Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deewoo And Zeno..?


  • This topic is locked This topic is locked
11 replies to this topic

#1 ny1252

ny1252

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 24 September 2008 - 02:48 PM

Limewire is the root of all evil! i downloaded a file and opened it and ever since my computer has been very slow and whenever i search on google i get a pop called "Think-Rdz" (i cant make out the title but im pretty sure thats it) its a search assisant generated by deewoo. i ran multiple adware scans but i may still need assistance.


here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:14 PM, on 9/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1139967006\ee\aolsoftware.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\windows\system32\dwwnw64r.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spam Monitor\SpamMonitor.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
f:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B5DE00F-F305-4C01-8A50-63769D3F2A33} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: (no name) - {5CA7ABBF-E91B-46BB-8BE1-F3285539DD3A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar24.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
O2 - BHO: mysidesearch search enhancer - {c170ea68-789e-6fb8-e938-803548cebaa5} - C:\WINDOWS\system32\fvqrgqqkecd.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar24.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1139967006\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [{22-2E-E4-4F-DW}] C:\windows\system32\dwwnw64r.exe DWrvg
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ncntrtdl.exe DWrvg
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spam Monitor] C:\Program Files\Spam Monitor\SpamMonitor.Exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntrtdl.exe
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MRI_DISABLED
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - Winlogon Notify: gebcd - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Microsoft Net API (NETAPI) - Unknown owner - C:\WINDOWS\system32\msapi.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13273 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:20 AM

Posted 04 October 2008 - 10:08 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 ny1252

ny1252
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 07 October 2008 - 03:10 PM

OTViewIt:


OTViewIt logfile created on: 10/7/2008 3:58:32 PM - Run 9
OTViewIt by OldTimer - Version 1.0.10.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.73 Mb Total Physical Memory | 72.00 Mb Available Physical Memory | 14.55% Memory free
1.13 Gb Paging File | 0.47 Gb Available in Paging File | 41.17% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 52.91 Gb Free Space | 47.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 413.51 Gb Free Space | 88.78% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-VFU1L3L59
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006/06/16 10:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe
[2007/01/16 13:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 13:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2008/07/28 19:09:41 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2006/02/26 23:06:19 | 00,057,344 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
[2006/02/12 15:52:29 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2007/08/03 23:33:14 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2006/02/11 23:18:14 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2005/06/07 00:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[2005/11/02 23:01:14 | 00,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1139967006\ee\aolsoftware.exe
[2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/01/16 13:59:50 | 04,838,952 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
[2008/04/12 09:09:25 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/03/20 17:34:50 | 00,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2004/02/25 16:15:50 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
[2004/02/25 17:06:20 | 00,212,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
[2008/09/10 21:51:50 | 00,200,735 | ---- | M] () -- C:\WINDOWS\system32\rmwnw64m.exe
[2008/04/13 20:12:32 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regsvr32.exe
[2006/01/12 17:25:18 | 01,392,640 | ---- | M] (PC Tools Pty Ltd) -- C:\Program Files\Spam Monitor\SpamMonitor.exe
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/08/02 15:37:11 | 00,016,384 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
[2008/07/08 16:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2008/10/05 15:13:54 | 00,548,924 | ---- | M] () -- C:\WINDOWS\system32\ncntrtdl.exe
[2006/02/10 07:56:12 | 00,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2004/02/25 16:39:48 | 00,176,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2007/07/13 14:36:12 | 01,117,208 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
[2007/07/06 17:28:14 | 00,786,432 | ---- | M] () -- C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/07 15:58:29 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
File not found -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Disabled | Stopped])
[2007/07/06 17:28:44 | 00,031,768 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService [Disabled | Stopped])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/06/16 10:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard [Auto | Running])
[2007/02/19 22:17:03 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/01/16 13:59:46 | 00,071,208 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [Auto | Running])
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 13:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
File not found -- C:\WINDOWS\system32\msapi.exe -- (NETAPI [Auto | Stopped])
[2003/03/03 14:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2008/07/28 19:09:41 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2006/02/26 23:06:19 | 00,057,344 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])
[2008/09/22 14:42:06 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])
[2006/02/12 15:52:29 | 01,119,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Stopped])

========== Driver Services ==========

[2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2005/11/21 01:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2006/02/11 23:18:19 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
File not found -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10630.sys -- (EraserUtilDrv10630 [On_Demand | Stopped])
[2006/06/16 10:38:54 | 00,003,968 | ---- | M] () -- C:\Program Files\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver [System | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/04/12 21:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2006/04/12 21:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2006/04/12 21:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2006/02/11 23:18:15 | 00,095,579 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/08/25 11:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/08/25 11:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IkSysFlt [System | Running])
[2008/08/25 11:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2006/02/11 23:18:18 | 01,075,685 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2006/02/11 23:18:18 | 00,481,305 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2006/02/11 23:18:18 | 00,050,805 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2008/06/16 08:34:19 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2006/02/11 23:18:19 | 00,031,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2007/07/13 09:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2006/03/27 23:45:50 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
[2002/06/13 16:08:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
[2003/08/29 03:00:00 | 00,006,515 | ---- | M] () -- C:\Program Files\Questionmark\QS\ProcObsrv.sys -- (ProcObsrv [On_Demand | Stopped])
[2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/08/19 03:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/02/14 07:04:48 | 00,469,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced [On_Demand | Running])
[2007/12/19 02:09:06 | 00,021,920 | ---- | M] (Screaming Bee LLC) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER [On_Demand | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2003/03/18 12:00:54 | 00,542,976 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2006/11/26 09:33:41 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
[2007/10/31 15:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2006/11/02 08:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2003/03/31 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2008/01/11 18:39:34 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus [Auto | Running])
[2006/02/11 23:18:15 | 00,122,110 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
[2006/02/11 23:18:15 | 00,099,002 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://www.comcast.net/toolbar2.0/search/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.comcast.net

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\CNNSI]
""=search.sportsillustrated.cnn.com/pages/search.jsp?query=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Dictionary]
""=dictionary.reference.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Google]
""=google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups]
""=groups-beta.google.com/groups?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages]
""=images.google.com/images?hl=en&lr=&q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews]
""=news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\KB]
""=support.microsoft.com/search/default.aspx?query=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\KBDLL]
""=support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Movies]
""=fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\MSN]
""=search.msn.com/results.asp?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus]
""=thesaurus.reference.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Weather]
""=weather.com/weather/local/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\Yahoo]
""=search.yahoo.com/search?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.comcast.net

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\CNNSI]
""=search.sportsillustrated.cnn.com/pages/search.jsp?query=%s

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Dictionary]
""=dictionary.reference.com/search?q=%s

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Google]
""=google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups]
""=groups-beta.google.com/groups?q=%s

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages]
""=images.google.com/images?hl=en&lr=&q=%s

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews]
""=news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\KB]
""=support.microsoft.com/search/default.aspx?query=%s

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\KBDLL]
""=support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Movies]
""=fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\MSN]
""=search.msn.com/results.asp?q=%s

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus]
""=thesaurus.reference.com/search?q=%s

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Weather]
""=weather.com/weather/local/%s

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Yahoo]
""=search.yahoo.com/search?p=%s

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = localhost

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.comcast.net/

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.comcast.net

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.comcast.net

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{0B5DE00F-F305-4C01-8A50-63769D3F2A33} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
{5CA7ABBF-E91B-46BB-8BE1-F3285539DD3A} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar24.dll (Google Inc.)
{B7672BAF-E9A3-49B6-86B2-C81719A18A4C} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{bc2ce10b-739e-3112-ee83-fbec941dbed5} (HKLM) -- C:\WINDOWS\system32\sejwdpusthuvqldjd.dll ()
{c170ea68-789e-6fb8-e938-803548cebaa5} (HKLM) -- C:\WINDOWS\system32\fvqrgqqkecd.dll ()
MRI_DISABLED (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar24.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar24.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7EFBC57C-CD57-481F-B794-648FCE9C9116}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar24.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7EFBC57C-CD57-481F-B794-648FCE9C9116}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar24.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7EFBC57C-CD57-481F-B794-648FCE9C9116}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar24.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7EFBC57C-CD57-481F-B794-648FCE9C9116}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar24.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{22-2E-E4-4F-DW}"=C:\windows\system32\rmwnw64m.exe DWrvg ()
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ExploreUpdSched"=C:\WINDOWS\system32\ncntrtdl.exe DWrvg ()
"HostManager"="C:\Program Files\Common Files\AOL\1139967006\ee\AOLHostManager.exe" (America Online, Inc.)
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
"McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" (Intel® Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"rorkcrruezpzpdqrq"=C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\sejwdpusthuvqldjd.dll" (Microsoft Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
"Spam Monitor"=C:\Program Files\Spam Monitor\SpamMonitor.Exe (PC Tools Pty Ltd)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
"Spam Monitor"=C:\Program Files\Spam Monitor\SpamMonitor.Exe (PC Tools Pty Ltd)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"LogMeInRescue_1679136335"="C:\WINDOWS\LMI14.tmp\rescue.exe" reboot (LogMeIn, Inc.)

========== (O4) Startup Folders ==========

[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2006/02/10 07:56:20 | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[2008/08/02 15:37:13 | 00,169,472 | ---- | M] (Logitech) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
[2001/02/13 02:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
[2006/11/19 06:13:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED
[2006/06/21 10:58:33 | 00,159,744 | ---- | M] () -- C:\Documents and Settings\Jo$h\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
[2008/10/05 15:13:54 | 00,548,924 | ---- | M] () -- C:\Documents and Settings\Justin\Start Menu\Programs\Startup\Deewoo.lnk = C:\WINDOWS\system32\ncntrtdl.exe
[2008/09/10 21:51:50 | 00,200,735 | ---- | M] () -- C:\Documents and Settings\Justin\Start Menu\Programs\Startup\DW_Start.lnk = C:\WINDOWS\system32\rmwnw64m.exe
[2006/06/21 10:58:33 | 00,159,744 | ---- | M] () -- C:\Documents and Settings\Justin\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
[2008/10/05 15:13:54 | 00,548,924 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Deewoo.lnk = C:\WINDOWS\system32\ncntrtdl.exe
[2008/09/10 21:51:50 | 00,200,735 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DW_Start.lnk = C:\WINDOWS\system32\rmwnw64m.exe
[2008/06/25 16:43:28 | 00,073,728 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk = C:\Documents and Settings\User\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
[2007/07/06 17:28:44 | 00,125,976 | ---- | M] (Memeo) -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=1
"NoSaveSettings"=0
"ClassicShell"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=1
"NoSaveSettings"=0
"ClassicShell"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html File not found

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-500\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.fpx: iSee Media Zoom Viewer -- C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll [2000/07/04 17:33:10 | 00,284,160 | ---- | M] (LivePicture, Inc.)
Extension\.ivr: iSee Media Zoom Viewer -- C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll [2000/07/04 17:33:10 | 00,284,160 | ---- | M] (LivePicture, Inc.)
Extension\.spop: -- C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 14:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
comcast.net\www: https in My Computer
imageservr.com\locator.cdn: http in My Computer
internet: about in Trusted sites
mcafee.com: http in Trusted sites
mcafee.com: https in Trusted sites
89 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
87 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
87 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
87 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
87 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
comcast.net\www: https in My Computer
imageservr.com\locator.cdn: http in My Computer
internet: about in Trusted sites
mcafee.com: http in Trusted sites
mcafee.com: https in Trusted sites
89 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
imageservr.com\locator.cdn: http in My Computer
85 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
84 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/5/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab -- McAfee.com Operating System Class
{56393399-041A-4650-94C7-13DFCB1F4665}: -- PSFormX Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab -- DwnldGroupMgr Class
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}: http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe -- Reg Error: Key does not exist or could not be opened.
{DBA230D1-8467-4e69-987E-5FAE815A3B45}: -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{C621789F-AF34-488E-9DCA-C6EB7AEA4FBF} (Servers: | Description: )
{EF57257B-8BC6-415E-A002-EA6C3E18E5CE} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
gebcd: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
WRNotifier: "DllName" = WRLogonNTF.dll -- File not found

========== Safeboot Options ==========

"AlternateShell"=D:\mri.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/02/11 22:34:48 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun []
[2008/07/02 10:52:18 | 00,000,000 | ---D | M] -- F:\autorun -- [ NTFS ]

autorun.inf [[autorun] | open=wd_windows_tools\setup.exe | ICON=AUTORUN\WDLOGO.ICO | ]
[2007/05/18 10:37:12 | 00,000,069 | RH-- | M] () -- F:\autorun.inf -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eda6232-42f7-11dd-b20c-000cf1b81427}\Shell\AutoRun\command]
""=E:\wd_windows_tools\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/10/07 15:58:09 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
[2008/10/06 09:20:34 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Contact_Information_Form_doc.doc
[2008/10/06 09:19:46 | 00,129,536 | ---- | C] () -- C:\Documents and Settings\User\Desktop\syllabus_fall_2008_bus100[1].doc
[2008/10/06 08:50:31 | 00,000,860 | ---- | C] () -- C:\WINDOWS\System32\winpfz33.sys
[2008/10/06 08:50:20 | 00,000,676 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Deewoo.lnk
[2008/10/05 15:14:04 | 00,000,021 | ---- | C] () -- C:\WINDOWS\System32\zxdnt3d.cfg
[2008/10/05 15:13:51 | 00,548,924 | ---- | C] () -- C:\WINDOWS\System32\ncntrtdl.exe
[2008/10/05 13:41:00 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DW_Start.lnk
[2008/10/05 13:41:00 | 00,000,158 | ---- | C] () -- C:\WINDOWS\System32\msnav32.ax
[2008/10/01 12:40:50 | 00,000,000 | ---D | C] -- C:\Program Files\Questionmark
[2008/09/30 08:11:47 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2008/09/25 18:28:59 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\User\Desktop\D Gagnon Resume.doc
[2008/09/25 14:39:20 | 00,204,630 | ---- | C] () -- C:\Documents and Settings\User\Desktop\scan0006.pdf
[2008/09/20 14:27:25 | 00,000,965 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Apartment Life.lnk
[2008/09/20 14:27:25 | 00,000,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\www.thesims3.com.lnk
[2008/09/19 08:46:26 | 00,351,232 | ---- | C] () -- C:\WINDOWS\System32\fvqrgqqkecd.dll
[2008/09/16 20:10:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Adobe CS3
[2008/09/16 15:04:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Thinstall
[2008/09/16 14:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Download Manager
[2008/09/13 15:18:02 | 00,009,662 | ---- | C] () -- C:\WINDOWS\System32\pinkip.ico
[2008/09/11 21:50:57 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Joshua Gagnon Foster period 6.doc
[2008/09/11 09:27:48 | 00,090,948 | ---- | C] () -- C:\WINDOWS\System32\fvqrgqqkecd.dll-uninst.exe
[2008/09/10 21:51:49 | 00,200,735 | ---- | C] () -- C:\WINDOWS\System32\rmwnw64m.exe
[2008/09/10 21:19:43 | 00,064,859 | ---- | C] () -- C:\WINDOWS\System32\whrkbslnihgiyf.exe
[2008/09/10 21:19:20 | 00,064,852 | ---- | C] () -- C:\WINDOWS\System32\fbkzntpptwwqwkrg.exe
[2008/09/10 21:18:56 | 00,428,976 | ---- | C] () -- C:\WINDOWS\DWrvg.exe
[2008/09/10 21:18:46 | 00,153,352 | ---- | C] () -- C:\WINDOWS\System32\g67.exe
[2008/09/10 21:18:44 | 00,200,717 | ---- | C] () -- C:\WINDOWS\System32\dwwnw64r.exe
[2008/09/10 21:18:42 | 00,200,704 | ---- | C] () -- C:\WINDOWS\84.exe
[2008/09/10 21:18:31 | 00,102,400 | ---- | C] (M i r a r) -- C:\WINDOWS\mbd232.exe
[2008/09/08 08:43:20 | 00,295,936 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Doc1.doc
[2008/09/08 08:43:09 | 00,457,728 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Doc2.doc

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2008/10/07 15:58:29 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTViewIt.exe
[2008/10/07 15:46:46 | 00,000,676 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Deewoo.lnk
[2008/10/07 15:45:36 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
[2008/10/07 15:45:24 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/07 15:45:18 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\DW_Start.lnk
[2008/10/07 15:44:40 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/07 14:10:33 | 05,913,472 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2008/10/07 14:03:35 | 00,012,058 | ---- | M] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat
[2008/10/07 09:08:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/07 09:08:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/06 09:20:46 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Contact_Information_Form_doc.doc
[2008/10/06 09:19:47 | 00,129,536 | ---- | M] () -- C:\Documents and Settings\User\Desktop\syllabus_fall_2008_bus100[1].doc
[2008/10/06 08:50:50 | 00,000,860 | ---- | M] () -- C:\WINDOWS\System32\winpfz33.sys
[2008/10/05 21:14:36 | 00,064,859 | ---- | M] () -- C:\WINDOWS\System32\whrkbslnihgiyf.exe
[2008/10/05 21:13:56 | 00,000,158 | ---- | M] () -- C:\WINDOWS\System32\msnav32.ax
[2008/10/05 15:16:19 | 00,000,395 | ---- | M] () -- C:\WINDOWS\QNETP9.INI
[2008/10/05 15:16:19 | 00,000,035 | ---- | M] () -- C:\WINDOWS\typeinst.ini
[2008/10/05 15:14:04 | 00,000,021 | ---- | M] () -- C:\WINDOWS\System32\zxdnt3d.cfg
[2008/10/05 15:13:54 | 00,548,924 | ---- | M] () -- C:\WINDOWS\System32\ncntrtdl.exe
[2008/10/04 13:23:47 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/03 18:09:37 | 00,000,372 | ---- | M] () -- C:\Documents and Settings\User\My Documents\spider.sav
[2008/10/03 10:03:58 | 00,156,672 | ---- | M] () -- C:\WINDOWS\System32\sejwdpusthuvqldjd.dll
[2008/10/01 15:35:28 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2008/09/30 08:13:29 | 00,407,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/30 08:13:28 | 00,064,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/30 08:13:27 | 00,479,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/30 08:11:47 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2008/09/25 19:34:32 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\User\Desktop\D Gagnon Resume.doc
[2008/09/25 14:39:37 | 00,204,630 | ---- | M] () -- C:\Documents and Settings\User\Desktop\scan0006.pdf
[2008/09/20 14:28:06 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/09/20 14:27:25 | 00,000,965 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Apartment Life.lnk
[2008/09/20 14:27:25 | 00,000,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\www.thesims3.com.lnk
[2008/09/19 16:28:37 | 00,090,948 | ---- | M] () -- C:\WINDOWS\System32\fvqrgqqkecd.dll-uninst.exe
[2008/09/19 08:46:26 | 00,351,232 | ---- | M] () -- C:\WINDOWS\System32\fvqrgqqkecd.dll
[2008/09/13 15:18:02 | 00,009,662 | ---- | M] () -- C:\WINDOWS\System32\pinkip.ico
[2008/09/11 21:51:01 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Joshua Gagnon Foster period 6.doc
[2008/09/10 21:51:50 | 00,200,735 | ---- | M] () -- C:\WINDOWS\System32\rmwnw64m.exe
[2008/09/10 21:19:20 | 00,064,852 | ---- | M] () -- C:\WINDOWS\System32\fbkzntpptwwqwkrg.exe
[2008/09/10 21:18:56 | 00,428,976 | ---- | M] () -- C:\WINDOWS\DWrvg.exe
[2008/09/10 21:18:47 | 00,153,352 | ---- | M] () -- C:\WINDOWS\System32\g67.exe
[2008/09/10 21:18:44 | 00,200,717 | ---- | M] () -- C:\WINDOWS\System32\dwwnw64r.exe
[2008/09/10 21:18:42 | 00,200,704 | ---- | M] () -- C:\WINDOWS\84.exe
[2008/09/10 21:18:31 | 00,102,400 | ---- | M] (M i r a r) -- C:\WINDOWS\mbd232.exe
[2008/09/10 14:45:04 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/08 08:43:22 | 00,295,936 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Doc1.doc
[2008/09/08 08:43:12 | 00,457,728 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Doc2.doc
< End of report >


Extra:

OTViewIt Extras logfile created on: 10/7/2008 3:58:32 PM - Run 9
OTViewIt by OldTimer - Version 1.0.10.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.73 Mb Total Physical Memory | 72.00 Mb Available Physical Memory | 14.55% Memory free
1.13 Gb Paging File | 0.47 Gb Available in Paging File | 41.17% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 52.91 Gb Free Space | 47.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 413.51 Gb Free Space | 88.78% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-VFU1L3L59
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 13:53:46 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2005/08/02 15:33:02 | 00,151,640 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1139967006\ee\AOLServiceHost.exe:*:Enabled:AOL Services
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Xfire\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst
[2008/04/13 20:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2006/11/27 23:17:45 | 01,225,216 | ---- | M] (Gateway Computers) -- C:\Program Files\Gateway\HPA\GWMenu.exe:*:Enabled:HPA/SCCD/SRCD New Code
File not found -- C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/10/10 13:53:46 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2005/11/02 23:01:14 | 00,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1139967006\ee\aolsoftware.exe:*:Enabled:AOL Services
[2006/01/09 15:31:29 | 00,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1139967006\ee\aim6.exe:*:Enabled:AIM
[2005/05/27 15:23:00 | 00,830,976 | ---- | M] (Lavasoft Sweden) -- C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe:*:Enabled:Ad-Aware SE Plus
File not found -- C:\Program Files\Comcast Rhapsody\WiseUpd2.exe:*:Enabled:Check For Comcast Rhapsody Update
File not found -- C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe:*:Enabled:Adobe Download Manager
[2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/04/21 00:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/04/20 21:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/04/20 23:43:46 | 00,087,640 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2006/02/17 00:19:34 | 00,192,512 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2006/02/16 22:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/04/21 00:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2006/02/15 10:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/04/21 00:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2006/02/09 16:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2006/02/09 16:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/04/20 23:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2006/02/19 05:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
File not found -- C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus
File not found -- C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster
[2006/06/21 10:58:33 | 00,159,744 | ---- | M] () -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2007/11/18 16:17:11 | 00,110,592 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
File not found -- C:\Nexon\KartRider\NMService.exe:*:Enabled:Nexon Messenger Core
File not found -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/03/30 10:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\Program Files\Spyware Doctor\FilterLSP.dll ()

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/01/29 10:08:23 | 00,868,352 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 10:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 10:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 10:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 05:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{04410044-9149-45C6-A806-F2BF9CFCE762}"=Microsoft Encarta Encyclopedia Standard 2004
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}"=SlideShow
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{0FE55E01-5D5A-4823-A71E-F4F5E8BB473D}"=TaxCut New Jersey 2007
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}"=cp_OnlineProjectsConfig
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}"=Sonic_PrimoSDK
"{319D9385-EEC1-4ae5-BFD1-C5DE1E063F30}"=Trend Micro Anti-Spyware
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}"=Microsoft Works Suite Add-in for Microsoft Word
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}"=SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}"=PanoStandAlone
"{4004E7A9-C6AF-4A1C-A4D9-FE63F163964C}"=Questionmark Secure Browser
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}"=CP_Package_Basic1
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{466B21EE-2858-4845-B2B3-056FC544DAA3}"=Logitech QuickCam
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}"=HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}"=Studio 8
"{57B2281D-A34A-4a48-8C68-169B8873659D}"=c4100_Help
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{663E217E-FC26-4249-9E8E-F190CD63E737}"=TaxCut Premium + State 2007
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}"=RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{6BCEB97B-F315-455D-BC2D-565A1A6781E8}"=Memeo AutoBackup
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{70B4227A-CA3A-4516-9E93-D419ECEE2834}"=Pinnacle Expression
"{7148F0A8-6813-11D6-A77B-00B0D0142000}"=Java 2 Runtime Environment, SE v1.4.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}"=Status
"{8704D51E-25B7-4F23-81E7-AA4F54790210}"=Microsoft Streets and Trips 2004
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}"=DocProc
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}"=DeductionPro 2007
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics 2 Driver
"{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}"=Microsoft Baseline Security Analyzer 2.0
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}"=The Sims 2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{911B0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{967FB56A-C665-2DCC-40B0-E23FC4D9487F}"=Search Assistant Mysidesearch
"{996512CF-F35B-48DE-9291-557FA5316967}"=ScannerCopy
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}"=InstantShareDevices
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}"=Intel® PROSet
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}"=cp_PosterPrintConfig
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6286A44-7505-471A-A72B-04EC2DB2F442}"=CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}"=CP_Panorama1Config
"{B6F5B704-06D3-4687-90F3-6195304AD755}"=The Sims™ 2 Apartment Life
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}"=HPSSupply
"{B9966F27-9678-4620-9579-925E3084647E}"=Microsoft Works
"{BC6D69DB-724A-4B12-A3AC-B54645F91395}"=MorphVOX Junior
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}"=HP Photosmart, Officejet and Deskjet 7.0.A
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}"=Windows Rights Management Client with Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}"=PhotoGallery
"{C544F99D-39EF-4E6D-95BE-4E41C1D8C4CB}"=Dr Watson for Microsoft Windows OneCare Live v1.0.0971.42
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}"=SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}"=C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}"=HP Update
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}"=Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}"=ABBYY FineReader 5.0 Sprint Plus
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}"=Microsoft Picture It! Photo Premium 9
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}"=TrayApp
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}"=The Sims™ 2 Seasons
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}"=MarketResearch
"{E5B26C1E-4751-4F03-BC18-634F41F31EC6}"=DoMore
"{EB807EB6-5179-48B7-98D4-7B4934A57A81}"=Documents To Go
"{EC905264-BCFE-423B-9C42-C3A106266790}"=Windows Rights Management Client Backwards Compatibility SP2
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}"=CP_CalendarTemplates1
"{F157460F-720E-482f-8625-AD7843891E5F}"=InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}"=Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}"=The Sims 2 Nightlife
"{F9B41170-7E44-480A-AD4A-CCD8FFFB3754}"=Master of the Skies - The Red Ace
"{FB15E224-67C3-491F-9F5C-F257BC418412}"=Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}"=DocumentViewer
"{FECA6067-869C-4F32-9F6E-574E1496CE44}"=Memeo AutoSync
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}"=palmOne
"Ad-Aware SE Plus"=Ad-Aware SE Plus
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Advanced GIF Animator_is1"=Advanced GIF Animator 3.0
"Aesop GIF Creator v.1.6_is1"=Aesop v.1.6
"agadoo"=Enhancement Browser Tools Agadoo
"AOL Instant Messenger"=AOL Instant Messenger
"Audacity_is1"=Audacity 1.2.6
"AviSynth"=AviSynth 2.5
"banneradsgalore"=Enhancement Browser Tools Banneradsgalore
"bannerstyle"=Enhancement Browser Tools Bannerstyle
"Call of Duty Game of the Year Edition"=Call of Duty Game of the Year Edition
"CCleaner"=CCleaner (remove only)
"CEP - Colour Enable Packages_is1"=CEP - Color Enable Package
"ComcastToolbar"=Comcast Toolbar
"DECCHECK"=Microsoft Windows XP Video Decoder Checkup Utility
"DeductionPro 2006"=DeductionPro 2006
"Deewoo Network Manager"=Deewoo Network Manager removal
"Digital Camera User's Manual"=Digital Camera User's Manual
"ewidoantispyware4"=ewido anti-spyware 4.0
"Gateway Drivers and Applications Recovery"=Gateway Drivers and Applications Recovery
"Gateway IE Customizations"=Gateway IE Customizations
"HijackThis"=HijackThis 2.0.2
"Hollywood FX 4.6"=Pinnacle Hollywood FX 4.6
"HP Document Viewer"=HP Document Viewer 7.0
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Photo & Imaging"=HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools"=HP Solution Center 7.0
"HPExtendedCapabilities"=HP Customer Participation Program 7.0
"HPOCR"=OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{4004E7A9-C6AF-4A1C-A4D9-FE63F163964C}"=Questionmark Secure Browser
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}"=iPod for Windows 2005-09-23
"Intel® 537EP Data Fax Modem"=Intel® 537EP Data Fax Modem
"InterActual Player"=InterActual Player
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"LimeWire"=LimeWire PRO 4.12.3
"Logitech Print Service"=Logitech Print Service
"Metronome"=Metronome
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2006b"=Microsoft Money 2006
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero OEM
"Nitto 1320 Legends_is1"=Nitto 1320 Legends Public Beta 0.9.9.96
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Pdf995"=Pdf995 (installed by TaxCut)
"PdfEdit995"=PdfEdit995 (installed by TaxCut)
"Photovista Panorama 2.02"=Photovista Panorama 2.02
"PictureIt_v9"=Microsoft Picture It! Photo Premium 9
"Pinnacle Hollywood FX Pack - Gateway FX"=Pinnacle Hollywood FX Pack - Gateway FX
"PROSet"=Intel® PRO Network Adapters and Drivers
"PX: {0755407D-BE9E-4D24-8FE4-39C2FBED6FA8}"=Gateway User's Guide
"QcDrv"=Logitech® Camera Driver
"Q-Xpress Installer"=Q-Xpress Installer 1.1.9
"RealArcade 1.2"=RealArcade
"RealPlayer 6.0"=RealPlayer
"Registry Mechanic_is1"=Registry Mechanic 8.0
"Rent Broadway Screensaver 1.0_is1"=Rent Broadway Screensaver 1.0
"Rhapsody"=Rhapsody
"ROXIO_PRISM_V4_0"=PhotoSuite 4 (Remove Only)
"Shop for HP Supplies"=Shop for HP Supplies
"Spam Monitor_is1"=Spam Monitor 2.5
"Spyware Doctor"=Spyware Doctor 6.0
"Stunt Track Driver"=Stunt Track Driver
"TaxCut Deluxe 2005"=TaxCut Deluxe 2005
"TaxCut Premium 2006"=TaxCut Premium 2006
"The Sims 2 Halloween Pack_is1"=The Sims 2 Halloween Pack V1.1
"The Weather Channel Screensaver"=The Weather Channel Screensaver
"Typing Quick & Easy"=Typing Quick & Easy
"ViewpointMediaPlayer"=Viewpoint Media Player
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA"=Windows Genuine Advantage Validation Tool
"whrkbslnihgiyf"=RON Tool Agadoo
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Works2004Setup"=Microsoft Works 2004 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{6BCEB97B-F315-455D-BC2D-565A1A6781E8}"=Memeo AutoBackup
"InstallShield_{FECA6067-869C-4F32-9F6E-574E1496CE44}"=Memeo AutoSync

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{6BCEB97B-F315-455D-BC2D-565A1A6781E8}"=Memeo AutoBackup
"InstallShield_{FECA6067-869C-4F32-9F6E-574E1496CE44}"=Memeo AutoSync

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2008 10:13:12 PM | Computer Name = OWNER-VFU1L3L59 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/29/2008 4:24:25 PM | Computer Name = OWNER-VFU1L3L59 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module ieui.dll, version 7.0.5730.11, fault address 0x000061b5.

Error - 9/29/2008 4:26:40 PM | Computer Name = OWNER-VFU1L3L59 | Source = Application Error | ID = 1001
Description = Fault bucket 882435608.

Error - 10/1/2008 6:40:49 PM | Computer Name = OWNER-VFU1L3L59 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2112 (0x840) Thread address : 0x120E7602 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\PROGRAM FILES\AIM\AIM.EXE

by **\AIM.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0)

Error - 10/2/2008 11:16:13 AM | Computer Name = OWNER-VFU1L3L59 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2208 (0x8a0) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\sejwdpusthuvqldjd.dll

by C:\WINDOWS\system32\g67.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/3/2008 2:32:55 PM | Computer Name = OWNER-VFU1L3L59 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 216 (0xd8) Thread address : 0x120E234E Thread message : Build VSCORE.14.0.0.349
/ 5200.2160 Object being scanned = \Device\HarddiskVolume1\WINDOWS\System32\DRIVERS\mohfilt.sys

by C:\WINDOWS\System32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/3/2008 8:54:22 PM | Computer Name = OWNER-VFU1L3L59 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/4/2008 8:44:02 PM | Computer Name = OWNER-VFU1L3L59 | Source = Application Error | ID = 1000
Description = Faulting application aim.exe, version 5.9.6089.0, faulting module
unknown, version 0.0.0.0, fault address 0x1221254f.

Error - 10/5/2008 8:31:05 AM | Computer Name = OWNER-VFU1L3L59 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application memeolauncher.exe, version 2.0.0.0, stamp 4697f036,
faulting module mscorwks.dll, version 2.0.50727.1433, stamp 471ef729, debug? 0,
fault address 0x001496a2.

Error - 10/6/2008 10:28:18 PM | Computer Name = OWNER-VFU1L3L59 | Source = Application Hang | ID = 1002
Description = Hanging application ncntrtdl.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/6/2008 10:25:31 PM | Computer Name = OWNER-VFU1L3L59 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
to connect.

Error - 10/6/2008 10:25:31 PM | Computer Name = OWNER-VFU1L3L59 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%1053

Error - 10/6/2008 10:27:45 PM | Computer Name = OWNER-VFU1L3L59 | Source = DCOM | ID = 10010
Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register
with DCOM within the required timeout.

Error - 10/6/2008 10:28:15 PM | Computer Name = OWNER-VFU1L3L59 | Source = DCOM | ID = 10010
Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register
with DCOM within the required timeout.

Error - 10/6/2008 10:28:55 PM | Computer Name = OWNER-VFU1L3L59 | Source = DCOM | ID = 10010
Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register
with DCOM within the required timeout.

Error - 10/7/2008 9:09:08 AM | Computer Name = OWNER-VFU1L3L59 | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%0

Error - 10/7/2008 9:11:44 AM | Computer Name = OWNER-VFU1L3L59 | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%0

Error - 10/7/2008 9:13:16 AM | Computer Name = OWNER-VFU1L3L59 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 10/7/2008 1:58:40 PM | Computer Name = OWNER-VFU1L3L59 | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%0

Error - 10/7/2008 3:45:22 PM | Computer Name = OWNER-VFU1L3L59 | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%0


< End of report >







Im doing the Kaspersky report right now i just wanted to post these two before the three day deadline is up

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:20 AM

Posted 07 October 2008 - 08:32 PM

Hello, ny1252.
I would remove your very old version of Ewido Anti-Spyware at this point; it doesn't work on anything recent, and we can install an alternative once you're free of malware :thumbsup:

Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent, Limewire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
Java™ 6 Update 2, Java™ 6 Update 3, Java™ 6 Update 5

You appear to have a Registry Cleaner installed!
The following is referring to Registry Mechanic
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :processes
    rmwnw64m.exe
    :files
    C:\WINDOWS\system32\rmwnw64m.exe
    C:\WINDOWS\system32\fvqrgqqkecd.dll
    C:\WINDOWS\system32\sejwdpusthuvqldjd.dll
    C:\windows\system32\rmwnw64m.exe
    C:\WINDOWS\system32\ncntrtdl.exe
    C:\WINDOWS\system32\sejwdpusthuvqldjd.dll
    C:\WINDOWS\*.tmp
    C:\WINDOWS\System32\fvqrgqqkecd.dll-uninst.exe
    C:\WINDOWS\System32\rmwnw64m.exe
    C:\WINDOWS\System32\whrkbslnihgiyf.exe
    C:\WINDOWS\System32\fbkzntpptwwqwkrg.exe
    C:\WINDOWS\DWrvg.exe
    C:\WINDOWS\System32\g67.exe
    C:\WINDOWS\System32\dwwnw64r.exe
    C:\WINDOWS\84.exe
    C:\WINDOWS\mbd232.exe
    C:\WINDOWS\System32\ncntrtdl.exe
    C:\Program Files\Morpheus
    C:\Program Files\Blubster
    C:\WINDOWS\system32\g67.exe
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B5DE00F-F305-4C01-8A50-63769D3F2A33}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA7ABBF-E91B-46BB-8BE1-F3285539DD3A}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc2ce10b-739e-3112-ee83-fbec941dbed5}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c170ea68-789e-6fb8-e938-803548cebaa5]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7EFBC57C-CD57-481F-B794-648FCE9C9116}"=-
    [HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7EFBC57C-CD57-481F-B794-648FCE9C9116}"=-
    [HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7EFBC57C-CD57-481F-B794-648FCE9C9116}"=-
    [HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}"=-
    [HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7EFBC57C-CD57-481F-B794-648FCE9C9116}"=-
    [HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{C4069E3A-68F1-403E-B40E-20066696354B}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "{22-2E-E4-4F-DW}"=-
    "ExploreUpdSched"=-
    "rorkcrruezpzpdqrq"=-
    [HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "LogMeInRescue_1679136335"=-
    [-HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar Search]
    [-HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar Search]
    [-HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-500\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar Search]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping]
    "{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}"=-
    "{3369AF0D-62E9-4bda-8103-B4C75499B578}"=-
    [HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping]
    "{3369AF0D-62E9-4bda-8103-B4C75499B578}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebcd]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Morpheus\Morpheus.exe"=-
    "C:\Program Files\Blubster\Blubster.exe"=-
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 ny1252

ny1252
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 08 October 2008 - 06:00 AM

Here is my kaspersky scan report sry its up a little late - i had to let it go overnight.




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 8, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 07, 2008 20:18:06
Records in database: 1298312
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\

Scan statistics:
Files scanned: 168309
Threat name: 12
Infected objects: 22
Suspicious objects: 0
Duration of the scan: 06:32:03


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Documents\My Music\[Full] grand theft auto san anderas with Bonus.zip Infected: not-a-virus:AdWare.Win32.TrafficSol.m 1
C:\Documents and Settings\All Users\Documents\My Music\[Full] grand theft auto san anderas with Bonus.zip Infected: not-a-virus:AdWare.Win32.BHO.jj 1
C:\Documents and Settings\Jo$h\Desktop\My Music\youll get over it 192kb.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\Jo$h\Local Settings\Temp\Mirar_V55_876968_LOG_IESC_AFF_ATD_TID_noMDNS_RPT_AVM.exe Infected: not-a-virus:AdWare.Win32.Mirar.ai 1
C:\Documents and Settings\Jo$h\My Documents\My Music\03 Track 3 (rent).wm Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Jo$h\My Documents\My Music\07 Track 7 (rent).wm Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Jo$h\My Documents\My Music\Eighties classic (rent).wm Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Jo$h\My Documents\My Music\Wicked Remix (rent).wm Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\User\Desktop\Backup.bkf Infected: Trojan.JS.Offiz 1
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1
C:\WINDOWS\84.exe Infected: Trojan-Downloader.Win32.Agent.afys 1
C:\WINDOWS\DWrvg.exe Infected: Trojan-Clicker.Win32.Agent.bip 1
C:\WINDOWS\mbd232.exe Infected: not-a-virus:AdWare.Win32.NetNucleus.c 1
C:\WINDOWS\system32\dwwnw64r.exe Infected: Trojan-Downloader.Win32.Agent.afys 1
C:\WINDOWS\system32\g67.exe Infected: Trojan-Clicker.Win32.Agent.buj 1
C:\WINDOWS\system32\ncntrtdl.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ca 1
C:\WINDOWS\system32\rmwnw64m.exe Infected: Trojan-Downloader.Win32.Agent.afys 1
F:\justin 2\cassidy-i get high 192kb.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
F:\My Documents\My Music\03 Track 3 (rent).wm Infected: Trojan-Downloader.WMA.Wimad.k 1
F:\My Documents\My Music\07 Track 7 (rent).wm Infected: Trojan-Downloader.WMA.Wimad.k 1
F:\My Documents\My Music\Eighties classic (rent).wm Infected: Trojan-Downloader.WMA.Wimad.k 1
F:\My Documents\My Music\Wicked Remix (rent).wm Infected: Trojan-Downloader.WMA.Wimad.k 1

The selected area was scanned.

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:20 AM

Posted 08 October 2008 - 07:10 PM

No problem.. I know KAV takes a long time.. :thumbsup:

Please follow the instructions I posted before you posted the kaspersky scan :)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 ny1252

ny1252
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 08 October 2008 - 07:51 PM

OTMovieIt3:







========== PROCESSES ==========
Unable to kill process: rmwnw64m.exe
========== FILES ==========
File/Folder C:\WINDOWS\system32\rmwnw64m.exe not found.
File/Folder C:\WINDOWS\system32\fvqrgqqkecd.dll not found.
File/Folder C:\WINDOWS\system32\sejwdpusthuvqldjd.dll not found.
File/Folder C:\windows\system32\rmwnw64m.exe not found.
File/Folder C:\WINDOWS\system32\ncntrtdl.exe not found.
File/Folder C:\WINDOWS\system32\sejwdpusthuvqldjd.dll not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\System32\fvqrgqqkecd.dll-uninst.exe not found.
File/Folder C:\WINDOWS\System32\rmwnw64m.exe not found.
File/Folder C:\WINDOWS\System32\whrkbslnihgiyf.exe not found.
File/Folder C:\WINDOWS\System32\fbkzntpptwwqwkrg.exe not found.
File/Folder C:\WINDOWS\DWrvg.exe not found.
File/Folder C:\WINDOWS\System32\g67.exe not found.
File/Folder C:\WINDOWS\System32\dwwnw64r.exe not found.
File/Folder C:\WINDOWS\84.exe not found.
File/Folder C:\WINDOWS\mbd232.exe not found.
File/Folder C:\WINDOWS\System32\ncntrtdl.exe not found.
File/Folder C:\Program Files\Morpheus not found.
File/Folder C:\Program Files\Blubster not found.
File/Folder C:\WINDOWS\system32\g67.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B5DE00F-F305-4C01-8A50-63769D3F2A33}\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA7ABBF-E91B-46BB-8BE1-F3285539DD3A}\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc2ce10b-739e-3112-ee83-fbec941dbed5}\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c170ea68-789e-6fb8-e938-803548cebaa5\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7EFBC57C-CD57-481F-B794-648FCE9C9116} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EFBC57C-CD57-481F-B794-648FCE9C9116}\ not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7EFBC57C-CD57-481F-B794-648FCE9C9116} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EFBC57C-CD57-481F-B794-648FCE9C9116}\ not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7EFBC57C-CD57-481F-B794-648FCE9C9116} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EFBC57C-CD57-481F-B794-648FCE9C9116}\ not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry key HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{22-2E-E4-4F-DW} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22-2E-E4-4F-DW}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ExploreUpdSched not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\rorkcrruezpzpdqrq not found.
Registry value HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\LogMeInRescue_1679136335 not found.
Registry key HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar Search\\ not found.
Registry key HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1008\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar Search\\ not found.
Registry key HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-500\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar Search\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ not found.
Registry key HKEY_USERS\S-1-5-21-1801674531-2049760794-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebcd\\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Morpheus\Morpheus.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Blubster\Blubster.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\fb_5044.lck scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF3C5A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFD385.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\fb_1712.lck scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_2Jer9bKWE6UFtv5 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_StkIz4X74HjG279 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_vycKCRu2vJMGfMo scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10082008_204900

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:20 AM

Posted 08 October 2008 - 08:17 PM

Hello, ny1252.

Hmm.. that's strange. Please follow these instructions :thumbsup:

We need to run ComboFix.In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 ny1252

ny1252
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 12 October 2008 - 03:00 PM

I'm having a little trouble with combofix..... i followed the guide and i installed the Windows Recovery but once its done installing a message appears saying "once the scan is finished combofix will restart your computer and delete infections"

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:20 AM

Posted 12 October 2008 - 03:06 PM

Yes.. that's normal... what's the problem there?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:20 AM

Posted 15 October 2008 - 08:22 PM

Hello, ny1252.
Are you still here?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:20 AM

Posted 19 October 2008 - 09:16 PM

Hello, ny1252.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users