | Stopped])
[2008/04/13 20:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDE [Disabled | Stopped])
[2008/04/13 20:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm [Disabled | Stopped])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (Netlogon [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Netman [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Nla [On_Demand | Running])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (NtmsSvc [On_Demand | Stopped])
[2008/04/13 20:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (PlugPlay [Auto | Running])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent [Auto | Running])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasAuto [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasMan [On_Demand | Running])
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RemoteAccess [Disabled | Stopped])
[2008/04/13 20:12:24 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\locator.exe -- (RpcLocator [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RpcSs [Auto | Running])
[2004/08/04 08:00:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvp.exe -- (RSVP [On_Demand | Stopped])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (SamSs [Auto | Running])
[2008/04/13 20:12:33 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Schedule [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (seclogon [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SENS [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SharedAccess [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ShellHWDetection [Auto | Running])
[2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService [Auto | Running])
[2008/04/13 20:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (srservice [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SSDPSRV [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (stisvc [Auto | Running])
[2008/04/13 20:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (SwPrv [On_Demand | Stopped])
[2008/04/13 20:12:35 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TapiSrv [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TermService [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Themes [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TrkWks [Disabled | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (upnphost [On_Demand | Stopped])
[2008/04/13 20:12:38 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ups.exe -- (UPS [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/04/13 20:12:38 | 00,289,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssvc.exe -- (VSS [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (W32Time [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WebClient [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (winmgmt [Auto | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2005/10/06 18:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WmdmPmSN [On_Demand | Stopped])
[2008/04/13 20:12:40 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wscsvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wuauserv [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WudfSvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WZCSVC [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (xmlprov [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/19 10:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2008/04/13 14:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI [Boot | Running])
[2004/08/04 08:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC [Disabled | Stopped])
[2008/04/13 12:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys -- (aec [On_Demand | Stopped])
[2008/06/20 07:40:08 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD [System | Running])
[2008/07/19 10:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 10:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 10:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 10:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 10:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2008/04/13 14:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac [On_Demand | Stopped])
[2008/04/13 14:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2008/04/13 14:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc [On_Demand | Stopped])
[2001/08/17 09:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub [On_Demand | Running])
[2001/08/17 09:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2 [On_Demand | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
[2004/08/04 08:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio [System | Stopped])
[2008/04/13 15:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs [Disabled | Running])
[2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom [System | Running])
[2008/04/13 14:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk [Boot | Running])
[2001/08/17 08:11:44 | 00,026,698 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\DLH5XND5.sys -- (DLH5X [On_Demand | Running])
[2008/04/13 14:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot [Disabled | Stopped])
[2008/04/13 14:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload [Disabled | Stopped])
[2008/04/13 14:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic [On_Demand | Stopped])
[2008/04/13 14:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud [On_Demand | Stopped])
[2001/08/17 09:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback [Auto | Running])
[2008/04/13 15:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat [Disabled | Running])
[2008/04/13 14:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc [On_Demand | Running])
[2008/04/13 14:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips [System | Running])
[2008/04/13 14:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk [On_Demand | Running])
[2008/04/13 14:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr [Boot | Running])
[2001/08/17 09:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks [Auto | Running])
[2004/08/04 08:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk [Boot | Running])
[2008/04/13 14:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc [On_Demand | Running])
[2008/04/13 14:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb [On_Demand | Running])
[2001/08/17 09:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft [On_Demand | Running])
[2008/04/13 14:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP [On_Demand | Running])
[2008/04/13 15:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt [System | Running])
[2008/04/13 14:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi [System | Running])
[2008/04/13 14:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver [On_Demand | Stopped])
[2008/04/13 14:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp [On_Demand | Stopped])
[2008/04/13 14:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat [On_Demand | Running])
[2008/04/13 15:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec [System | Running])
[2008/04/13 14:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM [On_Demand | Stopped])
[2008/04/13 14:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp [Boot | Running])
[2001/08/17 09:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56 [Auto | Running])
[2008/04/13 14:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass [System | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/04/13 14:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer [On_Demand | Stopped])
[2008/04/13 14:31:43 | 00,092,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD [Boot | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd [System | Running])
[2008/04/13 15:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem [On_Demand | Running])
[2001/08/17 09:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008/04/13 14:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass [System | Running])
[2004/08/04 08:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid [On_Demand | Running])
[2008/04/13 14:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr [Boot | Running])
[2008/04/13 14:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV [On_Demand | Running])
[2008/04/13 15:17:01 | 00,456,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb [System | Running])
[2008/04/13 14:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs [System | Running])
[2008/04/13 14:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV [On_Demand | Stopped])
[2008/04/13 14:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK [On_Demand | Stopped])
[2008/04/13 14:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM [On_Demand | Stopped])
[2008/04/13 14:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios [On_Demand | Running])
[2008/04/13 15:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup [Boot | Running])
[2008/04/13 15:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
[2008/04/13 14:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi [On_Demand | Running])
[2008/04/13 14:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio [On_Demand | Running])
[2008/04/13 15:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan [On_Demand | Running])
[2008/04/13 14:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy [On_Demand | Running])
[2008/04/13 14:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS [System | Running])
[2008/04/13 15:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT [System | Running])
[2008/04/13 14:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs [System | Running])
[2008/04/13 15:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
[2004/08/04 08:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
[2004/08/03 18:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 08:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
[2008/04/13 14:31:31 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys -- (P3 [System | Running])
[2008/04/13 14:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport [On_Demand | Running])
[2008/04/13 14:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr [Boot | Running])
[2004/08/04 08:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm [Auto | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2008/04/13 14:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI [Boot | Running])
[2008/04/13 14:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia [Disabled | Stopped])
[2008/04/13 15:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport [On_Demand | Running])
[2008/04/13 14:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched [On_Demand | Running])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 08:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd [System | Running])
[2008/04/13 15:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp [On_Demand | Running])
[2008/04/13 14:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe [On_Demand | Running])
[2004/08/04 08:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti [On_Demand | Running])
[2008/04/13 15:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss [System | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD [System | Running])
[2008/04/13 20:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD [On_Demand | Stopped])
[2008/04/13 14:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook [System | Running])
[2001/08/17 09:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample [On_Demand | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/04/13 14:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum [On_Demand | Running])
[2008/04/13 15:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial [System | Running])
[2008/04/13 14:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy [System | Stopped])
[2001/08/17 09:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax [Auto | Running])
[2001/08/17 09:28:10 | 00,073,279 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone [Auto | Running])
[2008/04/13 14:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter [On_Demand | Stopped])
[2008/04/13 14:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys -- (sr [Boot | Running])
[2008/04/13 15:15:11 | 00,334,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv [On_Demand | Running])
[2008/04/13 14:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum [On_Demand | Running])
[2008/04/13 14:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi [On_Demand | Stopped])
[2008/04/13 15:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio [On_Demand | Stopped])
[2008/06/20 07:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip [System | Running])
[2008/04/13 20:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE [On_Demand | Stopped])
[2008/04/13 20:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP [On_Demand | Stopped])
[2004/10/15 18:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer [Boot | Running])
[2008/04/13 20:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD [System | Running])
[2001/08/17 09:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones [Auto | Running])
[2008/04/13 14:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs [Disabled | Stopped])
[2008/04/13 14:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys -- (Update [On_Demand | Running])
[2008/04/13 14:45:39 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp [On_Demand | Running])
[2008/04/13 14:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub [On_Demand | Running])
[2008/04/13 14:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan [On_Demand | Stopped])
[2008/04/13 14:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR [On_Demand | Stopped])
[2008/04/13 14:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci [On_Demand | Running])
[2001/08/17 09:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124 [Auto | Running])
[2008/04/13 14:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys -- (VgaSave [System | Running])
[2008/04/13 14:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp [Boot | Running])
[2002/07/24 04:30:00 | 00,032,128 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2008/04/13 14:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Boot | Running])
[2008/04/13 14:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap [Boot | Running])
[2008/04/13 14:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp [On_Demand | Running])
[2008/04/13 15:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud [On_Demand | Stopped])
[2004/10/15 18:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n [Auto | Running])
[2004/10/15 18:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg4n.sys -- (wg4n [Auto | Running])
[2004/10/15 18:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg5n.sys -- (wg5n [Auto | Running])
[2004/10/15 18:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg6n.sys -- (wg6n [Auto | Running])
[2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
[2004/10/15 18:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])
[2004/08/04 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [Boot | Running])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[1998/10/15 16:48:10 | 00,919,104 | ---- | M] (YAMAHA Corporation) -- C:\WINDOWS\system32\drivers\ydsxg.sys -- (ydsxg [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (263774 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
9148 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui (Sygate Technologies, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========

[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[1999/02/17 16:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
Transfer with Image Converter 2: C:\Program Files\Sony\Image Converter 2\menu.htm [2004/11/12 21:12:28 | 00,001,350 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Button: Absolute Poker -- %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Menu: Absolute Poker -- %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{7F9DB11C-E358-4ca6-A83D-ACC663939424}: Button: Bonjour -- %ProgramFiles%\Bonjour\ExplorerPlugin.dll [2005/11/28 13:11:26 | 00,454,656 | ---- | M] (Apple Computer, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}: Button: UltimateBet -- %ProgramFiles%\UltimateBet\UltimateBet.exe [2008/01/16 11:45:46 | 03,667,272 | ---- | M] (UltimateBet)
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}: Menu: UltimateBet -- %ProgramFiles%\UltimateBet\UltimateBet.exe [2008/01/16 11:45:46 | 03,667,272 | ---- | M] (UltimateBet)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 12:22:06 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 12:22:06 | 00,110,592 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/30 14:45:34 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKLM] -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 13:11:26 | 00,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} [HKLM] -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> [2008/01/16 11:45:46 | 03,667,272 | ---- | M] (UltimateBet)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/07/21 12:22:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
gap.com\www: https in My Computer
scotiabank.com\www.scotiaonline: https in My Computer
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1153423829260 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{78466ADE-87CE-4765-B4BE-8DF4A866723E} (Servers: | Description: D-Link DL10050-based Ethernet Adapter (Generic))

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>[2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

"UserInit"=C:\WINDOWS\system32\userinit.exe,
>[2008/04/13 20:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe

"UIHost"=logonui.exe
>[2008/04/13 20:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe

"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>[2008/04/13 20:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
>[2008/04/13 20:12:41 | 00,300,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sysdm.cpl


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>[2008/04/13 20:11:58 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msapsspc.dll
>[2008/04/13 20:12:05 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
>[2008/04/13 20:11:52 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\digest.dll
>[2008/04/13 20:12:00 | 00,290,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msnsspc.dll

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,
>[2008/04/13 20:12:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,
>[2008/04/13 20:11:56 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kerberos.dll
>[2008/04/13 20:12:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll
>[2008/04/13 20:12:05 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
>[2008/04/13 20:12:08 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdigest.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/07/20 15:14:01 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/06 18:00:09 | 00,416,768 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/04 18:22:01 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2008/10/04 18:17:22 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/04 18:16:16 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/09/30 21:50:04 | 00,000,811 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ad-Aware.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/30 21:49:48 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/30 21:49:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/30 21:46:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg6n.sys
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg5n.sys
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg4n.sys
[2008/09/24 13:49:07 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys
[2008/09/24 13:49:06 | 00,060,496 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys
[2008/09/24 13:49:06 | 00,021,075 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[2008/09/24 13:49:00 | 00,083,096 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\SSSensor.dll
[2008/09/24 13:48:45 | 00,000,000 | ---D | C] -- C:\Program Files\Sygate
[2008/09/23 13:56:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/09/23 11:29:04 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/09/23 11:28:36 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/09/19 21:04:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/19 21:04:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/18 21:40:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/18 21:23:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/18 21:23:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/18 21:23:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/18 21:23:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/18 21:17:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/18 21:02:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/18 21:02:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2008/09/06 20:55:51 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/09/06 20:55:47 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/09/06 20:55:43 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/09/06 20:55:43 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/09/06 20:55:39 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2008/09/06 20:55:39 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2008/09/06 20:55:38 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/09/06 20:55:38 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2008/09/06 20:55:38 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2008/09/06 20:55:38 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2008/09/06 20:55:38 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2008/09/06 20:55:36 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/09/06 20:55:35 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2008/09/06 20:55:33 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/09/06 20:55:33 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/09/06 20:55:33 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/09/06 20:55:27 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/09/06 20:55:26 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/09/06 20:55:26 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/09/06 20:55:15 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/09/06 20:55:13 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/09/06 20:55:09 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2008/09/06 20:55:09 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2008/09/06 20:55:09 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2008/09/06 20:55:09 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2008/09/06 20:55:09 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2008/09/06 20:55:09 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2008/09/06 20:55:09 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2008/09/06 20:55:09 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/09/06 20:55:08 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2008/09/06 20:55:08 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2008/09/06 20:55:08 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2008/09/06 20:55:08 | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2008/09/06 20:55:08 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2008/09/06 20:55:02 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/09/06 20:55:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/09/06 20:54:57 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2008/09/06 20:54:57 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2008/09/06 20:54:55 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/09/06 20:54:55 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/09/06 20:54:55 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/09/06 20:54:53 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2008/09/06 20:54:52 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/09/06 20:54:51 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/09/06 20:54:48 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/09/06 20:54:48 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/09/06 20:54:48 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/09/06 20:54:45 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/09/06 20:54:40 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/09/06 20:54:31 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2008/09/06 20:54:23 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/09/06 20:54:19 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/09/06 20:54:19 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/09/06 20:54:19 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/09/06 20:54:19 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2008/09/06 20:54:18 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2008/09/06 20:54:18 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2008/09/06 20:54:17 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2008/09/06 20:54:17 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2008/09/06 20:54:17 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/09/06 20:54:17 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/09/06 20:54:16 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/09/06 20:54:16 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/09/06 20:54:11 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/09/06 20:54:11 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/09/06 20:53:37 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/09/06 20:53:36 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/09/06 20:53:36 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/09/06 20:53:36 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/09/06 20:53:31 | 00,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2008/09/06 20:53:31 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2008/09/06 20:53:03 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/09/06 20:53:02 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/09/06 20:53:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/09/06 20:52:47 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/09/06 20:52:41 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2008/09/06 20:52:41 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2008/09/06 20:52:41 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2008/09/06 20:52:41 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2008/09/06 20:52:40 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/09/06 20:52:40 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/09/06 20:52:39 | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2008/09/06 20:52:39 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2008/09/06 20:52:36 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/09/06 20:52:29 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/09/06 20:52:26 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/09/06 20:52:26 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/09/06 20:52:26 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/09/06 20:52:26 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/09/06 20:52:26 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/09/06 20:52:26 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/09/06 20:52:26 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/09/06 20:52:26 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/09/06 20:52:20 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/09/06 20:52:20 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/09/06 20:52:20 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/09/06 20:52:20 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/09/06 20:52:20 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/09/06 20:52:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/09/06 20:52:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/09/06 20:52:17 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/09/06 20:52:17 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/09/06 20:52:16 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/09/06 20:52:11 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/09/06 20:52:10 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/09/06 20:52:03 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2008/09/06 20:52:00 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2008/09/06 20:52:00 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/09/06 20:52:00 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2008/09/06 20:52:00 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/09/06 20:52:00 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/09/06 20:51:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/09/06 20:51:58 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/09/06 20:51:57 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2008/09/06 20:51:57 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2008/09/06 20:51:57 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2008/09/06 20:51:57 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2008/09/06 20:51:57 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2008/09/06 20:51:56 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2008/09/06 20:51:56 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2008/09/06 20:51:56 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2008/09/06 20:51:56 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/09/06 20:51:56 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2008/09/06 20:51:56 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2008/09/06 20:51:56 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2008/09/06 20:51:56 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2008/09/06 20:51:56 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2008/09/06 20:51:56 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2008/09/06 20:51:56 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2008/09/06 20:51:56 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2008/09/06 20:51:56 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2008/09/06 20:51:55 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2008/09/06 20:51:55 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2008/09/06 20:51:55 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2008/09/06 20:51:54 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2008/09/06 20:51:54 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2008/09/06 20:51:54 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2008/09/06 20:51:54 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2008/09/06 20:51:54 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2008/09/06 20:51:53 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2008/09/06 20:51:53 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2008/09/06 20:51:53 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2008/09/06 20:51:53 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2008/09/06 20:51:53 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2008/09/06 20:51:53 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2008/09/06 20:51:53 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2008/09/06 20:51:53 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2008/09/06 20:51:53 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2008/09/06 20:51:53 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2008/09/06 20:51:53 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2008/09/06 20:51:47 | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2008/09/06 20:51:47 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/09/06 20:51:45 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/09/06 20:51:45 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/09/06 20:51:44 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2008/09/06 20:51:44 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2008/09/06 20:51:44 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2008/09/06 20:51:44 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2008/09/06 20:51:44 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2008/09/06 20:51:44 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2008/09/06 20:51:44 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2008/09/06 20:51:42 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/06 18:00:39 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/06 17:39:01 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/04 18:22:09 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2008/10/04 18:16:38 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/10/03 17:47:18 | 09,187,328 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/10/03 17:47:18 | 04,840,448 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/10/03 17:46:37 | 00,013,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/03 17:44:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/03 17:43:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/02 19:22:29 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Outlook.lnk
[2008/09/30 21:50:04 | 00,000,811 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ad-Aware.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/21 13:51:59 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/19 21:04:58 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/18 21:46:10 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2008/09/18 21:45:27 | 00,409,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/18 21:45:26 | 00,481,756 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/18 21:45:26 | 00,065,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/18 21:39:15 | 00,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/18 21:36:22 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/18 21:12:41 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/12 22:46:03 | 00,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/09/12 20:41:19 | 00,263,774 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/09/12 19:59:59 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/09/12 19:40:42 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/09/11 16:20:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/09/11 16:20:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/09/10 13:08:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/09/10 13:08:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/09/09 17:15:50 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/09/09 17:15:50 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/09/09 17:15:50 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
< End of report >

OTViewIt Extras logfile created on: 06/10/2008 6:01:28 PM - Run 2
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 73.16 Mb Available Physical Memory | 28.63% Memory free
689.66 Mb Paging File | 158.73 Mb Available in Paging File | 23.02% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.77 Gb Free Space | 50.04% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 40.27 Gb Free Space | 73.21% Space Free | Partition Type: FAT32
Drive E: | 8.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/04/17 14:37:02 | 00,204,800 | ---- | M] (InterVideo Inc.) -- C:\Program Files\DVD7\WinDVD.exe:*:Enabled:WinDVD
[2005/10/27 18:44:40 | 03,887,104 | ---- | M] (Shareaza Development Team) -- C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza
File not found -- C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade 1.01
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
File not found -- C:\Program Files\Firefox\firefox.exe:*:Disabled:Firefox
[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -- C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])
[2008/04/13 20:12:01 | 01,428,992 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll http\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll http\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll https\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll https\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
ipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:55 | 00,138,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])
[2008/04/11 15:04:26 | 00,691,712 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])
msdaipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2008/04/13 20:11:55 | 00,138,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[2008/04/13 20:12:01 | 01,428,992 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[2008/04/13 20:12:08 | 00,075,776 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (HKLM) [AP Class Install Handler filter]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2008/04/13 20:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}"=Sony MP4 Shared Library
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}"=HLPPDOCK
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}"=CR2
"{43E05D0C-E145-4FF4-A749-EAF822DBDCA4}"=Jetfighter V Homeland Protector
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}"=CardRd81
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{66A3B78C-3BCE-4B53-ACDE-2C812FB8285F}"=Image Converter 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{7784A172-61F1-445E-8368-601607E0DD22}"=miniMEDIA
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{90885A82-9673-49EA-AB39-AF776639C67C}"=DVD7
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}"=SFR2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{AF767F06-A1F3-11D5-AA2E-0008C760B784}"=Disney's Magic Artist Deluxe
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}"=essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}"=Bonjour
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}"=Sygate Personal Firewall
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}"=OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}"=SKIN0001
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"avast!"=avast! Antivirus
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}"=Bonjour
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 1.53
"MechWarrior 3"=MechWarrior 3
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NeroVision!UninstallKey"=Nero Digital
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey"=NeroVision Express Content
"PartyPoker"=PartyPoker
"PokerStars"=PokerStars
"RegHealer_is2"=Registry Healer 4.4.1 uninstall
"SE440BX2 WinNT audio driver copy"=SE440BX2 WinNT audio driver copy
"Shareaza_is1"=Shareaza version 2.2.1.0
"Tux Paint Stamps_is1"=Tux Paint Stamps 2005-11-25
"Tux Paint_is1"=Tux Paint 0.9.15
"Tweak UI 2.10"=Tweak UI
"UltimateBet"=UltimateBet
"Winamp"=Winamp (remove only)
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 05/06/2008 9:24:12 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 9:24:23 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 9:24:39 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 10:07:42 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 06/06/2008 7:47:56 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 06/06/2008 7:47:56 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 06/06/2008 7:48:45 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 12/08/2008 9:28:48 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3E0GEBG5\items.v85_0[1].swf
failed, 0000A413.

[ Application Events ]
Error - 15/07/2008 6:18:32 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module dhtmled.ocx, version 6.1.0.9232, fault address 0x0000bbff.

Error - 28/07/2008 12:05:13 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module mshtml.dll, version 7.0.6000.16674, fault address 0x0006770e.

Error - 17/08/2008 6:38:07 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application shareaza.exe, version 2.2.1.0, faulting module
shareaza.exe, version 2.2.1.0, fault address 0x00061e89.

Error - 23/08/2008 12:36:48 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mshtml.dll, version 7.0.6000.16705, fault address 0x000676ae.

Error - 21/09/2008 2:08:13 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 21/09/2008 2:10:37 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 21/09/2008 2:11:26 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 24/09/2008 3:27:56 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5512, fault address 0x00056165.

Error - 24/09/2008 3:28:24 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 01/10/2008 6:18:44 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.3.4.1273, faulting module
ml_pmp.dll, version 0.0.0.0, fault address 0x000087a4.

[ System Events ]
Error - 24/09/2008 1:55:38 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 24/09/2008 1:56:13 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 24/09/2008 1:56:13 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 24/09/2008 1:56:41 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 30/09/2008 3:50:25 PM | Computer Name = BOURGON | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 30/09/2008 6:52:41 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 03/10/2008 5:43:36 PM | Computer Name = BOURGON | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 03/10/2008 5:43:36 PM | Computer Name = BOURGON | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 03/10/2008 5:46:06 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 03/10/2008 5:56:25 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >

I also tried to do a Avast Scan and it kept telling me the following message:

C:\System Volume Information.restore{77C7AA5F-684E-4787-BD08
Win32: Trojan-gen{other}
Virus/WORM
VPS: 01006-0,06/10/2008

Does this mean my computer is still not safe to use connected to the internet? I did my best to follow your instructions.

Thanks alot for helping me!

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 07 October 2008 - 07:11 AM

Hello -maverick-.

No problem, life comes first.

The Avast! message you posted was an item fount in the System Restore cache. It keeps appearing because most programs cannot access that folder, so Avast! can't delete it. While it is in there, it cannot harm your computer. We will clear those out later.

Does this mean my computer is still not safe to use connected to the internet?

From what I see so far, your computer is safe.

Update Java to Version 6 Update 7
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please then install the latest Java from this page. Follow the prompts and select the appropriate settings for your machine (most likely "Windows"). Click on the "Required File" jdk-6u7-windows-i586-p.exe to download the installer. Double click the installer to run. Delete the installer after use.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.


Post back with:
-the F-Secure scan log
-a new OTViewIt log

Tell me of any other symptoms you are experiencing.

With Regards,
The Panda

#11 -Maverick-

-Maverick-
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 07 October 2008 - 09:08 PM

Hi Panda!

Well I uninstalled the java version that I have on my computer, and when I tried to download the one you referred me to the page would not come up. Can I download this from somewhere else?

Thanks for the quick response it realy is appreciated.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 08 October 2008 - 07:14 AM

Hello.

Sorry I could not respond earlier. Try that link again. If it still won't work, try here:
http://www.java.com/en/download/installed.jsp

With Regards,
The Panda

#13 -Maverick-

-Maverick-
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 09 October 2008 - 04:25 PM

Hi Panda!

I did the F-Secure scan and it did not find anything, and I guess that's why I didn't get a report. I also did an OTView it and here is my log:

OTViewIt Extras logfile created on: 09/10/2008 5:17:07 PM - Run 4
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 26.82 Mb Available Physical Memory | 10.50% Memory free
802.66 Mb Paging File | 436.41 Mb Available in Paging File | 54.37% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.55 Gb Free Space | 48.90% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 40.27 Gb Free Space | 73.21% Space Free | Partition Type: FAT32
Drive E: | 8.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/04/17 14:37:02 | 00,204,800 | ---- | M] (InterVideo Inc.) -- C:\Program Files\DVD7\WinDVD.exe:*:Enabled:WinDVD
[2005/10/27 18:44:40 | 03,887,104 | ---- | M] (Shareaza Development Team) -- C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza
File not found -- C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade 1.01
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/02/13 14:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater
File not found -- C:\Program Files\Firefox\firefox.exe:*:Disabled:Firefox
[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -- C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])
[2008/04/13 20:12:01 | 01,428,992 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll http\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll http\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll https\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll https\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
ipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:55 | 00,138,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])
[2008/04/11 15:04:26 | 00,691,712 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])
msdaipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2008/04/13 20:11:55 | 00,138,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])
[2008/04/13 20:12:01 | 01,428,992 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])
[2008/04/13 20:12:08 | 00,075,776 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
[2007/10/24 01:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (HKLM) [AP Class Install Handler filter]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]
[2008/04/13 20:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}"=Sony MP4 Shared Library
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}"=HLPPDOCK
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}"=CR2
"{43E05D0C-E145-4FF4-A749-EAF822DBDCA4}"=Jetfighter V Homeland Protector
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}"=CardRd81
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{66A3B78C-3BCE-4B53-ACDE-2C812FB8285F}"=Image Converter 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{7784A172-61F1-445E-8368-601607E0DD22}"=miniMEDIA
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{90885A82-9673-49EA-AB39-AF776639C67C}"=DVD7
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}"=SFR2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{AF767F06-A1F3-11D5-AA2E-0008C760B784}"=Disney's Magic Artist Deluxe
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}"=essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}"=Bonjour
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}"=Sygate Personal Firewall
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}"=OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}"=ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}"=SKIN0001
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"avast!"=avast! Antivirus
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}"=Bonjour
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 1.53
"MechWarrior 3"=MechWarrior 3
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NeroVision!UninstallKey"=Nero Digital
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey"=NeroVision Express Content
"PartyPoker"=PartyPoker
"PokerStars"=PokerStars
"RegHealer_is2"=Registry Healer 4.4.1 uninstall
"SE440BX2 WinNT audio driver copy"=SE440BX2 WinNT audio driver copy
"Shareaza_is1"=Shareaza version 2.2.1.0
"Tux Paint Stamps_is1"=Tux Paint Stamps 2005-11-25
"Tux Paint_is1"=Tux Paint 0.9.15
"Tweak UI 2.10"=Tweak UI
"UltimateBet"=UltimateBet
"Winamp"=Winamp (remove only)
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 05/06/2008 9:24:12 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 9:24:23 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 9:24:39 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 05/06/2008 10:07:42 PM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 1753.

Error - 06/06/2008 7:47:56 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 06/06/2008 7:47:56 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 06/06/2008 7:48:45 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 12/08/2008 9:28:48 AM | Computer Name = BOURGON | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3E0GEBG5\items.v85_0[1].swf
failed, 0000A413.

[ Application Events ]
Error - 28/07/2008 12:05:13 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module mshtml.dll, version 7.0.6000.16674, fault address 0x0006770e.

Error - 17/08/2008 6:38:07 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application shareaza.exe, version 2.2.1.0, faulting module
shareaza.exe, version 2.2.1.0, fault address 0x00061e89.

Error - 23/08/2008 12:36:48 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module mshtml.dll, version 7.0.6000.16705, fault address 0x000676ae.

Error - 21/09/2008 2:08:13 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 21/09/2008 2:10:37 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 21/09/2008 2:11:26 PM | Computer Name = BOURGON | Source = MsiInstaller | ID = 11721
Description = Product: miniMEDIA -- Error 1721. There is a problem with this Windows
Installer package. A program required for this install to complete could not be
run. Contact your support personnel or package vendor. Action: _1CA2919A_2833_4E88_92CB_C6F8A76C4A38,
location: C:\Program Files\Tiger Electronics\miniMEDIA\DelDrv.exe, command:

Error - 24/09/2008 3:27:56 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shell32.dll, version 6.0.2900.5512, fault address 0x00056165.

Error - 24/09/2008 3:28:24 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 01/10/2008 6:18:44 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.3.4.1273, faulting module
ml_pmp.dll, version 0.0.0.0, fault address 0x000087a4.

Error - 07/10/2008 9:59:17 PM | Computer Name = BOURGON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module ieui.dll, version 7.0.5730.11, fault address 0x000061b1.

[ System Events ]
Error - 24/09/2008 1:55:38 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 24/09/2008 1:56:13 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 24/09/2008 1:56:13 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 24/09/2008 1:56:41 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 30/09/2008 3:50:25 PM | Computer Name = BOURGON | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 30/09/2008 6:52:41 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 03/10/2008 5:43:36 PM | Computer Name = BOURGON | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 03/10/2008 5:43:36 PM | Computer Name = BOURGON | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 03/10/2008 5:46:06 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7022
Description = The Bonjour Service service hung on starting.

Error - 03/10/2008 5:56:25 PM | Computer Name = BOURGON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >

OTViewIt logfile created on: 09/10/2008 5:17:07 PM - Run 4
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

255.49 Mb Total Physical Memory | 26.82 Mb Available Physical Memory | 10.50% Memory free
802.66 Mb Paging File | 436.41 Mb Available in Paging File | 54.37% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.55 Gb Free Space | 48.90% Space Free | Partition Type: NTFS
Drive D: | 55.00 Gb Total Space | 40.27 Gb Free Space | 73.21% Space Free | Partition Type: FAT32
Drive E: | 8.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOURGON
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/04/13 20:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
[2008/04/13 20:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
[2008/04/13 20:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 20:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008/04/13 20:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2007/04/23 13:57:38 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2008/07/19 10:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/04/13 20:12:16 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/04/13 20:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/08/18 18:41:00 | 01,832,272 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
[2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/10/06 18:00:39 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Alerter [Disabled | Stopped])
[2008/04/13 20:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe -- (ALG [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AppMgmt [Disabled | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AudioSrv [Auto | Running])
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (BITS [On_Demand | Running])
[2005/11/28 13:11:36 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Browser [Auto | Stopped])
[2008/04/13 20:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [Disabled | Stopped])
[2008/04/13 20:12:14 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv [Disabled | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/04/13 20:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (CryptSvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (DcomLaunch [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dhcp [Auto | Running])
[2008/04/13 20:12:17 | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (dmserver [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dnscache [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dot3svc [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (EapHost [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ERSvc [Disabled | Stopped])
[2008/04/13 20:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (Eventlog [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (EventSystem [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (FastUserSwitchingCompatibility [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (helpsvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (HidServ [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (hkmsvc [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (HTTPFilter [On_Demand | Stopped])
[2008/04/13 20:12:22 | 00,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imapi.exe -- (ImapiService [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanserver [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanworkstation [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (LmHosts [Disabled | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Messenger [Disabled | Stopped])
[2008/04/13 20:12:25 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc [On_Demand | Stopped])
[2008/04/13 20:12:27 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC [On_Demand | Stopped])
[2008/04/13 20:12:28 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (napagent [On_Demand | Stopped])
[2008/04/13 20:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDE [Disabled | Stopped])
[2008/04/13 20:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm [Disabled | Stopped])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (Netlogon [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Netman [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Nla [On_Demand | Running])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (NtmsSvc [On_Demand | Stopped])
[2008/04/13 20:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (PlugPlay [Auto | Running])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent [Auto | Running])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasAuto [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasMan [On_Demand | Running])
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RemoteAccess [Disabled | Stopped])
[2008/04/13 20:12:24 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\locator.exe -- (RpcLocator [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RpcSs [Auto | Running])
[2004/08/04 08:00:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvp.exe -- (RSVP [On_Demand | Stopped])
[2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (SamSs [Auto | Running])
[2008/04/13 20:12:33 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Schedule [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (seclogon [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SENS [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SharedAccess [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ShellHWDetection [Auto | Running])
[2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService [Auto | Running])
[2008/04/13 20:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (srservice [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SSDPSRV [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (stisvc [Auto | Running])
[2008/04/13 20:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (SwPrv [On_Demand | Stopped])
[2008/04/13 20:12:35 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TapiSrv [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TermService [On_Demand | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Themes [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TrkWks [Disabled | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (upnphost [On_Demand | Stopped])
[2008/04/13 20:12:38 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ups.exe -- (UPS [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/04/13 20:12:38 | 00,289,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssvc.exe -- (VSS [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (W32Time [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WebClient [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (winmgmt [Auto | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2005/10/06 18:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WmdmPmSN [On_Demand | Stopped])
[2008/04/13 20:12:40 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Stopped])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wscsvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wuauserv [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WudfSvc [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WZCSVC [Auto | Running])
[2008/04/13 20:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (xmlprov [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/19 10:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2008/04/13 14:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI [Boot | Running])
[2004/08/04 08:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC [Disabled | Stopped])
[2008/04/13 12:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys -- (aec [On_Demand | Stopped])
[2008/06/20 07:40:08 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD [System | Running])
[2008/07/19 10:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 10:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 10:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 10:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 10:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2008/04/13 14:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac [On_Demand | Stopped])
[2008/04/13 14:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2008/04/13 14:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc [On_Demand | Stopped])
[2001/08/17 09:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub [On_Demand | Running])
[2001/08/17 09:28:04 | 00,067,167 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2 [On_Demand | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
[2004/08/04 08:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio [System | Stopped])
[2008/04/13 15:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs [Disabled | Running])
[2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom [System | Running])
[2008/04/13 14:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk [Boot | Running])
[2001/08/17 08:11:44 | 00,026,698 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\drivers\DLH5XND5.sys -- (DLH5X [On_Demand | Running])
[2008/04/13 14:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot [Disabled | Stopped])
[2008/04/13 14:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload [Disabled | Stopped])
[2008/04/13 14:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic [On_Demand | Stopped])
[2008/04/13 14:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud [On_Demand | Stopped])
[2001/08/17 09:28:06 | 00,289,887 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback [Auto | Running])
[2008/04/13 15:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat [Disabled | Running])
[2008/04/13 14:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc [On_Demand | Running])
[2008/04/13 14:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips [System | Running])
[2008/04/13 14:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk [On_Demand | Running])
[2008/04/13 14:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr [Boot | Running])
[2001/08/17 09:28:06 | 00,115,807 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks [Auto | Running])
[2004/08/04 08:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk [Boot | Running])
[2008/04/13 14:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc [On_Demand | Running])
[2008/04/13 14:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb [On_Demand | Running])
[2001/08/17 09:28:10 | 00,542,879 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft [On_Demand | Running])
[2008/04/13 14:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP [On_Demand | Running])
[2008/04/13 15:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt [System | Running])
[2008/04/13 14:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi [System | Running])
[2008/04/13 14:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver [On_Demand | Stopped])
[2008/04/13 14:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp [On_Demand | Stopped])
[2008/04/13 14:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat [On_Demand | Running])
[2008/04/13 15:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec [System | Running])
[2008/04/13 14:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM [On_Demand | Stopped])
[2008/04/13 14:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp [Boot | Running])
[2001/08/17 09:28:08 | 00,391,199 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56 [Auto | Running])
[2008/04/13 14:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass [System | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/04/13 14:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer [On_Demand | Stopped])
[2008/04/13 14:31:43 | 00,092,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD [Boot | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd [System | Running])
[2008/04/13 15:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem [On_Demand | Running])
[2001/08/17 09:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008/04/13 14:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass [System | Running])
[2004/08/04 08:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid [On_Demand | Running])
[2008/04/13 14:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr [Boot | Running])
[2008/04/13 14:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV [On_Demand | Running])
[2008/04/13 15:17:01 | 00,456,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb [System | Running])
[2008/04/13 14:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs [System | Running])
[2008/04/13 14:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV [On_Demand | Stopped])
[2008/04/13 14:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK [On_Demand | Stopped])
[2008/04/13 14:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM [On_Demand | Stopped])
[2008/04/13 14:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios [On_Demand | Running])
[2008/04/13 15:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup [Boot | Running])
[2008/04/13 15:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
[2008/04/13 14:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi [On_Demand | Running])
[2008/04/13 14:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio [On_Demand | Running])
[2008/04/13 15:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan [On_Demand | Running])
[2008/04/13 14:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy [On_Demand | Running])
[2008/04/13 14:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS [System | Running])
[2008/04/13 15:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT [System | Running])
[2008/04/13 14:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs [System | Running])
[2008/04/13 15:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
[2004/08/04 08:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
[2004/08/03 18:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/04 08:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
[2008/04/13 14:31:31 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys -- (P3 [System | Running])
[2008/04/13 14:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport [On_Demand | Running])
[2008/04/13 14:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr [Boot | Running])
[2004/08/04 08:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm [Auto | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2008/04/13 14:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI [Boot | Running])
[2008/04/13 14:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia [Disabled | Stopped])
[2008/04/13 15:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport [On_Demand | Running])
[2008/04/13 14:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched [On_Demand | Running])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 08:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd [System | Running])
[2008/04/13 15:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp [On_Demand | Running])
[2008/04/13 14:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe [On_Demand | Running])
[2004/08/04 08:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti [On_Demand | Running])
[2008/04/13 15:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss [System | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD [System | Running])
[2008/04/13 20:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD [On_Demand | Stopped])
[2008/04/13 14:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook [System | Running])
[2001/08/17 09:28:10 | 00,057,471 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample [On_Demand | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/04/13 14:40:12 | 00,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum [On_Demand | Running])
[2008/04/13 15:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial [System | Running])
[2008/04/13 14:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy [System | Stopped])
[2001/08/17 09:28:06 | 00,199,711 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax [Auto | Running])
[2001/08/17 09:28:10 | 00,073,279 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone [Auto | Running])
[2008/04/13 14:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter [On_Demand | Stopped])
[2008/04/13 14:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys -- (sr [Boot | Running])
[2008/04/13 15:15:11 | 00,334,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv [On_Demand | Running])
[2008/04/13 14:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum [On_Demand | Running])
[2008/04/13 14:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi [On_Demand | Stopped])
[2008/04/13 15:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio [On_Demand | Stopped])
[2008/06/20 07:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip [System | Running])
[2008/04/13 20:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE [On_Demand | Stopped])
[2008/04/13 20:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP [On_Demand | Stopped])
[2004/10/15 18:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer [Boot | Running])
[2008/04/13 20:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD [System | Running])
[2001/08/17 09:28:12 | 00,050,751 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones [Auto | Running])
[2008/04/13 14:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs [Disabled | Stopped])
[2008/04/13 14:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys -- (Update [On_Demand | Running])
[2008/04/13 14:45:39 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp [On_Demand | Running])
[2008/04/13 14:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub [On_Demand | Running])
[2008/04/13 14:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan [On_Demand | Stopped])
[2008/04/13 14:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR [On_Demand | Stopped])
[2008/04/13 14:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci [On_Demand | Running])
[2001/08/17 09:28:12 | 00,488,383 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124 [Auto | Running])
[2008/04/13 14:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys -- (VgaSave [System | Running])
[2008/04/13 14:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp [Boot | Running])
[2002/07/24 04:30:00 | 00,032,128 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2008/04/13 14:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde [Boot | Running])
[2008/04/13 14:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap [Boot | Running])
[2008/04/13 14:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp [On_Demand | Running])
[2008/04/13 15:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud [On_Demand | Stopped])
[2004/10/15 18:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n [Auto | Running])
[2004/10/15 18:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg4n.sys -- (wg4n [Auto | Running])
[2004/10/15 18:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg5n.sys -- (wg5n [Auto | Running])
[2004/10/15 18:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wg6n.sys -- (wg6n [Auto | Running])
[2006/10/18 20:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
[2004/10/15 18:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])
[2004/08/04 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2006/09/28 18:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [Boot | Running])
[2006/09/28 19:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[1998/10/15 16:48:10 | 00,919,104 | ---- | M] (YAMAHA Corporation) -- C:\WINDOWS\system32\drivers\ydsxg.sys -- (ydsxg [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (263774 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
9148 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui (Sygate Technologies, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"WinampAgent"=C:\Program Files\Winamp\winampa.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========

[2006/06/07 07:26:28 | 00,180,224 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[1999/02/17 16:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
Transfer with Image Converter 2: C:\Program Files\Sony\Image Converter 2\menu.htm [2004/11/12 21:12:28 | 00,001,350 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Button: Absolute Poker -- %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Menu: Absolute Poker -- %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{7F9DB11C-E358-4ca6-A83D-ACC663939424}: Button: Bonjour -- %ProgramFiles%\Bonjour\ExplorerPlugin.dll [2005/11/28 13:11:26 | 00,454,656 | ---- | M] (Apple Computer, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}: Button: UltimateBet -- %ProgramFiles%\UltimateBet\UltimateBet.exe [2008/01/16 11:45:46 | 03,667,272 | ---- | M] (UltimateBet)
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}: Menu: UltimateBet -- %ProgramFiles%\UltimateBet\UltimateBet.exe [2008/01/16 11:45:46 | 03,667,272 | ---- | M] (UltimateBet)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 12:22:06 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/07/21 12:22:06 | 00,110,592 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/30 14:45:34 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found
CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKLM] -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> [2005/11/28 13:11:26 | 00,454,656 | ---- | M] (Apple Computer, Inc.)
CmdMapping\\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} [HKLM] -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> [2008/01/16 11:45:46 | 03,667,272 | ---- | M] (UltimateBet)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> [2006/07/21 12:22:06 | 00,110,592 | ---- | M] ()
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
gap.com\www: https in My Computer
scotiabank.com\www.scotiaonline: https in My Computer
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1153423829260 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{78466ADE-87CE-4765-B4BE-8DF4A866723E} (Servers: | Description: D-Link DL10050-based Ethernet Adapter (Generic))

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>[2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

"UserInit"=C:\WINDOWS\system32\userinit.exe,
>[2008/04/13 20:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe

"UIHost"=logonui.exe
>[2008/04/13 20:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe

"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>[2008/04/13 20:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
>[2008/04/13 20:12:41 | 00,300,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sysdm.cpl


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>[2008/04/13 20:11:58 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msapsspc.dll
>[2008/04/13 20:12:05 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
>[2008/04/13 20:11:52 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\digest.dll
>[2008/04/13 20:12:00 | 00,290,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msnsspc.dll

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,
>[2008/04/13 20:12:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,
>[2008/04/13 20:11:56 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kerberos.dll
>[2008/04/13 20:12:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll
>[2008/04/13 20:12:05 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
>[2008/04/13 20:12:08 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdigest.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/07/20 15:14:01 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/08 18:52:28 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2008/10/08 18:49:33 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/10/08 18:48:48 | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2008/10/08 18:48:48 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2008/10/08 18:48:48 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2008/10/08 18:48:48 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2008/10/08 18:47:23 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/10/08 18:44:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/10/06 18:00:09 | 00,416,768 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/04 18:22:01 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2008/10/04 18:17:22 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/04 18:16:16 | 00,335,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/09/30 21:50:04 | 00,000,811 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ad-Aware.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/30 21:49:48 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/30 21:49:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/30 21:46:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg6n.sys
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg5n.sys
[2008/09/24 13:49:08 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg4n.sys
[2008/09/24 13:49:07 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys
[2008/09/24 13:49:06 | 00,060,496 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys
[2008/09/24 13:49:06 | 00,021,075 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[2008/09/24 13:49:00 | 00,083,096 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\SSSensor.dll
[2008/09/24 13:48:45 | 00,000,000 | ---D | C] -- C:\Program Files\Sygate
[2008/09/23 13:56:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/09/23 11:29:04 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/09/23 11:28:36 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/09/19 21:04:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/19 21:04:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/18 21:40:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/18 21:23:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/18 21:23:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/18 21:23:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/18 21:23:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/18 21:17:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/18 21:02:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/18 21:02:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/09 16:39:01 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/06 18:00:39 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/10/04 18:22:09 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2008/10/04 18:16:38 | 00,335,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTMoveIt3.exe
[2008/10/03 17:47:18 | 09,187,328 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/10/03 17:47:18 | 04,840,448 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/10/03 17:46:37 | 00,013,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/03 17:44:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/03 17:43:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/02 19:22:29 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Outlook.lnk
[2008/09/30 21:50:04 | 00,000,811 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ad-Aware.lnk
[2008/09/30 21:50:04 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/21 13:51:59 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/19 21:04:58 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/09/18 21:46:10 | 00,001,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2008/09/18 21:45:27 | 00,409,718 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/18 21:45:26 | 00,481,756 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/18 21:45:26 | 00,065,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/18 21:39:15 | 00,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/18 21:36:22 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/18 21:12:41 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/12 22:46:03 | 00,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/09/12 20:41:19 | 00,263,774 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/09/12 19:59:59 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/09/12 19:40:42 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/09/11 16:20:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/09/11 16:20:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/09/10 13:08:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/09/10 13:08:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
< End of report >

So if this means that my computer is free from infections I am wondering why sygate firewall keeps asking if i should be letting different programs access the internet, I keep clicking no, but in truth I'm not sure what programs I should be allowing access the the internet. Would you happen to know this? Also my computer is running extremely slow.

Any advice or help would be greatly appreciated.

Thank you!

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 09 October 2008 - 04:34 PM

Hello Maverick.

Could you please post a new HijackThis log too? It's just a bit easier for me to read those. Thanks.

I probably won't be able to reply with further instructions today though.

With Regards,
The Panda

#15 -Maverick-

-Maverick-
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 09 October 2008 - 05:21 PM

Hi Panda! Sorry for not posting my Hijackthis log i forgot. Anyways here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:01 PM, on 09/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Transfer with Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153423829260
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 8237 bytes


Thank you so much for attending to this!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users