Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Took Over Desktop, Think It's Gone...


  • This topic is locked This topic is locked
16 replies to this topic

#1 Jack-o

Jack-o

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 04 October 2008 - 09:47 PM

Was having problems with a virus about a couple weeks ago that put up a warning on my desktop that said my computer was infected. It kept coming back even after deleting the virus on my computer with avast. After getting multiple anti virus programs (don't remember all but main one was spyware doctor) the amount of viruses found each day went down.

Most viruses that kept coming back came back in my temp folder so i tried deleting the folder altogether. This actually seemed to work but after rebooting the desktop would load, restarted again and it loaded fine. But a few times after that the same thing happened.

I'm pretty worried the infection might still be there and i found this site so thought maybe someone could help. The only viruses Spyware doctor finds now are Adware.Advertising, and Application.TrackingCookies, but wanted to make sure.

Thank you much!

Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:04 PM, on 10/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [in3] C:\Documents and Settings\Matt\Local Settings\Temp\.tt9.tmp.exe /CR=09502FFA8BDF757D6F816904DDEAE1C00311B3CA8C6C863041721776FC16F142BC1BCEEBD0E0840080114B03FBE8C17DD4C3AEE4A1A1D3245E8C17C22418300045F5AF4AC7546A6BFD2722F37B290FD7290B9C
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Killer Tray Menu.lnk = ?
O4 - Global Startup: OSCust.lnk = C:\WINDOWS\system32\OEM\OSCust.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Killer Port Manager - Unknown owner - C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 11339 bytes

BC AdBot (Login to Remove)

 


m

#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:53 PM

Posted 13 October 2008 - 04:52 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Jack-o

Jack-o
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 16 October 2008 - 06:00 PM

OTViewIt logfile created on: 10/15/2008 2:18:43 PM - Run
OTViewIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.58% Memory free
3.85 Gb Paging File | 2.83 Gb Available in Paging File | 73.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 66.23 Gb Free Space | 28.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-9F64BACA3
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/08/27 14:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/10/25 17:53:42 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
[2007/09/13 18:43:44 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
[2007/12/20 18:53:37 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgemc.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/04/09 21:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2008/06/04 10:14:56 | 00,237,568 | ---- | M] () -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
[2007/02/23 11:25:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
[2008/08/25 11:36:34 | 01,077,640 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
[2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2006/08/28 12:23:44 | 05,527,040 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
[2005/11/09 01:33:42 | 05,264,384 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/08/25 11:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
[2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2008/04/13 20:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006/09/12 19:58:14 | 16,264,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2008/06/27 17:54:18 | 00,580,096 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
[2008/07/19 10:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2007/08/08 15:53:16 | 00,088,024 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
[2007/07/12 04:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/12/13 17:43:22 | 02,051,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
[2007/12/13 17:57:24 | 02,095,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
[2006/11/16 19:04:20 | 00,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2007/12/13 17:43:02 | 00,481,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
[2007/09/16 17:59:09 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/12/13 17:42:52 | 00,558,104 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
[2008/08/11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2007/12/13 17:43:30 | 00,416,280 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
[2007/12/13 17:43:12 | 00,461,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
[2006/11/16 18:58:32 | 00,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
[2006/12/19 09:02:58 | 02,842,624 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/06/04 13:22:48 | 00,614,400 | ---- | M] (Bigfoot Networks, Inc.) -- C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
[2008/08/11 17:46:50 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
[2007/07/12 04:00:36 | 00,325,008 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
[2008/09/28 06:05:19 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/15 14:18:24 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/08/27 14:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2007/10/25 17:53:42 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2007/09/13 18:43:44 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2007/12/20 18:53:37 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/04/09 21:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/09/13 19:01:17 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/06/04 10:14:56 | 00,237,568 | ---- | M] () -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe -- (Killer Port Manager [Auto | Running])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2006/11/10 19:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/02/23 11:25:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
[2008/08/25 11:36:34 | 01,077,640 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
[2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (WUSB54GCSVC [Auto | Running])
File not found -- -- (WUSB54Gv42SVC [Auto | Running])

========== Driver Services ==========

[2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2008/07/19 10:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2008/05/23 16:53:11 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2007/02/06 15:05:14 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
[2008/07/19 10:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 10:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 10:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 10:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 10:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2007/10/25 17:53:40 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2007/09/13 18:43:46 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2007/09/13 18:43:46 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2007/12/20 18:53:37 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2007/09/13 18:43:46 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/08/25 11:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/08/25 11:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/08/25 11:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2006/09/12 22:27:00 | 04,381,184 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/04/13 14:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2008/05/14 17:59:28 | 00,103,072 | ---- | M] (Bigfoot Networks, Inc.) -- C:\WINDOWS\system32\drivers\NetB834x.sys -- (NetB834x [On_Demand | Running])
[2008/05/14 12:04:16 | 00,022,048 | ---- | M] (Bigfoot Networks, Inc.) -- C:\WINDOWS\system32\drivers\NetBEdge.sys -- (NetbEdge [On_Demand | Running])
[2007/02/23 11:25:00 | 05,749,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/09/21 16:39:16 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/09/21 15:39:16 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2006/08/07 16:39:22 | 00,052,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/08/07 16:39:24 | 00,018,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2008/09/22 14:23:35 | 00,160,792 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctfw2.sys -- (pctfw2 [System | Running])
[2005/12/28 12:05:09 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/08/15 18:33:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/11/24 19:51:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2002/11/20 19:45:50 | 00,002,218 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv [On_Demand | Stopped])
[2005/12/28 12:05:50 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2005/10/17 19:50:06 | 00,245,376 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.alienware.com

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.alienware.com

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (763 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
192.168.254.2 mykillernic

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{348FE907-249E-4C65-A838-F34A193FE1D1} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAWTray"=C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe ()
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"in3"=C:\Documents and Settings\Matt\Local Settings\Temp\.tt9.tmp.exe /CR=09502FFA8BDF757D6F816904DDEAE1C00311B3CA8C6C863041721776FC16F142BC1BCEEBD0E0840080114B03FBE8C17DD4C3AEE4A1A1D3245E8C17C22418300045F5AF4AC7546A6BFD2722F37B290FD7290B9C File not found
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" (Logitech Inc.)
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE (Logitech Inc.)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdwareAlert"=C:\Program Files\AdwareAlert\AdwareAlert.exe -boot File not found
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"Fraps"=C:\FRAPS\FRAPS.EXE (Beepa P/L)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdwareAlert"=C:\Program Files\AdwareAlert\AdwareAlert.exe -boot File not found
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"Fraps"=C:\FRAPS\FRAPS.EXE (Beepa P/L)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2004/12/14 05:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/06/04 13:22:48 | 00,614,400 | ---- | M] (Bigfoot Networks, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Killer Tray Menu.lnk = C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
[2007/08/17 15:53:44 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OSCust.lnk = C:\WINDOWS\system32\OEM\OSCust.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0
"DisableRegistryTools"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007/09/13 13:31:40 | 01,312,040 | ---- | M] (Skype Technologies S.A.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2007/09/13 13:31:40 | 01,312,040 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2007/09/13 13:31:40 | 01,312,040 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{3DCEC959-378A-4922-AD7E-FD5C925D927F}: http://disney.go.com/pirates/online/testAc...OnlineGames.cab -- Disney Online Games ActiveX Control
{4E218431-2F07-40BD-A9D3-035324C1F13F}: http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB -- DyynoX Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0ADBFE6F-7928-4B70-881C-661AADEFD2AB} (Servers: | Description: Killer NIC NDIS EDGE Interface)
{18EEF5FD-8F01-423E-830C-3E2271885398} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{1FEF0A39-ED98-45A3-8E63-995761DCA51B} (Servers: | Description: Compact Wireless-G USB Adapter)
{370CAF65-7566-4C86-B534-ED6EDB80284F} (Servers: | Description: NVIDIA nForce Networking Controller)
{3B3811EE-CDCA-4E99-80E9-BF196B56B610} (Servers: | Description: Compact Wireless-G USB Adapter)
{5522BF02-B487-451D-95EF-A743793595E6} (Servers: | Description: NVIDIA nForce Networking Controller)
{63B28D2B-0C9F-43D9-B04D-1E18ECFA1CDF} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{70ABD996-5194-4568-8760-B1E459C2778E} (Servers: | Description: Compact Wireless-G USB Adapter)
{8C4F4841-DC8E-480C-8AA0-7A205FC9E442} (Servers: | Description: )
{9182C5B1-6A51-4A99-934E-11B77B89266F} (Servers: | Description: Compact Wireless-G USB Adapter)
{98CA39BE-9340-427E-9912-8F8481A364CC} (Servers: | Description: Compact Wireless-G USB Adapter)
{AC0C12B0-6533-4F31-88AD-E9253FC4C706} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{B9157CE0-4AD9-47E4-A427-CBE8425DE4A7} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{D842D95F-1019-44A5-9662-92EC07EC3E64} (Servers: | Description: Compact Wireless-G USB Adapter)
{F3E7078B-E600-4254-9D2A-920F4D16B71D} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WB: "DllName" = C:\Program Files\AlienGUIse\fastload.dll -- C:\Program Files\AlienGUIse\fastload.dll (Stardock)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/11/02 14:24:54 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[5 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/15 14:18:24 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTViewIt.exe
[2008/10/14 14:35:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2008/10/12 16:13:34 | 06,434,794 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\HunterPoV1.wmv
[2008/10/12 13:29:41 | 00,003,306 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Indian Dream.rtf
[2008/10/11 23:32:03 | 00,009,858 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Kookies2beta.wme
[2008/10/11 20:48:37 | 43,120,8225 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Kookies2Project.wmv
[2008/10/11 20:36:57 | 00,371,885 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Jibbs - King Kong.mp3
[2008/10/11 20:09:58 | 04,757,504 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\20-lil_wayne-stuntin_like_my_daddy_(live_in_atlanta).mp3
[2008/10/11 19:24:04 | 06,222,116 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\1708099.mp3
[2008/10/11 18:49:57 | 06,947,469 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\T.I - Big Things Poppin.mp3
[2008/10/11 17:33:01 | 00,173,944 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg
[2008/10/11 17:33:01 | 00,171,128 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg.bak
[2008/10/11 17:00:17 | 05,004,728 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Kanye-West-Jesus-Walks.mp3
[2008/10/11 16:22:10 | 06,053,469 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\11. life goes on.mp3
[2008/10/11 15:46:08 | 07,080,222 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\The Brighter Side Of Suffering.mp3
[2008/10/04 22:23:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 4 (complete DVDRip)
[2008/10/04 14:24:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 5 (complete DVDRip)
[2008/10/04 14:16:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 3 (complete DVDRip)
[2008/10/04 14:14:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 1 (complete DVDRip)
[2008/10/04 13:58:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 2 (complete DVDRip)
[2008/09/28 23:22:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\Downloads
[2008/09/28 23:14:57 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\µTorrent.lnk
[2008/09/28 23:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2008/09/28 23:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2008/09/28 18:39:05 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/25 15:47:27 | 00,062,233 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\The Beggining of my Dehumanization.rtf
[2008/09/25 14:50:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Matt\My Documents\My Pictures
[2008/09/24 14:23:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\My Received Files
[2008/09/24 01:15:08 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/09/24 01:15:08 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/09/24 01:03:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\VIRUSPWNR
[2008/09/24 00:56:40 | 21,459,47648 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/24 00:16:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/09/24 00:03:41 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/09/24 00:03:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/09/24 00:02:22 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/24 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/09/24 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/09/23 23:42:19 | 00,000,000 | ---D | C] -- C:\327882R2FWJFW
[2008/09/23 23:29:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Screenshots
[2008/09/23 23:27:59 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/23 23:27:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\skypePM
[2008/09/23 23:23:18 | 00,000,000 | ---D | C] -- C:\NV31203156.TMP
[2008/09/23 23:23:18 | 00,000,000 | ---D | C] -- C:\NV22923076.TMP
[2008/09/22 14:25:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2008/09/22 14:25:17 | 00,160,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctfw2.sys
[2008/09/22 14:23:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2008/09/21 22:17:47 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2008/09/21 21:45:25 | 00,000,000 | ---D | C] -- C:\!KillBox
[2008/09/21 21:33:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Uniblue
[2008/09/21 21:33:46 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2008/09/21 21:33:40 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2008/09/21 21:18:20 | 00,000,494 | ---- | C] () -- C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
[2008/09/21 21:18:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\AdwareAlert
[2008/09/21 21:09:37 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2008/09/21 21:09:37 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2008/09/21 21:09:37 | 00,040,840 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2008/09/21 21:09:37 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\kcom.sys
[2008/09/21 21:09:31 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2008/09/21 21:09:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\PC Tools
[2008/09/21 01:51:42 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Wrath of the Lich King Beta.lnk
[2008/09/20 20:26:40 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/09/20 20:22:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/20 13:40:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2008/09/20 13:39:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2008/09/20 13:39:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/09/20 13:39:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/09/20 13:39:35 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/09/20 13:39:35 | 00,000,000 | ---D | C] -- C:\QooBox
[2008/09/20 13:39:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\swsc.exe
[2008/09/20 13:39:34 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/09/20 13:39:34 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/09/20 13:39:34 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/09/20 13:22:20 | 00,002,452 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/20 12:02:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/19 20:28:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/19 20:22:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/19 20:22:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/19 20:22:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/19 20:22:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/19 20:20:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/19 20:17:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

========== Files - Modified Within 30 Days ==========

[5 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/15 14:18:24 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTViewIt.exe
[2008/10/15 14:12:38 | 00,000,160 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Bandwidth.xml
[2008/10/15 14:12:28 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/15 14:11:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/15 14:11:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/15 14:10:59 | 21,459,47648 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/14 22:19:58 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/14 14:57:04 | 00,000,865 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2008/10/13 22:51:51 | 00,211,456 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/13 03:00:00 | 00,000,494 | ---- | M] () -- C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
[2008/10/12 16:13:57 | 06,434,794 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\HunterPoV1.wmv
[2008/10/12 13:29:41 | 00,003,306 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Indian Dream.rtf
[2008/10/11 23:32:03 | 00,009,858 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Kookies2beta.wme
[2008/10/11 22:37:09 | 00,173,944 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg
[2008/10/11 22:21:53 | 43,120,8225 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Kookies2Project.wmv
[2008/10/11 20:43:03 | 00,171,128 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg.bak
[2008/10/11 20:36:57 | 00,371,885 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Jibbs - King Kong.mp3
[2008/10/11 20:10:39 | 04,757,504 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\20-lil_wayne-stuntin_like_my_daddy_(live_in_atlanta).mp3
[2008/10/11 19:24:32 | 06,222,116 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\1708099.mp3
[2008/10/11 18:51:20 | 06,947,469 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\T.I - Big Things Poppin.mp3
[2008/10/11 17:37:34 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/11 17:00:50 | 05,004,728 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Kanye-West-Jesus-Walks.mp3
[2008/10/11 16:22:28 | 06,053,469 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\11. life goes on.mp3
[2008/10/11 15:48:30 | 07,080,222 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\The Brighter Side Of Suffering.mp3
[2008/10/05 23:37:01 | 00,062,233 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\The Beggining of my Dehumanization.rtf
[2008/10/03 17:49:13 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/30 04:12:14 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/09/28 23:14:57 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\µTorrent.lnk
[2008/09/28 18:39:05 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/28 08:29:03 | 04,317,722 | -H-- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\IconCache.db
[2008/09/24 15:17:13 | 00,101,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/24 14:53:47 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/24 14:35:38 | 00,000,208 | -HS- | M] () -- C:\boot.ini
[2008/09/24 01:16:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/24 01:15:08 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/09/24 00:16:41 | 00,511,210 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/24 00:16:41 | 00,441,954 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/24 00:16:41 | 00,071,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/24 00:15:03 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Windows Media Player.lnk
[2008/09/24 00:03:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/24 00:03:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/24 00:02:56 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/09/24 00:02:22 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/24 00:01:18 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/23 23:27:59 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/23 14:54:11 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Wrath of the Lich King Beta.lnk
[2008/09/22 14:23:35 | 00,160,792 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctfw2.sys
[2008/09/21 22:17:47 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2008/09/20 13:22:20 | 00,002,452 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/20 12:02:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/09/19 20:19:21 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/19 17:33:20 | 00,000,138 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
< End of report >

OTViewIt Extras logfile created on: 10/15/2008 2:18:43 PM - Run
OTViewIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.58% Memory free
3.85 Gb Paging File | 2.83 Gb Available in Paging File | 73.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 66.23 Gb Free Space | 28.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-9F64BACA3
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=1
"DoNotAllowExceptions"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/17 17:53:39 | 00,510,976 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
[2007/10/25 17:53:42 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008/06/27 17:54:18 | 00,580,096 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2007/12/20 18:53:37 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
[2008/10/14 14:56:04 | 01,077,904 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/30 10:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/11/16 15:24:09 | 00,200,704 | ---- | M] () -- C:\UT2004Demo\System\UT2004.exe:*:Enabled:UT2004
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\World of Warcraft\WoWTest\WoW-0.4.3.8478-to-0.4.3.8536-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2008/09/28 23:14:57 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/08/11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000032 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000033 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000034 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000035 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000036 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000037 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000038 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000039 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000040 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000041 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000042 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000043 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000044 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000045 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000046 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/11 17:46:50 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0523EAF4-402C-4435-A0DA-13C40193D811}"=Logitech GamePanel Software 2.02
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{18039280-98B7-4C5E-AAC0-10EBC9731033}"=Nero 7 Essentials
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{49A141D3-78CF-45EA-93A8-541E08FDB719}"=Killer Driver
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.5
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7C9AD221-994C-45B2-B46D-26F5735158CF}"=Sony Vegas Pro 8.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}"=Linksys Wireless-G USB Network Adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}"=Uniblue RegistryBooster 2009
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}"=Compact Wireless-G USB Adapter
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AlienGUIse Theme Manager"=AlienGUIse Theme Manager
"avast!"=avast! Antivirus
"AVG7Uninstall"=AVG 7.5
"DyynoPlayer"=DyynoPlayer 0.8.6f
"ffdshow_is1"=ffdshow [rev 1945] [2008-04-17]
"Fraps"=Fraps (remove only)
"Glitchy's Model Editing Suite_is1"=Glitchys MES 2.6
"Google Video Uploader"=Google Video Uploader
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"KB888111WXPSP2"=High Definition Audio Driver Package - KB888111
"KB888316"=Windows XP Media Center Edition 2005 KB888316
"KB900325"=Update Rollup 2 for Windows XP Media Center Edition 2005
"KB925766"=Windows XP Media Center Edition 2005 KB925766
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"Spyware Doctor"=Spyware Doctor 6.0
"Uniblue RegistryBooster 2009"=Uniblue RegistryBooster 2009
"UT2004-Demo"=Unreal Tournament 2004 Demo
"ViewpointMediaPlayer"=Viewpoint Media Player
"WIC"=Windows Imaging Component
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"Wrath of the Lich King Beta"=Wrath of the Lich King Beta
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"538e2a4af313161a"=FasterPing
"Octoshape Streaming Services"=Octoshape Streaming Services
"uTorrent"=µTorrent
"Wow Web Stats Client v2.4"=Wow Web Stats Client v2.4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-416865268-2551078542-2111253237-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"538e2a4af313161a"=FasterPing
"Octoshape Streaming Services"=Octoshape Streaming Services
"uTorrent"=µTorrent
"Wow Web Stats Client v2.4"=Wow Web Stats Client v2.4

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/14/2007 7:32:18 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\6B9.tmp failed, 00000005.

Error - 10/14/2007 8:07:33 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\742.tmp failed, 00000005.

Error - 10/24/2007 8:33:00 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\276.tmp failed, 00000005.

Error - 10/24/2007 9:23:13 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\328.tmp failed, 00000005.

Error - 2/28/2008 12:51:28 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\1C9.tmp failed, 00000005.

Error - 2/28/2008 1:01:31 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\1E4.tmp failed, 00000005.

Error - 8/24/2008 4:55:05 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.xbox.com/NR/rdonlyres/BD9381B2-...xheroes1000.xml
failed, 0000A413.

Error - 9/23/2008 5:52:14 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnFileEmailToAlwilSoftware()
basNetAlert() failed: 42011.

Error - 9/23/2008 5:52:52 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = SMTP server response: 421 Cannot connect to SMTP server 192.168.2.101
(192.168.2.101:25), connect error 10061 .

Error - 9/23/2008 5:59:26 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnFileEmailToAlwilSoftware()
basNetAlert() failed: 42011.

[ Application Events ]
Error - 10/11/2008 9:00:17 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1001
Description = Fault bucket 568249593.

Error - 10/11/2008 10:24:21 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/11/2008 10:25:29 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x02383fff.

Error - 10/11/2008 10:25:38 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1001
Description = Fault bucket 964709388.

Error - 10/11/2008 10:26:42 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x02383fff.

Error - 10/12/2008 1:55:08 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x03ff9215.

Error - 10/13/2008 1:17:50 AM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2008 5:20:44 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2008 6:05:16 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2008 6:05:17 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/13/2008 10:34:50 AM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/14/2008 6:20:27 AM | Computer Name = OWNER-9F64BACA3 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.13.58.101 for the Network Card with network
address 0014BF7A7DC6 has been denied by the DHCP server 0.13.58.30 (The DHCP Server
sent a DHCPNACK message).

Error - 10/14/2008 6:20:31 AM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/14/2008 6:20:42 AM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/14/2008 2:10:22 PM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/15/2008 5:57:43 AM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/15/2008 6:10:20 AM | Computer Name = OWNER-9F64BACA3 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.13.58.104 for the Network Card with network
address 0014BF7A7DC6 has been denied by the DHCP server 0.13.58.30 (The DHCP Server
sent a DHCPNACK message).

Error - 10/15/2008 6:10:23 AM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/15/2008 2:11:09 PM | Computer Name = OWNER-9F64BACA3 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.13.58.100 for the Network Card with network
address 0014BF7A7DC6 has been denied by the DHCP server 0.13.58.30 (The DHCP Server
sent a DHCPNACK message).

Error - 10/15/2008 2:11:14 PM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044


< End of report >

KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 16, 2008 18:24:28
Records in database: 1316742
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 57777
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 00:40:33

File name Threat name Threats count
C:\Documents and Settings\Matt\Desktop\VIRUSPWNR\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Matt\Desktop\VIRUSPWNR\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
The selected area was scanned.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:53 PM

Posted 16 October 2008 - 07:24 PM

Hello, Jack-o.

192.168.254.2 mykillernic

This a high preformance machine or somepin LOL :thumbsup:

Your logs show existance (Or possibly failed removal) of the VERY OLD anti-virus AVG 7. If you have removed this app, let me know, so I can clean up the leftovers. Otherwise you should remove AVG from Add/Remove Programs.

If you have already removed it let me know ;)

Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

We need to disable SpyBot Search and Destroy's "Tea Timer"
  • Launch SpyBot Search and Destroy, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit/Close Spybot S&D when done.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348FE907-249E-4C65-A838-F34A193FE1D1}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "in3"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdwareAlert"=-
    :files
    C:\Documents and Settings\Matt\Local Settings\Temp\.tt9.tmp.exe
    C:\Program Files\AdwareAlert
    C:\DOCUME~1\Matt\LOCALS~1\Temp\???.tmp
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
You appear to have a Registry Cleaner installed!
The following is referring to Uniblue RegistryBooster 2009
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • A New OTVIewIt Main.txt
  • A New OTViewIt Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Jack-o

Jack-o
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 17 October 2008 - 08:28 PM

hehe, it is a high preformance machine ;) I'm aware of utorrents risks however I am fine with it because i only downloaded after i had thought i suppressed the virus; and i mainly download gaming applications from peers so copyright isn't an issue. i uninstalled AVG 7.5 and spybot's tea thing was already disabled.

the MoveIt;

Error: Unable to interpret <reg> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348FE907-249E-4C65-A838-F34A193FE1D1}]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]> in the current context!
Error: Unable to interpret <"in3"=-> in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]> in the current context!
Error: Unable to interpret <"AdwareAlert"=-> in the current context!
========== FILES ==========
File/Folder C:\Documents and Settings\Matt\Local Settings\Temp\.tt9.tmp.exe not found.
File/Folder C:\Program Files\AdwareAlert not found.
C:\DOCUME~1\Matt\LOCALS~1\Temp\AC9.tmp moved successfully.
C:\DOCUME~1\Matt\LOCALS~1\Temp\ACA.tmp moved successfully.
C:\DOCUME~1\Matt\LOCALS~1\Temp\ACB.tmp moved successfully.
C:\DOCUME~1\Matt\LOCALS~1\Temp\ACC.tmp moved successfully.
C:\DOCUME~1\Matt\LOCALS~1\Temp\ACD.tmp moved successfully.
C:\DOCUME~1\Matt\LOCALS~1\Temp\ACE.tmp moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Matt\LOCALS~1\Temp\etilqs_NsaCpYJ9iAMMVppd4IxY scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Matt\LOCALS~1\Temp\fla65.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10172008_210541

Files moved on Reboot...
File C:\DOCUME~1\Matt\LOCALS~1\Temp\etilqs_NsaCpYJ9iAMMVppd4IxY not found!
File C:\DOCUME~1\Matt\LOCALS~1\Temp\fla65.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_2b8.dat moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\XUL.mfl moved successfully.



OTViewIt logfile created on: 10/17/2008 9:13:48 PM - Run 2
OTViewIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.46% Memory free
3.85 Gb Paging File | 2.84 Gb Available in Paging File | 73.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 68.69 Gb Free Space | 29.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-9F64BACA3
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/08/27 14:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/04/09 21:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2008/06/04 10:14:56 | 00,237,568 | ---- | M] () -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
[2007/02/23 11:25:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
[2008/08/25 11:36:34 | 01,077,640 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
[2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
[2006/08/28 12:23:44 | 05,527,040 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
[2005/11/09 01:33:42 | 05,264,384 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/08/25 11:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
[2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2008/04/13 20:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006/09/12 19:58:14 | 16,264,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2008/07/19 10:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2007/08/08 15:53:16 | 00,088,024 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
[2007/07/12 04:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/12/13 17:43:22 | 02,051,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
[2007/12/13 17:57:24 | 02,095,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
[2007/12/13 17:43:02 | 00,481,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
[2006/11/16 19:04:20 | 00,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2007/09/16 17:59:09 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/12/13 17:42:52 | 00,558,104 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
[2007/12/13 17:43:30 | 00,416,280 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
[2008/08/11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2007/12/13 17:43:12 | 00,461,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
[2006/11/16 18:58:32 | 00,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
[2006/12/19 09:02:58 | 02,842,624 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
[2004/12/14 05:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/06/04 13:22:48 | 00,614,400 | ---- | M] (Bigfoot Networks, Inc.) -- C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
[2008/08/11 17:46:50 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
[2008/09/28 06:05:19 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2007/10/24 15:10:20 | 01,388,544 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe
[2008/10/15 14:18:24 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/08/27 14:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/04/09 21:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/09/13 19:01:17 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/06/04 10:14:56 | 00,237,568 | ---- | M] () -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe -- (Killer Port Manager [Auto | Running])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2006/11/10 19:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/02/23 11:25:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
[2008/08/25 11:36:34 | 01,077,640 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
[2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (WUSB54GCSVC [Auto | Running])
File not found -- -- (WUSB54Gv42SVC [Auto | Running])

========== Driver Services ==========

[2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2008/07/19 10:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2008/05/23 16:53:11 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2007/02/06 15:05:14 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
[2008/07/19 10:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 10:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 10:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 10:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 10:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/08/25 11:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/08/25 11:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/08/25 11:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2006/09/12 22:27:00 | 04,381,184 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/04/13 14:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2008/05/14 17:59:28 | 00,103,072 | ---- | M] (Bigfoot Networks, Inc.) -- C:\WINDOWS\system32\drivers\NetB834x.sys -- (NetB834x [On_Demand | Running])
[2008/05/14 12:04:16 | 00,022,048 | ---- | M] (Bigfoot Networks, Inc.) -- C:\WINDOWS\system32\drivers\NetBEdge.sys -- (NetbEdge [On_Demand | Running])
[2007/02/23 11:25:00 | 05,749,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/09/21 16:39:16 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/09/21 15:39:16 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2006/08/07 16:39:22 | 00,052,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/08/07 16:39:24 | 00,018,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2008/09/22 14:23:35 | 00,160,792 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctfw2.sys -- (pctfw2 [System | Running])
[2005/12/28 12:05:09 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/08/15 18:33:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/11/24 19:51:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2002/11/20 19:45:50 | 00,002,218 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv [On_Demand | Stopped])
[2005/12/28 12:05:50 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2005/10/17 19:50:06 | 00,245,376 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (763 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
192.168.254.2 mykillernic

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{348FE907-249E-4C65-A838-F34A193FE1D1} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAWTray"=C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe ()
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"in3"=C:\Documents and Settings\Matt\Local Settings\Temp\.tt9.tmp.exe /CR=09502FFA8BDF757D6F816904DDEAE1C00311B3CA8C6C863041721776FC16F142BC1BCEEBD0E0840080114B03FBE8C17DD4C3AEE4A1A1D3245E8C17C22418300045F5AF4AC7546A6BFD2722F37B290FD7290B9C File not found
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" (Logitech Inc.)
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE (Logitech Inc.)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdwareAlert"=C:\Program Files\AdwareAlert\AdwareAlert.exe -boot File not found
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"Fraps"=C:\FRAPS\FRAPS.EXE (Beepa P/L)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2004/12/14 05:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/06/04 13:22:48 | 00,614,400 | ---- | M] (Bigfoot Networks, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Killer Tray Menu.lnk = C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
[2007/08/17 15:53:44 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OSCust.lnk = C:\WINDOWS\system32\OEM\OSCust.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0
"DisableRegistryTools"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007/09/13 13:31:40 | 01,312,040 | ---- | M] (Skype Technologies S.A.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2007/09/13 13:31:40 | 01,312,040 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{3DCEC959-378A-4922-AD7E-FD5C925D927F}: http://disney.go.com/pirates/online/testAc...OnlineGames.cab -- Disney Online Games ActiveX Control
{4E218431-2F07-40BD-A9D3-035324C1F13F}: http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB -- DyynoX Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0ADBFE6F-7928-4B70-881C-661AADEFD2AB} (Servers: | Description: Killer NIC NDIS EDGE Interface)
{18EEF5FD-8F01-423E-830C-3E2271885398} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{1FEF0A39-ED98-45A3-8E63-995761DCA51B} (Servers: | Description: Compact Wireless-G USB Adapter)
{370CAF65-7566-4C86-B534-ED6EDB80284F} (Servers: | Description: NVIDIA nForce Networking Controller)
{3B3811EE-CDCA-4E99-80E9-BF196B56B610} (Servers: | Description: Compact Wireless-G USB Adapter)
{5522BF02-B487-451D-95EF-A743793595E6} (Servers: | Description: NVIDIA nForce Networking Controller)
{63B28D2B-0C9F-43D9-B04D-1E18ECFA1CDF} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{70ABD996-5194-4568-8760-B1E459C2778E} (Servers: | Description: Compact Wireless-G USB Adapter)
{8C4F4841-DC8E-480C-8AA0-7A205FC9E442} (Servers: | Description: )
{9182C5B1-6A51-4A99-934E-11B77B89266F} (Servers: | Description: Compact Wireless-G USB Adapter)
{98CA39BE-9340-427E-9912-8F8481A364CC} (Servers: | Description: Compact Wireless-G USB Adapter)
{AC0C12B0-6533-4F31-88AD-E9253FC4C706} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{B9157CE0-4AD9-47E4-A427-CBE8425DE4A7} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{D842D95F-1019-44A5-9662-92EC07EC3E64} (Servers: | Description: Compact Wireless-G USB Adapter)
{F3E7078B-E600-4254-9D2A-920F4D16B71D} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WB: "DllName" = C:\Program Files\AlienGUIse\fastload.dll -- C:\Program Files\AlienGUIse\fastload.dll (Stardock)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/11/02 14:24:54 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[7 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/17 21:05:41 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/17 21:05:01 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTMoveIt3.exe
[2008/10/17 15:45:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Quartz-r7-release
[2008/10/17 14:38:06 | 10,143,9746 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\2v2_Sirperro-RandomDruid_Warrior-Druid.wmv
[2008/10/16 15:07:30 | 00,003,139 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\KasperskyScan.html
[2008/10/15 14:18:24 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTViewIt.exe
[2008/10/14 14:35:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2008/10/12 16:13:34 | 06,434,794 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\HunterPoV1.wmv
[2008/10/12 13:29:41 | 00,003,306 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Indian Dream.rtf
[2008/10/11 23:32:03 | 00,009,858 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Kookies2beta.wme
[2008/10/11 20:48:37 | 43,120,8225 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Kookies2Project.wmv
[2008/10/11 18:49:57 | 06,947,469 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\T.I - Big Things Poppin.mp3
[2008/10/11 17:33:01 | 00,173,944 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg
[2008/10/11 17:33:01 | 00,171,128 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg.bak
[2008/10/11 17:00:17 | 05,004,728 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Kanye-West-Jesus-Walks.mp3
[2008/10/11 16:22:10 | 06,053,469 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\11. life goes on.mp3
[2008/10/11 15:46:08 | 07,080,222 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\The Brighter Side Of Suffering.mp3
[2008/10/04 22:23:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 4 (complete DVDRip)
[2008/10/04 14:24:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 5 (complete DVDRip)
[2008/10/04 14:16:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 3 (complete DVDRip)
[2008/10/04 14:14:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 1 (complete DVDRip)
[2008/10/04 13:58:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 2 (complete DVDRip)
[2008/09/28 23:22:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\Downloads
[2008/09/28 23:14:57 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\µTorrent.lnk
[2008/09/28 23:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2008/09/28 23:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2008/09/28 18:39:05 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/25 15:47:27 | 00,062,233 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\The Beggining of my Dehumanization.rtf
[2008/09/25 14:50:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Matt\My Documents\My Pictures
[2008/09/24 14:23:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\My Received Files
[2008/09/24 01:15:08 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/09/24 01:15:08 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/09/24 01:03:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\VIRUSPWNR
[2008/09/24 00:56:40 | 21,459,47648 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/24 00:16:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/09/24 00:03:41 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/09/24 00:03:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/09/24 00:02:22 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/24 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/09/24 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/09/23 23:42:19 | 00,000,000 | ---D | C] -- C:\327882R2FWJFW
[2008/09/23 23:29:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Screenshots
[2008/09/23 23:27:59 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/23 23:27:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\skypePM
[2008/09/23 23:23:18 | 00,000,000 | ---D | C] -- C:\NV31203156.TMP
[2008/09/23 23:23:18 | 00,000,000 | ---D | C] -- C:\NV22923076.TMP
[2008/09/22 14:25:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2008/09/22 14:25:17 | 00,160,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctfw2.sys
[2008/09/22 14:23:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2008/09/21 22:17:47 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2008/09/21 21:45:25 | 00,000,000 | ---D | C] -- C:\!KillBox
[2008/09/21 21:33:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Uniblue
[2008/09/21 21:33:46 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2008/09/21 21:33:40 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2008/09/21 21:18:20 | 00,000,494 | ---- | C] () -- C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
[2008/09/21 21:18:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\AdwareAlert
[2008/09/21 21:09:37 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2008/09/21 21:09:37 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2008/09/21 21:09:37 | 00,040,840 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2008/09/21 21:09:37 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\kcom.sys
[2008/09/21 21:09:31 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2008/09/21 21:09:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\PC Tools
[2008/09/21 01:51:42 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Wrath of the Lich King Beta.lnk
[2008/09/20 20:26:40 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/09/20 20:22:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/20 13:40:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2008/09/20 13:39:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2008/09/20 13:39:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/09/20 13:39:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/09/20 13:39:35 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/09/20 13:39:35 | 00,000,000 | ---D | C] -- C:\QooBox
[2008/09/20 13:39:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\swsc.exe
[2008/09/20 13:39:34 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/09/20 13:39:34 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/09/20 13:39:34 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/09/20 13:22:20 | 00,002,452 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/20 12:02:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/19 20:28:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/19 20:22:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/19 20:22:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/19 20:22:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/19 20:22:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/19 20:20:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/19 20:17:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

========== Files - Modified Within 30 Days ==========

[7 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/17 21:09:18 | 00,000,160 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Bandwidth.xml
[2008/10/17 21:09:11 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/17 21:07:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/17 21:07:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 21:07:32 | 21,459,47648 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/17 21:05:02 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTMoveIt3.exe
[2008/10/17 14:44:18 | 10,143,9746 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\2v2_Sirperro-RandomDruid_Warrior-Druid.wmv
[2008/10/16 15:07:30 | 00,003,139 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\KasperskyScan.html
[2008/10/15 14:18:24 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTViewIt.exe
[2008/10/14 22:19:58 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/14 14:57:04 | 00,000,865 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2008/10/13 22:51:51 | 00,211,456 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/13 03:00:00 | 00,000,494 | ---- | M] () -- C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
[2008/10/12 16:13:57 | 06,434,794 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\HunterPoV1.wmv
[2008/10/12 13:29:41 | 00,003,306 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Indian Dream.rtf
[2008/10/11 23:32:03 | 00,009,858 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Kookies2beta.wme
[2008/10/11 22:37:09 | 00,173,944 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg
[2008/10/11 22:21:53 | 43,120,8225 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Kookies2Project.wmv
[2008/10/11 20:43:03 | 00,171,128 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg.bak
[2008/10/11 18:51:20 | 06,947,469 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\T.I - Big Things Poppin.mp3
[2008/10/11 17:37:34 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/11 17:00:50 | 05,004,728 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Kanye-West-Jesus-Walks.mp3
[2008/10/11 16:22:28 | 06,053,469 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\11. life goes on.mp3
[2008/10/11 15:48:30 | 07,080,222 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\The Brighter Side Of Suffering.mp3
[2008/10/05 23:37:01 | 00,062,233 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\The Beggining of my Dehumanization.rtf
[2008/10/03 17:49:13 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/30 04:12:14 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/09/28 23:14:57 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\µTorrent.lnk
[2008/09/28 18:39:05 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/28 08:29:03 | 04,317,722 | -H-- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\IconCache.db
[2008/09/24 15:17:13 | 00,101,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/24 14:53:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/24 14:35:38 | 00,000,208 | -HS- | M] () -- C:\boot.ini
[2008/09/24 01:16:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/24 01:15:08 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/09/24 00:16:41 | 00,511,210 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/24 00:16:41 | 00,441,954 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/24 00:16:41 | 00,071,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/24 00:15:03 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Windows Media Player.lnk
[2008/09/24 00:03:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/24 00:03:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/24 00:02:56 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/09/24 00:02:22 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/24 00:01:18 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/23 23:27:59 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/23 14:54:11 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Wrath of the Lich King Beta.lnk
[2008/09/22 14:23:35 | 00,160,792 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctfw2.sys
[2008/09/21 22:17:47 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2008/09/20 13:22:20 | 00,002,452 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/20 12:02:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/09/19 20:19:21 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/19 17:33:20 | 00,000,138 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
< End of report >




OTViewIt Extras logfile created on: 10/17/2008 9:13:48 PM - Run 2
OTViewIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.46% Memory free
3.85 Gb Paging File | 2.84 Gb Available in Paging File | 73.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 68.69 Gb Free Space | 29.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-9F64BACA3
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=1
"DoNotAllowExceptions"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/10/14 14:56:04 | 01,077,904 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/30 10:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/11/16 15:24:09 | 00,200,704 | ---- | M] () -- C:\UT2004Demo\System\UT2004.exe:*:Enabled:UT2004
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\World of Warcraft\WoWTest\WoW-0.4.3.8478-to-0.4.3.8536-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2008/09/28 23:14:57 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/08/11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000032 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000033 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000034 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000035 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000036 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000037 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000038 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000039 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000040 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000041 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000042 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000043 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000044 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000045 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000046 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
msdaipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2008/08/11 17:46:50 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0523EAF4-402C-4435-A0DA-13C40193D811}"=Logitech GamePanel Software 2.02
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{18039280-98B7-4C5E-AAC0-10EBC9731033}"=Nero 7 Essentials
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{49A141D3-78CF-45EA-93A8-541E08FDB719}"=Killer Driver
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.5
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7C9AD221-994C-45B2-B46D-26F5735158CF}"=Sony Vegas Pro 8.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}"=Linksys Wireless-G USB Network Adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}"=Uniblue RegistryBooster 2009
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}"=Compact Wireless-G USB Adapter
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AlienGUIse Theme Manager"=AlienGUIse Theme Manager
"avast!"=avast! Antivirus
"DyynoPlayer"=DyynoPlayer 0.8.6f
"ffdshow_is1"=ffdshow [rev 1945] [2008-04-17]
"Fraps"=Fraps (remove only)
"Glitchy's Model Editing Suite_is1"=Glitchys MES 2.6
"Google Video Uploader"=Google Video Uploader
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"KB888111WXPSP2"=High Definition Audio Driver Package - KB888111
"KB888316"=Windows XP Media Center Edition 2005 KB888316
"KB900325"=Update Rollup 2 for Windows XP Media Center Edition 2005
"KB925766"=Windows XP Media Center Edition 2005 KB925766
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"Spyware Doctor"=Spyware Doctor 6.0
"Uniblue RegistryBooster 2009"=Uniblue RegistryBooster 2009
"UT2004-Demo"=Unreal Tournament 2004 Demo
"ViewpointMediaPlayer"=Viewpoint Media Player
"WIC"=Windows Imaging Component
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"Wrath of the Lich King Beta"=Wrath of the Lich King Beta
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"538e2a4af313161a"=FasterPing
"Octoshape Streaming Services"=Octoshape Streaming Services
"uTorrent"=µTorrent
"Wow Web Stats Client v2.4"=Wow Web Stats Client v2.4

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/14/2007 7:32:18 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\6B9.tmp failed, 00000005.

Error - 10/14/2007 8:07:33 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\742.tmp failed, 00000005.

Error - 10/24/2007 8:33:00 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\276.tmp failed, 00000005.

Error - 10/24/2007 9:23:13 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\328.tmp failed, 00000005.

Error - 2/28/2008 12:51:28 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\1C9.tmp failed, 00000005.

Error - 2/28/2008 1:01:31 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\1E4.tmp failed, 00000005.

Error - 8/24/2008 4:55:05 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.xbox.com/NR/rdonlyres/BD9381B2-...xheroes1000.xml
failed, 0000A413.

Error - 9/23/2008 5:52:14 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnFileEmailToAlwilSoftware()
basNetAlert() failed: 42011.

Error - 9/23/2008 5:52:52 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = SMTP server response: 421 Cannot connect to SMTP server 192.168.2.101
(192.168.2.101:25), connect error 10061 .

Error - 9/23/2008 5:59:26 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnFileEmailToAlwilSoftware()
basNetAlert() failed: 42011.

[ Application Events ]
Error - 10/11/2008 9:00:17 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1001
Description = Fault bucket 568249593.

Error - 10/11/2008 10:24:21 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/11/2008 10:25:29 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x02383fff.

Error - 10/11/2008 10:25:38 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1001
Description = Fault bucket 964709388.

Error - 10/11/2008 10:26:42 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x02383fff.

Error - 10/12/2008 1:55:08 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x03ff9215.

Error - 10/13/2008 1:17:50 AM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2008 5:20:44 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2008 6:05:16 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2008 6:05:17 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/15/2008 6:10:20 AM | Computer Name = OWNER-9F64BACA3 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.13.58.104 for the Network Card with network
address 0014BF7A7DC6 has been denied by the DHCP server 0.13.58.30 (The DHCP Server
sent a DHCPNACK message).

Error - 10/15/2008 6:10:23 AM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/15/2008 2:11:09 PM | Computer Name = OWNER-9F64BACA3 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.13.58.100 for the Network Card with network
address 0014BF7A7DC6 has been denied by the DHCP server 0.13.58.30 (The DHCP Server
sent a DHCPNACK message).

Error - 10/15/2008 2:11:14 PM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/16/2008 2:10:15 PM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/17/2008 6:23:31 AM | Computer Name = OWNER-9F64BACA3 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.13.58.102 for the Network Card with network
address 0014BF7A7DC6 has been denied by the DHCP server 0.13.58.30 (The DHCP Server
sent a DHCPNACK message).

Error - 10/17/2008 6:23:36 AM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/17/2008 2:07:37 PM | Computer Name = OWNER-9F64BACA3 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.13.58.101 for the Network Card with network
address 0014BF7A7DC6 has been denied by the DHCP server 0.13.58.30 (The DHCP Server
sent a DHCPNACK message).

Error - 10/17/2008 2:07:40 PM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/17/2008 9:07:46 PM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044


< End of report >

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:53 PM

Posted 17 October 2008 - 09:42 PM

Hello :thumbsup:

This indicates that there was a failure of copy/paste:

Error: Unable to interpret <reg> in the current context!


The : in front of reg in the script above is needed for the script to work ;)

You also don't seem to have updated Java.

Please retry the instructions listed in Post # 4 starting with the line "We need to execute an OTMoveIt3 script"

Thanks!

(Also please ensure after update of java that you post new OTVI logs ;)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Jack-o

Jack-o
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 19 October 2008 - 11:26 AM

sorry for the delay. i've updated java through my windows toolbar so hopefully that's all i needed.

reposting the Move it;

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348FE907-249E-4C65-A838-F34A193FE1D1}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\in3 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdwareAlert deleted successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\Matt\Local Settings\Temp\.tt9.tmp.exe not found.
File/Folder C:\Program Files\AdwareAlert not found.
File/Folder C:\DOCUME~1\Matt\LOCALS~1\Temp\???.tmp not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Matt\LOCALS~1\Temp\etilqs_IFQTEGlFx9HIlCarsuCC scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2c4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10192008_121928

Files moved on Reboot...
File C:\DOCUME~1\Matt\LOCALS~1\Temp\etilqs_IFQTEGlFx9HIlCarsuCC not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_2c4.dat not found!
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\moynp2ba.default\XUL.mfl moved successfully.



OTViewIt logfile created on: 10/19/2008 12:25:37 PM - Run 3
OTViewIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 54.86% Memory free
3.85 Gb Paging File | 2.83 Gb Available in Paging File | 73.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 52.77 Gb Free Space | 22.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-9F64BACA3
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/08/27 14:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/04/09 21:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2008/06/04 10:14:56 | 00,237,568 | ---- | M] () -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
[2007/02/23 11:25:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
[2008/08/25 11:36:34 | 01,077,640 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
[2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
[2006/08/28 12:23:44 | 05,527,040 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
[2005/11/09 01:33:42 | 05,264,384 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/08/25 11:36:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2008/04/13 20:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006/09/12 19:58:14 | 16,264,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2008/07/19 10:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2007/08/08 15:53:16 | 00,088,024 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
[2007/07/12 04:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/12/13 17:43:22 | 02,051,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
[2007/12/13 17:57:24 | 02,095,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
[2006/11/16 19:04:20 | 00,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2007/12/13 17:43:02 | 00,481,304 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
[2007/09/16 17:59:09 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/12/13 17:42:52 | 00,558,104 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
[2007/12/13 17:43:30 | 00,416,280 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
[2008/08/11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2007/12/13 17:43:12 | 00,461,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
[2008/09/28 06:05:19 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2006/11/16 18:58:32 | 00,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
[2006/12/19 09:02:58 | 02,842,624 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
[2004/12/14 05:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/06/04 13:22:48 | 00,614,400 | ---- | M] (Bigfoot Networks, Inc.) -- C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/08/11 17:46:50 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
[2008/10/15 14:18:24 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/08/27 14:38:50 | 00,566,616 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 10:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/07/19 10:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 10:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 10:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/04/09 21:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/09/13 19:01:17 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/06/04 10:14:56 | 00,237,568 | ---- | M] () -- C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe -- (Killer Port Manager [Auto | Running])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2006/11/10 19:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/02/23 11:25:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
[2008/08/25 11:36:34 | 01,077,640 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
[2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (WUSB54GCSVC [Auto | Running])
File not found -- -- (WUSB54Gv42SVC [Auto | Running])

========== Driver Services ==========

[2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2008/07/19 10:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2008/05/23 16:53:11 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2007/02/06 15:05:14 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
[2008/07/19 10:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 10:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 10:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 10:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 10:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/08/25 11:36:28 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/08/25 11:36:28 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/08/25 11:36:30 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2006/09/12 22:27:00 | 04,381,184 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/04/13 14:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2008/05/14 17:59:28 | 00,103,072 | ---- | M] (Bigfoot Networks, Inc.) -- C:\WINDOWS\system32\drivers\NetB834x.sys -- (NetB834x [On_Demand | Running])
[2008/05/14 12:04:16 | 00,022,048 | ---- | M] (Bigfoot Networks, Inc.) -- C:\WINDOWS\system32\drivers\NetBEdge.sys -- (NetbEdge [On_Demand | Running])
[2007/02/23 11:25:00 | 05,749,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/09/21 16:39:16 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/09/21 15:39:16 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2006/08/07 16:39:22 | 00,052,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/08/07 16:39:24 | 00,018,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2008/09/22 14:23:35 | 00,160,792 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctfw2.sys -- (pctfw2 [System | Running])
[2005/12/28 12:05:09 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/08/15 18:33:10 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/11/24 19:51:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2002/11/20 19:45:50 | 00,002,218 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv [On_Demand | Stopped])
[2005/12/28 12:05:50 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2005/10/17 19:50:06 | 00,245,376 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (763 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
192.168.254.2 mykillernic

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAWTray"=C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe ()
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" (Logitech Inc.)
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE (Logitech Inc.)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"Fraps"=C:\FRAPS\FRAPS.EXE (Beepa P/L)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2004/12/14 05:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2008/06/04 13:22:48 | 00,614,400 | ---- | M] (Bigfoot Networks, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Killer Tray Menu.lnk = C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
[2007/08/17 15:53:44 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OSCust.lnk = C:\WINDOWS\system32\OEM\OSCust.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0
"DisableRegistryTools"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007/09/13 13:31:40 | 01,312,040 | ---- | M] (Skype Technologies S.A.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2007/09/13 13:31:40 | 01,312,040 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{3DCEC959-378A-4922-AD7E-FD5C925D927F}: http://disney.go.com/pirates/online/testAc...OnlineGames.cab -- Disney Online Games ActiveX Control
{4E218431-2F07-40BD-A9D3-035324C1F13F}: http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB -- DyynoX Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0ADBFE6F-7928-4B70-881C-661AADEFD2AB} (Servers: | Description: Killer NIC NDIS EDGE Interface)
{18EEF5FD-8F01-423E-830C-3E2271885398} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{1FEF0A39-ED98-45A3-8E63-995761DCA51B} (Servers: | Description: Compact Wireless-G USB Adapter)
{370CAF65-7566-4C86-B534-ED6EDB80284F} (Servers: | Description: NVIDIA nForce Networking Controller)
{3B3811EE-CDCA-4E99-80E9-BF196B56B610} (Servers: | Description: Compact Wireless-G USB Adapter)
{5522BF02-B487-451D-95EF-A743793595E6} (Servers: | Description: NVIDIA nForce Networking Controller)
{63B28D2B-0C9F-43D9-B04D-1E18ECFA1CDF} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{70ABD996-5194-4568-8760-B1E459C2778E} (Servers: | Description: Compact Wireless-G USB Adapter)
{8C4F4841-DC8E-480C-8AA0-7A205FC9E442} (Servers: | Description: )
{9182C5B1-6A51-4A99-934E-11B77B89266F} (Servers: | Description: Compact Wireless-G USB Adapter)
{98CA39BE-9340-427E-9912-8F8481A364CC} (Servers: | Description: Compact Wireless-G USB Adapter)
{AC0C12B0-6533-4F31-88AD-E9253FC4C706} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{B9157CE0-4AD9-47E4-A427-CBE8425DE4A7} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{D842D95F-1019-44A5-9662-92EC07EC3E64} (Servers: | Description: Compact Wireless-G USB Adapter)
{F3E7078B-E600-4254-9D2A-920F4D16B71D} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
WB: "DllName" = C:\Program Files\AlienGUIse\fastload.dll -- C:\Program Files\AlienGUIse\fastload.dll (Stardock)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/11/02 14:24:54 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[7 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/17 21:05:41 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/17 21:05:01 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTMoveIt3.exe
[2008/10/17 15:45:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Quartz-r7-release
[2008/10/17 14:38:06 | 10,143,9746 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\2v2_Sirperro-RandomDruid_Warrior-Druid.wmv
[2008/10/16 15:07:30 | 00,003,139 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\KasperskyScan.html
[2008/10/15 14:18:24 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTViewIt.exe
[2008/10/14 14:35:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2008/10/12 16:13:34 | 06,434,794 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\HunterPoV1.wmv
[2008/10/12 13:29:41 | 00,003,306 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Indian Dream.rtf
[2008/10/11 23:32:03 | 00,009,858 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Kookies2beta.wme
[2008/10/11 20:48:37 | 43,120,8225 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Kookies2Project.wmv
[2008/10/11 18:49:57 | 06,947,469 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\T.I - Big Things Poppin.mp3
[2008/10/11 17:33:01 | 00,173,944 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg
[2008/10/11 17:33:01 | 00,171,128 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg.bak
[2008/10/11 17:00:17 | 05,004,728 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Kanye-West-Jesus-Walks.mp3
[2008/10/11 16:22:10 | 06,053,469 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\11. life goes on.mp3
[2008/10/11 15:46:08 | 07,080,222 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\The Brighter Side Of Suffering.mp3
[2008/10/04 22:23:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 4 (complete DVDRip)
[2008/10/04 14:24:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 5 (complete DVDRip)
[2008/10/04 14:16:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 3 (complete DVDRip)
[2008/10/04 14:14:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 1 (complete DVDRip)
[2008/10/04 13:58:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Futurama Season 2 (complete DVDRip)
[2008/09/28 23:22:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\Downloads
[2008/09/28 23:14:57 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\µTorrent.lnk
[2008/09/28 23:14:57 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2008/09/28 23:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2008/09/28 18:39:05 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/25 15:47:27 | 00,062,233 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\The Beggining of my Dehumanization.rtf
[2008/09/25 14:50:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Matt\My Documents\My Pictures
[2008/09/24 14:23:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\My Received Files
[2008/09/24 01:15:08 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/09/24 01:15:08 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/09/24 01:03:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\VIRUSPWNR
[2008/09/24 00:56:40 | 21,459,47648 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/24 00:16:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/09/24 00:03:41 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/09/24 00:03:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2008/09/24 00:02:22 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/24 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2008/09/24 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2008/09/23 23:42:19 | 00,000,000 | ---D | C] -- C:\327882R2FWJFW
[2008/09/23 23:29:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Screenshots
[2008/09/23 23:27:59 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/23 23:27:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\skypePM
[2008/09/23 23:23:18 | 00,000,000 | ---D | C] -- C:\NV31203156.TMP
[2008/09/23 23:23:18 | 00,000,000 | ---D | C] -- C:\NV22923076.TMP
[2008/09/22 14:25:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2008/09/22 14:25:17 | 00,160,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctfw2.sys
[2008/09/22 14:23:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2008/09/21 22:17:47 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2008/09/21 21:45:25 | 00,000,000 | ---D | C] -- C:\!KillBox
[2008/09/21 21:33:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Uniblue
[2008/09/21 21:33:46 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2008/09/21 21:33:40 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2008/09/21 21:18:20 | 00,000,494 | ---- | C] () -- C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
[2008/09/21 21:18:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\AdwareAlert
[2008/09/21 21:09:37 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2008/09/21 21:09:37 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2008/09/21 21:09:37 | 00,040,840 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2008/09/21 21:09:37 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\kcom.sys
[2008/09/21 21:09:31 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2008/09/21 21:09:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\PC Tools
[2008/09/21 01:51:42 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Wrath of the Lich King Beta.lnk
[2008/09/20 20:26:40 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/09/20 20:22:01 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/20 13:40:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2008/09/20 13:39:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2008/09/20 13:39:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/09/20 13:39:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/09/20 13:39:35 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008/09/20 13:39:35 | 00,000,000 | ---D | C] -- C:\QooBox
[2008/09/20 13:39:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\swsc.exe
[2008/09/20 13:39:34 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/09/20 13:39:34 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/09/20 13:39:34 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/09/20 13:22:20 | 00,002,452 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/20 12:02:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/19 20:28:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/19 20:22:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/19 20:22:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/19 20:22:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/19 20:22:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/19 20:20:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/19 20:17:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

========== Files - Modified Within 30 Days ==========

[7 C:\*.tmp files]
[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/10/19 12:22:25 | 00,000,160 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Bandwidth.xml
[2008/10/19 12:22:23 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/19 12:20:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/19 12:20:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/19 12:20:47 | 21,459,47648 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/19 05:03:51 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/19 03:00:00 | 00,000,494 | ---- | M] () -- C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
[2008/10/17 21:05:02 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTMoveIt3.exe
[2008/10/17 14:44:18 | 10,143,9746 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\2v2_Sirperro-RandomDruid_Warrior-Druid.wmv
[2008/10/16 15:07:30 | 00,003,139 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\KasperskyScan.html
[2008/10/15 14:18:24 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTViewIt.exe
[2008/10/14 14:57:04 | 00,000,865 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2008/10/13 22:51:51 | 00,211,456 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/12 16:13:57 | 06,434,794 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\HunterPoV1.wmv
[2008/10/12 13:29:41 | 00,003,306 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Indian Dream.rtf
[2008/10/11 23:32:03 | 00,009,858 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Kookies2beta.wme
[2008/10/11 22:37:09 | 00,173,944 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg
[2008/10/11 22:21:53 | 43,120,8225 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Kookies2Project.wmv
[2008/10/11 20:43:03 | 00,171,128 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Kookies2Project.veg.bak
[2008/10/11 18:51:20 | 06,947,469 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\T.I - Big Things Poppin.mp3
[2008/10/11 17:37:34 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/11 17:00:50 | 05,004,728 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Kanye-West-Jesus-Walks.mp3
[2008/10/11 16:22:28 | 06,053,469 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\11. life goes on.mp3
[2008/10/11 15:48:30 | 07,080,222 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\The Brighter Side Of Suffering.mp3
[2008/10/05 23:37:01 | 00,062,233 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\The Beggining of my Dehumanization.rtf
[2008/10/03 17:49:13 | 00,000,558 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/30 04:12:14 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/09/28 23:14:57 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\µTorrent.lnk
[2008/09/28 18:39:05 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/28 08:29:03 | 04,317,722 | -H-- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\IconCache.db
[2008/09/24 15:17:13 | 00,101,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/24 14:53:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/24 14:35:38 | 00,000,208 | -HS- | M] () -- C:\boot.ini
[2008/09/24 01:16:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/24 01:15:08 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/09/24 00:16:41 | 00,511,210 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/24 00:16:41 | 00,441,954 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/24 00:16:41 | 00,071,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/24 00:15:03 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Windows Media Player.lnk
[2008/09/24 00:03:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/09/24 00:03:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/09/24 00:02:56 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/09/24 00:02:22 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2008/09/24 00:01:18 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/23 23:27:59 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/23 14:54:11 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Wrath of the Lich King Beta.lnk
[2008/09/22 14:23:35 | 00,160,792 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctfw2.sys
[2008/09/21 22:17:47 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Matt\My Documents\Default.rdp
[2008/09/20 13:22:20 | 00,002,452 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/20 12:02:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2008/09/19 20:19:21 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/19 17:33:20 | 00,000,138 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
< End of report >






OTViewIt Extras logfile created on: 10/19/2008 12:25:37 PM - Run 3
OTViewIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 54.86% Memory free
3.85 Gb Paging File | 2.83 Gb Available in Paging File | 73.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 52.77 Gb Free Space | 22.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-9F64BACA3
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=1
"DoNotAllowExceptions"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/10/14 14:56:04 | 01,077,904 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/30 10:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/11/16 15:24:09 | 00,200,704 | ---- | M] () -- C:\UT2004Demo\System\UT2004.exe:*:Enabled:UT2004
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\World of Warcraft\WoWTest\WoW-0.4.3.8478-to-0.4.3.8536-enUS-downloader.exe:*:Enabled:Blizzard Downloader
[2008/09/28 23:14:57 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/08/11 17:46:50 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000032 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000033 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000034 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000035 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000036 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000037 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000038 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000039 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000040 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000041 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000042 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000043 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000044 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000045 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)
Protocol_Catalog9\Catalog_Entries\000000000046 -- C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll (PC Tools Research Pty Ltd.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
msdaipp: [HKLM - No CLSID value]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/13 20:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2008/08/11 17:46:50 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0523EAF4-402C-4435-A0DA-13C40193D811}"=Logitech GamePanel Software 2.02
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{18039280-98B7-4C5E-AAC0-10EBC9731033}"=Nero 7 Essentials
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{49A141D3-78CF-45EA-93A8-541E08FDB719}"=Killer Driver
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.5
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7C9AD221-994C-45B2-B46D-26F5735158CF}"=Sony Vegas Pro 8.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}"=Linksys Wireless-G USB Network Adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}"=Uniblue RegistryBooster 2009
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}"=Compact Wireless-G USB Adapter
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AlienGUIse Theme Manager"=AlienGUIse Theme Manager
"avast!"=avast! Antivirus
"DyynoPlayer"=DyynoPlayer 0.8.6f
"ffdshow_is1"=ffdshow [rev 1945] [2008-04-17]
"Fraps"=Fraps (remove only)
"Glitchy's Model Editing Suite_is1"=Glitchys MES 2.6
"Google Video Uploader"=Google Video Uploader
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"KB888111WXPSP2"=High Definition Audio Driver Package - KB888111
"KB888316"=Windows XP Media Center Edition 2005 KB888316
"KB900325"=Update Rollup 2 for Windows XP Media Center Edition 2005
"KB925766"=Windows XP Media Center Edition 2005 KB925766
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"Spyware Doctor"=Spyware Doctor 6.0
"Uniblue RegistryBooster 2009"=Uniblue RegistryBooster 2009
"UT2004-Demo"=Unreal Tournament 2004 Demo
"ViewpointMediaPlayer"=Viewpoint Media Player
"WIC"=Windows Imaging Component
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"Wrath of the Lich King Beta"=Wrath of the Lich King Beta
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"538e2a4af313161a"=FasterPing
"Octoshape Streaming Services"=Octoshape Streaming Services
"uTorrent"=µTorrent
"Wow Web Stats Client v2.4"=Wow Web Stats Client v2.4

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/14/2007 7:32:18 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\6B9.tmp failed, 00000005.

Error - 10/14/2007 8:07:33 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\742.tmp failed, 00000005.

Error - 10/24/2007 8:33:00 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\276.tmp failed, 00000005.

Error - 10/24/2007 9:23:13 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\328.tmp failed, 00000005.

Error - 2/28/2008 12:51:28 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\1C9.tmp failed, 00000005.

Error - 2/28/2008 1:01:31 AM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\Matt\LOCALS~1\Temp\1E4.tmp failed, 00000005.

Error - 8/24/2008 4:55:05 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.xbox.com/NR/rdonlyres/BD9381B2-...xheroes1000.xml
failed, 0000A413.

Error - 9/23/2008 5:52:14 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnFileEmailToAlwilSoftware()
basNetAlert() failed: 42011.

Error - 9/23/2008 5:52:52 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = SMTP server response: 421 Cannot connect to SMTP server 192.168.2.101
(192.168.2.101:25), connect error 10061 .

Error - 9/23/2008 5:59:26 PM | Computer Name = OWNER-9F64BACA3 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnFileEmailToAlwilSoftware()
basNetAlert() failed: 42011.

[ Application Events ]
Error - 10/11/2008 9:00:17 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1001
Description = Fault bucket 568249593.

Error - 10/11/2008 10:24:21 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/11/2008 10:25:29 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x02383fff.

Error - 10/11/2008 10:25:38 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1001
Description = Fault bucket 964709388.

Error - 10/11/2008 10:26:42 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x02383fff.

Error - 10/12/2008 1:55:08 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x03ff9215.

Error - 10/13/2008 1:17:50 AM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2008 5:20:44 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2008 6:05:16 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2008 6:05:17 PM | Computer Name = OWNER-9F64BACA3 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/16/2008 2:10:15 PM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/17/2008 6:23:31 AM | Computer Name = OWNER-9F64BACA3 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.13.58.102 for the Network Card with network
address 0014BF7A7DC6 has been denied by the DHCP server 0.13.58.30 (The DHCP Server
sent a DHCPNACK message).

Error - 10/17/2008 6:23:36 AM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/17/2008 2:07:37 PM | Computer Name = OWNER-9F64BACA3 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.13.58.101 for the Network Card with network
address 0014BF7A7DC6 has been denied by the DHCP server 0.13.58.30 (The DHCP Server
sent a DHCPNACK message).

Error - 10/17/2008 2:07:40 PM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/17/2008 9:07:46 PM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/18/2008 11:13:58 AM | Computer Name = OWNER-9F64BACA3 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.13.58.105 for the Network Card with network
address 0014BF7A7DC6 has been denied by the DHCP server 0.13.58.30 (The DHCP Server
sent a DHCPNACK message).

Error - 10/18/2008 11:14:00 AM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/19/2008 12:10:34 PM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/19/2008 12:21:01 PM | Computer Name = OWNER-9F64BACA3 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044


< End of report >

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:53 PM

Posted 19 October 2008 - 12:59 PM

Hello, Jack-o.

i've updated java through my windows toolbar so hopefully that's all i needed.


Nope, the old stuff's still in there.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
In your next reply, please include the following:
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Jack-o

Jack-o
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 20 October 2008 - 01:32 PM

Didn't see anything that said Java Runtime in add/remove programs. I removed the only java program i saw.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:42 PM, on 10/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Killer Tray Menu.lnk = ?
O4 - Global Startup: OSCust.lnk = C:\WINDOWS\system32\OEM\OSCust.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Killer Port Manager - Unknown owner - C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 10461 bytes

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:53 PM

Posted 20 October 2008 - 02:20 PM

Hello, Jack-o.
Nooow you got it ;)

I think you're all fixed up, but I'd like to get a final check as well as look at a file I can't find...

We need to upload a file for further inspection
  • Please go to this page.
  • Where it asks for the "Link to where the file was requested" copy and paste in
    http://www.bleepingcomputer.com/forums/index.php?showtopic=172799&view=findpost&p=980829
  • Where it says "Browse to the file you want to submit", browse to
    c:\windows\system32\bfllr.dll
  • Press the Posted Image button.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Jack-o

Jack-o
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 20 October 2008 - 04:11 PM

edit: nvm it says i should use Internet Explorer, my bad

edit2: I don't have Internet Explorer =(

Edited by Jack-o, 20 October 2008 - 05:06 PM.


#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:53 PM

Posted 20 October 2008 - 05:17 PM

Oh, trust me, you have it ;) It's part of windows :thumbsup:

To start eset, go to start -> Run
Type in
iexplore http://eset.com/onlinescan

This will open the scanner in IE and allow you to follow the instructions.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 Jack-o

Jack-o
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 October 2008 - 02:06 PM

The run command works but after about, a dozen or so tries now, the scanner keep freezing. Every time after like 14 minutes internet explorer will simply not respond and i have to close it. It gets to about 30k files with no threats found any time.

I've even tried doing it after a reboot as the only program running and still froze

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:53 PM

Posted 21 October 2008 - 04:21 PM

Hello, Jack-o.
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
Alright... try this one which runs stand alone :thumbsup:

We need to run a system scan with Dr. Web CureIt
  • Please download DrWeb-CureIt & save it to your desktop.
    DO NOT perform a scan yet.
  • Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Do not select "Safe Mode with Networking" or "Safe Mode with Command Prompt".
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Complete Scan"
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
In your next reply, please include the following:
  • Dr.Web's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 Jack-o

Jack-o
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 October 2008 - 05:34 PM

The first express scan, as well as the second scan after i unchecked the thingy, both showed up saying no viruses found. I'm sorry to say that in my haste i forgot to save a log >.<

But, all this has convinced me my computer is at the moment, fine. I havn't had any problems loading my desktop in weeks and have not gotten any virus warnings from avast! or AVG as i was earlier! I really do appreciate your help thus far, it has been awesome. I will redo the scan if you want but I am sure I am fine




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users