Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cpu Usage 100%


  • This topic is locked This topic is locked
6 replies to this topic

#1 Cp-Poo

Cp-Poo

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 05 October 2008 - 01:11 PM

For the past two weeks my laptop has been running abnormally slow.My cpu usage reads 100% when more than two programs are open eg mozilla and itunes. Sound when music is played skips and jumps aswell as youtube videos. System startup takes a ridiculous amount of time and this issue has become very frustrating. I have run numerous anti-virus , spyware rootkit programs but to no avail. Even updating processer drivers failed.I have read countless forums and not found a solution. Please excuse my explanation as i am a new user ,I hope it is clear enough.

Thanks for your time!

My specs are 2.2GHz processor, 2046mb ram , 140 gig hard drive and a 128mb gfx card.

Here are the results of my hijack this scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:24, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89105327-97A5-4BC8-BC17-B227BEDF9CBF} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: IMVU.lnk = C:\Documents and Settings\Danny Lynch\Application Data\IMVUClient\IMVUClient.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: IMVU.lnk = C:\Documents and Settings\Danny Lynch\Application Data\IMVUClient\IMVUClient.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Documents and Settings\Danny Lynch\Application Data\IMVUClient\IMVUClient.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Intellex Event Handler.lnk = C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Danny Lynch\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0051296.dat,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: byxvvvs - byxvvvs.dll (file missing)
O20 - Winlogon Notify: ydvewjws - ydvewjws.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 AM

Posted 14 October 2008 - 07:27 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

Looks like you are infected.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 Cp-Poo

Cp-Poo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 18 October 2008 - 08:56 AM

I havent made any changes to my system since I posted I don't think...
At the startup it goes into CHKDSK and tries to check my hard drive for consistency , I have to turn it off if this happens because it runs so slow. Thanks For you Help!

Here's the OTviewIt.txt:

OTViewIt logfile created on: 18/10/2008 14:51:12 - Run 2
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\Danny Lynch\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.46% Memory free
3.84 Gb Paging File | 3.53 Gb Available in Paging File | 92.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 16.02 Gb Free Space | 24.02% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 36.69 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
Drive E: | 6.83 Gb Total Space | 1.32 Gb Free Space | 19.36% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEAROIDIN
Current User Name: Danny Lynch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[2005/06/19 21:50:08 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/03/06 14:48:46 | 00,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
[2008/07/30 10:47:56 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2004/08/09 07:03:38 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2005/12/13 17:45:58 | 00,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[2005/02/16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2006/02/07 02:10:34 | 00,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
[2005/12/22 08:57:10 | 00,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
[2008/04/14 01:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2003/04/07 01:42:52 | 00,217,190 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2005/12/08 14:45:12 | 00,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
[2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2005/09/24 00:42:32 | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2008/10/18 14:47:28 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danny Lynch\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Disabled | Stopped])
[2008/07/22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/04 04:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
[2008/07/03 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Disabled | Stopped])
[2007/02/09 14:14:23 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Disabled | Stopped])
File not found -- -- (Automatic LiveUpdate Scheduler [Disabled | Stopped])
[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (avp [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/12 18:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Disabled | Stopped])
[2007/12/16 15:58:22 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
[2007/01/04 02:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2005/12/22 00:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Disabled | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
[2006/01/05 00:06:02 | 00,163,840 | ---- | M] (Alex Feinman) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper [Disabled | Stopped])
[2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2005/11/15 15:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
[2006/02/20 16:23:08 | 00,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe -- (lxcr_device [Disabled | Stopped])
[2001/02/23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Disabled | Stopped])
[2007/03/19 16:02:54 | 00,081,920 | ---- | M] () -- C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe -- (NtlxSrvMgr [Disabled | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
[2007/05/28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Disabled | Stopped])
[2007/02/21 17:50:49 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Disabled | Stopped])
[2008/09/21 14:27:44 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [Disabled | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/01/04 22:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Disabled | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services ==========

[2001/08/17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2005/03/09 15:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2008/07/04 07:33:33 | 03,230,720 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/11/28 10:35:38 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2005/08/18 09:22:54 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2005/08/02 10:58:00 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
[2005/08/02 11:00:00 | 00,349,312 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
[2005/05/09 21:08:40 | 00,033,792 | ---- | M] (Team H2O) -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX [On_Demand | Running])
[2005/05/05 10:04:08 | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2005/05/05 10:04:04 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/08/22 10:06:00 | 00,231,424 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI [On_Demand | Running])
[2005/08/22 10:06:00 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2008/07/21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/01/29 18:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2008/07/18 17:39:18 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (klif [System | Running])
[2008/04/30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2004/03/17 05:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2005/06/04 01:56:08 | 00,030,464 | ---- | M] (DiBcom SA) -- C:\WINDOWS\system32\drivers\modbda2.sys -- (MODBDA2 [On_Demand | Stopped])
[2008/04/13 19:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])
[2003/08/01 14:57:54 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/11/29 23:30:24 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/09/30 12:11:00 | 00,078,720 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2008/04/13 19:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2001/08/17 12:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
[2008/08/05 22:29:00 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2006/04/21 00:29:30 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
[2005/06/19 21:33:18 | 00,190,400 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2005/09/20 11:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[2007/12/04 16:47:53 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/07/22 20:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2005/08/22 10:06:00 | 00,718,464 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 19:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.ie/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.ie/

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (265422 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9196 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} (HKLM) -- C:\Program Files\Lexmark Toolbar\toolband.dll ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{89105327-97A5-4BC8-BC17-B227BEDF9CBF} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" (HKLM) -- C:\Program Files\Lexmark Toolbar\toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" (HKLM) -- C:\Program Files\Lexmark Toolbar\toolband.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" (HKLM) -- C:\Program Files\Lexmark Toolbar\toolband.dll ()

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe ()
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" (Lexmark International Inc.)
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe (Team H2O)
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" ()
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RecGuard"=C:\Windows\SMINST\RecGuard.exe ()
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2003/04/07 01:42:52 | 00,217,190 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2005/03/05 14:18:22 | 00,010,872 | ---- | M] (Autodesk, Inc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
[2005/09/24 01:39:30 | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[2007/03/19 16:03:20 | 00,917,504 | ---- | M] (Sensormatic Electronics Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intellex Event Handler.lnk = C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe
[2001/02/13 02:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 02:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 02:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll [2008/07/29 20:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKLM] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKLM] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 14:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0}: http://update.videoegg.com/Install/Windows...ggPublisher.exe -- VideoEgg ActiveX Loader
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{3D04C69D-5774-4372-A008-1E4656C7D791} (Servers: | Description: Broadcom 802.11a/b/g WLAN)
{5705DDE1-80EB-444D-B442-66B4990C28BC} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{5B336503-606B-40F2-B7F6-BB658385FB76} (Servers: | Description: 1394 Net Adapter)
{894D53E5-8CBB-4F77-B4B4-8FFCA82DE462} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\__c0051296.dat,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
>File not found -- C:\WINDOWS\system32\__c0051296.dat
>[2008/07/29 20:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
>[2008/07/29 20:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
byxvvvs: "DllName" = byxvvvs.dll -- File not found
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
ydvewjws: "DllName" = ydvewjws.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\mljjk.dll,
>File not found -- C:\WINDOWS\system32\mljjk.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2001/07/27 14:07:38 | 00,000,000 | -HS- | M] () -- E:\AUTOEXEC.BAT -- [ FAT32 ]

AUTORUN.FCB [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 06:01:14 | 00,000,053 | -HS- | M] () -- E:\AUTORUN.FCB -- [ FAT32 ]

Autorun.inf [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ]
[2007/06/20 22:35:24 | 00,000,090 | ---- | M] () -- E:\Autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2845c04a-ed03-11db-a327-0014a5b53090}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2845c04a-ed03-11db-a327-0014a5b53090}\Shell\Auto\command]
""=Cn911.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2845c04a-ed03-11db-a327-0014a5b53090}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2845c04a-ed03-11db-a327-0014a5b53090}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/14 01:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[32 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/10/18 14:47:25 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Danny Lynch\Desktop\OTViewIt.exe
[2008/10/17 12:59:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Danny Lynch\Desktop\Movie#1_data
[2008/10/16 20:21:20 | 00,001,692 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\Desktop\DeepDVD Movie.lnk
[2008/10/16 20:20:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Astonsoft
[2008/10/16 20:20:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Astonsoft
[2008/10/16 20:20:17 | 00,000,000 | ---D | C] -- C:\Program Files\Astonsoft
[2008/10/16 19:51:22 | 73,419,1616 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\Desktop\The.Eye.DVDRip.XviD.avi
[2008/10/15 20:43:10 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 20:41:07 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 20:40:51 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 20:40:40 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 20:40:29 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 20:40:17 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/05 22:27:06 | 00,027,445 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\Desktop\Ryanair.com.htm
[2008/10/04 01:04:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Danny Lynch\Desktop\Ceephax - Exidy tours
[2008/10/02 20:16:04 | 00,371,200 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\My Documents\Tokyo Mew Mew.ppt
[2008/09/30 13:31:31 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\Desktop\New Sibelius Score.sib
[2008/09/28 16:16:08 | 21,456,36352 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/27 15:32:49 | 01,812,116 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\My Documents\Grace.Sims2Pack
[2008/09/27 13:11:37 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/09/27 13:11:24 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/09/27 12:52:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/27 12:09:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/27 12:09:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/27 12:09:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/27 12:09:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/27 11:19:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/25 21:57:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/24 16:10:28 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2008/09/22 23:40:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Danny Lynch\Application Data\InstallShield
[2008/09/22 22:27:42 | 00,001,951 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2008/09/22 22:27:42 | 00,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2008/09/22 22:27:41 | 00,001,987 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intellex Event Handler.lnk
[2008/09/22 22:27:41 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2008/09/21 15:28:17 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/21 15:03:09 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/09/21 14:27:46 | 00,028,416 | ---- | C] (TuneUp Software GmbH) -- C:\WINDOWS\System32\uxtuneup.dll
[2008/09/21 14:27:43 | 00,355,584 | ---- | C] (TuneUp Software GmbH) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2008/09/21 14:27:24 | 00,000,843 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\Desktop\TuneUp Utilities 2008.lnk
[2008/09/21 14:26:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/09/21 14:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2008

========== Files - Modified Within 30 Days ==========

[32 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/10/18 14:47:28 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danny Lynch\Desktop\OTViewIt.exe
[2008/10/18 14:29:51 | 00,000,041 | ---- | M] () -- C:\XP_TV.ini
[2008/10/18 14:28:11 | 00,000,498 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2008/10/18 14:27:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/18 14:26:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/18 14:25:51 | 21,456,36352 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/18 11:52:40 | 00,105,536 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/10/18 11:52:39 | 36,467,232 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/18 11:52:39 | 01,081,120 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/10/18 11:52:39 | 00,492,608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/16 20:23:17 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/16 20:21:20 | 00,001,692 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Desktop\DeepDVD Movie.lnk
[2008/10/16 16:13:16 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/16 16:11:10 | 01,750,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 15:04:26 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 01:03:06 | 73,419,1616 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Desktop\The.Eye.DVDRip.XviD.avi
[2008/10/09 08:57:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/06 17:42:36 | 00,000,605 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\My Documents\My Sharing Folders.lnk
[2008/10/05 22:27:06 | 00,027,445 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Desktop\Ryanair.com.htm
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/02 20:30:25 | 00,371,200 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\My Documents\Tokyo Mew Mew.ppt
[2008/09/30 13:31:31 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Desktop\New Sibelius Score.sib
[2008/09/27 18:34:44 | 00,001,034 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/27 18:34:44 | 00,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/27 18:34:44 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/09/27 15:32:49 | 01,812,116 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\My Documents\Grace.Sims2Pack
[2008/09/27 13:52:06 | 00,407,538 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/27 13:52:05 | 00,064,380 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/27 13:51:58 | 00,477,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/27 11:33:52 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/21 19:57:53 | 00,265,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/09/21 15:28:17 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/21 14:27:44 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2008/09/21 14:27:24 | 00,000,843 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Desktop\TuneUp Utilities 2008.lnk
[2008/09/21 13:05:37 | 00,265,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080921-195753.backup
< End of report >

Heres the extras .txt:

OTViewIt Extras logfile created on: 18/10/2008 14:51:13 - Run 2
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\Danny Lynch\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.46% Memory free
3.84 Gb Paging File | 3.53 Gb Available in Paging File | 92.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 16.02 Gb Free Space | 24.02% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 36.69 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
Drive E: | 6.83 Gb Total Space | 1.32 Gb Free Space | 19.36% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEAROIDIN
Current User Name: Danny Lynch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key does not exist or could not be opened. File not found
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/08/14 02:54:03 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\WINDOWS\system32\cnnyixct.exe"=C:\WINDOWS\system32\cnn
[2007/12/07 05:48:26 | 07,370,016 | ---- | M] (SmartSoft Ltd.) -- C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5
[2007/03/19 16:01:46 | 03,141,632 | ---- | M] (Sensormatic Electronics Corporation) -- C:\Program Files\Sensormatic\NetworkClient\Bin\NetworkClient.exe:*:Enabled:Network Client Application
[2008/02/15 18:15:54 | 00,079,360 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser
[2008/08/01 17:18:05 | 03,587,120 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
File not found -- F:\SETUP.EXE:*:Enabled:Setup
[2008/04/14 01:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App
[2008/09/27 13:21:23 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/06/17 15:03:08 | 00,106,496 | ---- | M] () -- C:\Program Files\Steam\SteamApps\xx_desertfox_xx\counter-strike source\hl2.exe:*:Enabled:hl2
[2008/05/27 10:50:48 | 07,677,232 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/07/30 10:47:50 | 20,252,968 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- D:\Star Wars Jedi Knight - Jedi Academy (2 Cds)\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer
File not found -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
[2007/12/20 20:23:00 | 00,072,264 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe:*:Disabled:Kaspersky Anti-Virus 7.0 Setup
File not found -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 04:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 12:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/02/23 19:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0004D4C8-7F6C-BA20-32B2-5C861FA340CB}"=Catalyst Control Center Graphics Full Existing
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic Data Module
"{084709F7-38C5-4609-B55F-2417939315EB}"=Adobe Premiere Pro
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}"=Symantec KB-DocID:2003093015493306
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{10053F59-0765-163D-F759-155E6DA35AB6}"=CCC Help English
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=Lexmark Toolbar
"{101E4225-8983-7850-3E8C-00C5E0A13B40}"=ccc-core-static
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}"=CP_CalendarTemplates1
"{1EC60864-A294-44BF-984A-3E8867D74EA2}"=Adobe After Effects 6.0
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2A548002-9042-4083-A270-B67473DE1073}"=SkinsHP1
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}"=Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}"=OptionalContentQFolder
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}"=iTunes
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{3F555374-449A-0734-73EA-5FF6207FA30F}"=Skins
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}"=RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}"=HP Wireless Assistant 2.00 C1
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}"=Microsoft Windows Journal Viewer
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}"=HP QuickPlay 2.0
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}"=CP_Panorama1Config
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}"=Apple Mobile Device Support
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}"=cp_LightScribeConfig
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{5141D667-6FE0-DFD6-FDC8-C981DC06520C}"=Catalyst Control Center Graphics Full New
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{51C65CD6-A344-41B5-81E2-3CCAC8024F68}"=Sibelius Scorch
"{51C9B6D6-BF0F-3BA5-1EA4-17C6190DBE07}"=ccc-core-preinstall
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54F0998F-73C8-4b51-8286-FE903C231BED}"=cp_PosterPrintConfig
"{5783F2D7-4001-0409-0002-0060B0CE6BBA}"=AutoCAD 2006 - English
"{5888428E-699C-4E71-BF71-94EE06B497DA}"=TuneUp Utilities 2008
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{68E9A0DF-ED47-11D5-A3F2-00A0CC5DF8D2}"=Intellex Player
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}"=CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}"=Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}"=TIPCI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}"=LightScribe 1.4.56.1
"{7F6F120D-E3DA-406c-B555-ABF662F69907}"=DeepDVD Movie
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}"=cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"{81E76DE9-BBCB-449C-91BB-6E4E5436D496}"=Adobe Audition 1.0
"{869C3062-4745-4949-B6C9-98AF24D89030}"=PhotoGallery
"{86F68693-A637-1F4D-5D4F-4D58486A4601}"=ccc-utility
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B69B6CD-A933-4313-BA46-A314158B2D38}"=NetworkClient
"{8C92D38B-C1DE-490A-B6D1-AAAA8E17DCE2}"=WinTasks Trial
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90190409-6000-11D3-8CFE-0050048383C9}"=Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{90850409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word Viewer 2003
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1"=IZArc 3.81
"{9894D22D-0558-41D9-95FC-8E9BFD6E8170}"=Opera 9.26
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}"=CueTour
"{9F185C48-595B-401A-A1D6-AAB324890DC4}"=GiPo@MoveOnBoot 1.9.5
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}"=HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio Module
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000001}"=Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AE888E0F-6727-0045-A966-CFB975AC15BA}"=Catalyst Control Center Graphics Previews Common
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}"=CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}"=HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}"=cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}"=HP User Guides--System Recovery
"{C151CE54-E7EA-4804-854B-F515368B0798}"=AMD Processor Driver
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}"=SmartFTP Client
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}"=Sibelius 5
"{C952BD03-9AC6-F898-B17F-9352638EC93C}"=Catalyst Control Center Core Implementation
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CADF1911-C4FB-8651-36E0-FF06DAA75F28}"=Catalyst Control Center Graphics Light
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}"=Quick Launch Buttons 5.20 G1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D17A2FDC-5C16-439C-A0E1-FF350079447E}"=HP User Guides 0026
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}"=ISO Recorder
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{F2CF483C-7EEE-4B64-A730-14F83CD5AFFE}"=Adobe Encore DVD 1.0
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}"=InstantShareDevices
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Autodesk DWF Viewer"=Autodesk DWF Viewer
"CCleaner"=CCleaner (remove only)
"CNXT_AUDIO"=Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378"=Soft Data Fax Modem with SmartCP
"Creative Removable Disk Manager"=Creative Removable Disk Manager
"dBpowerAMP FLAC Codec"=dBpowerAMP FLAC Codec
"dBpowerAMP Music Converter"=dBpowerAMP Music Converter
"dMC Power Pack"=dMC Power Pack
"Earope Advanced Ear Training_is1"=Earope Advanced Ear Training v1.65
"EAX Unified"=EAX Unified
"FL Studio_is1"=FL Studio v7.0
"Free YouTube to iPod Converter_is1"=Free YouTube to iPod Converter version 3.1
"FreeFind"=FreeFind
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 6.0
"HP Photo & Imaging"=HP Photosmart Premier Software 6.0
"HP-Color LaserJet 2600n"=Color LaserJet 2600n
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"iDump"=iDump (Backing up your iPod)
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}"=Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"LastFM_is1"=Last.fm 1.5.1.29527
"Lexmark 2400 Series"=Lexmark 2400 Series
"Magic Video Converter_is1"=Magic Video Converter Trial Version (English) 8.0.2.18
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Norton PC Checkup"=Norton PC Checkup
"Picasa2"=Picasa 2
"RealPlayer 6.0"=RealPlayer
"ShockwaveFlash"=Adobe Flash Player 9
"Silca Cross Reference"=Silca Cross Reference
"Silca Electronic Key Catalogue"=Silca Electronic Key Catalogue
"SmartFTP Client 2.5 Setup Files"=SmartFTP Client 2.5 Setup Files (remove only)
"ST4UNST #1"=Solutions Plus Demo
"Steinberg Cubase SX v3.1.1.944"=Steinberg Cubase SX v3.1.1.944
"SyncroSoft Emu"=SyncroSoft Emu (Remove only)
"Syncrosoft's License Control"=Syncrosoft's License Control
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"SysInfo"=Creative System Information
"The Rosetta Stone"=The Rosetta Stone
"Unlocker"=Unlocker 1.8.7
"ViewpointMediaPlayer"=Viewpoint Media Player
"VobSub"=VobSub v2.23 (Remove Only)
"WIDI Recognition System Pro 3.3"=WIDI Recognition System Pro 3.3 (remove only)
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent
"VideoEgg"=VideoEgg Publisher

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent
"VideoEgg"=VideoEgg Publisher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/10/2008 17:34:28 | Computer Name = GEAROIDIN | Source = Application Error | ID = 1000
Description = Faulting application qpservice.exe, version 4.5.0.1, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000108b3.

Error - 13/10/2008 11:44:16 | Computer Name = GEAROIDIN | Source = Application Error | ID = 1000
Description = Faulting application qpservice.exe, version 4.5.0.1, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000108b3.

Error - 13/10/2008 11:46:30 | Computer Name = GEAROIDIN | Source = Application Error | ID = 1000
Description = Faulting application ntlxeventhandler.exe, version 4.10.47.338, faulting
module mfc71.dll, version 7.10.3077.0, fault address 0x0001aeee.

Error - 13/10/2008 11:48:21 | Computer Name = GEAROIDIN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/10/2008 14:10:07 | Computer Name = GEAROIDIN | Source = Application Error | ID = 1000
Description = Faulting application qpservice.exe, version 4.5.0.1, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000108b3.

Error - 13/10/2008 16:33:23 | Computer Name = GEAROIDIN | Source = Application Error | ID = 1000
Description = Faulting application qpservice.exe, version 4.5.0.1, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000108b3.

Error - 16/10/2008 11:19:21 | Computer Name = GEAROIDIN | Source = Application Error | ID = 1000
Description = Faulting application qpservice.exe, version 4.5.0.1, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000108b3.

Error - 17/10/2008 07:56:13 | Computer Name = GEAROIDIN | Source = Application Error | ID = 1000
Description = Faulting application burnin~1.exe, version 1.0.7.32, faulting module
starburn.dll, version 7.1.10.272, fault address 0x0002cdf5.

Error - 17/10/2008 19:12:34 | Computer Name = GEAROIDIN | Source = Application Error | ID = 1000
Description = Faulting application deepdvd movie.exe, version 1.4.8.86, faulting
module foximager.dll, version 1.0.0.1, fault address 0x000166bd.

Error - 18/10/2008 09:32:21 | Computer Name = GEAROIDIN | Source = Application Error | ID = 1000
Description = Faulting application qpservice.exe, version 4.5.0.1, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x000108b3.

[ System Events ]
Error - 18/10/2008 09:50:52 | Computer Name = GEAROIDIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxcr_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44105F}

Error - 18/10/2008 09:50:57 | Computer Name = GEAROIDIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxcr_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44105F}

Error - 18/10/2008 09:51:03 | Computer Name = GEAROIDIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxcr_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44105F}

Error - 18/10/2008 09:51:08 | Computer Name = GEAROIDIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxcr_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44105F}

Error - 18/10/2008 09:51:13 | Computer Name = GEAROIDIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxcr_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44105F}

Error - 18/10/2008 09:51:19 | Computer Name = GEAROIDIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxcr_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44105F}

Error - 18/10/2008 09:51:24 | Computer Name = GEAROIDIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxcr_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44105F}

Error - 18/10/2008 09:51:30 | Computer Name = GEAROIDIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxcr_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44105F}

Error - 18/10/2008 09:51:35 | Computer Name = GEAROIDIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxcr_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44105F}

Error - 18/10/2008 09:51:41 | Computer Name = GEAROIDIN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service lxcr_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44105F}


< End of report >

Thanks!!!!!

Edited by Cp-Poo, 18 October 2008 - 09:02 AM.


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 AM

Posted 18 October 2008 - 09:18 AM

Hello Cp-Poo.

Your computer definately had an infection. All I see now are leftovers.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

View Point Program
Viewpoint Manager and Viewpoint Media Player are considered as foistware instead of malware since it is installed without users approval, but does not have malicious effects. This changed from what we know in 2006 read this article.

I suggest you remove the program(s) through Add and Remove Programs.

While you are there, please remove this old Java version:
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 5

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore when booted, navigate to C:\WINDOWS\erdnt (possibly WINNT), choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.

Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    [HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89105327-97A5-4BC8-BC17-B227BEDF9CBF}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{C4069E3A-68F1-403E-B40E-20066696354B}"=-
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    [HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-
    [HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{C4069E3A-68F1-403E-B40E-20066696354B}"=-
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxvvvs]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydvewjws]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}"=-
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):"msv1_0"
    
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2845c04a-ed03-11db-a327-0014a5b53090}]
    [-HKEY_LOCAL_MACHINE\software\classes\clsid\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    [-HKEY_LOCAL_MACHINE\software\classes\clsid\{C4069E3A-68F1-403E-B40E-20066696354B}]
    [-HKEY_LOCAL_MACHINE\software\classes\clsid\{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}]
    [-HKEY_LOCAL_MACHINE\software\classes\clsid\{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    [-HKEY_LOCAL_MACHINE\software\classes\clsid\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\software\classes\clsid\{89105327-97A5-4BC8-BC17-B227BEDF9CBF}]
    
    :commands
    [Reboot]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Please post back with:
-the OTMoveIt log
-the Kaspersky scan log
-a new OTViewIt log (just OTViewIt.txt)

Remember to take note of which process is hogging the CPU.

With Regards,
The Panda

**reminder to self, fix .html file association

#5 Cp-Poo

Cp-Poo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 PM

Posted 19 October 2008 - 11:16 AM

When I tried to use the kaspersky online scanner it managed to get to the end of the updates but when it did a blue screen came up with an error message about "klif.sys". It is a driver file for kaspersky I believe. This happened several times and I tried to rectify it on the kaspersky forums but to no avail , so i do not have the kaspersky log. Also i realized that winrzf.dll is on my computer and is infected according to kaspersky.

However here is the otmoveit file:

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89105327-97A5-4BC8-BC17-B227BEDF9CBF}\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1580657093-548025417-1326381705-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):"msv1_0" /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2845c04a-ed03-11db-a327-0014a5b53090}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\classes\clsid\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\classes\clsid\{C4069E3A-68F1-403E-B40E-20066696354B}\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\classes\clsid\{4F8C5BB1-8D81-497D-8E4C-4F81490B8FB8}\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\classes\clsid\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\classes\clsid\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\classes\clsid\{89105327-97A5-4BC8-BC17-B227BEDF9CBF}\\ not found.
========== COMMANDS ==========

And the OTviewIt file:

OTViewIt logfile created on: 19/10/2008 17:14:36 - Run 4
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\Danny Lynch\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.01% Memory free
3.84 Gb Paging File | 3.39 Gb Available in Paging File | 88.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 31.13 Gb Free Space | 46.70% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 36.69 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
Drive E: | 6.83 Gb Total Space | 1.32 Gb Free Space | 19.36% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEAROIDIN
Current User Name: Danny Lynch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
[2005/06/19 21:50:08 | 00,729,178 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2006/03/06 14:48:46 | 00,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
[2008/07/30 10:47:56 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2004/08/09 07:03:38 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2005/12/13 17:45:58 | 00,507,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[2005/02/16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/04/14 01:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2006/02/07 02:10:34 | 00,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
[2005/12/22 08:57:10 | 00,405,504 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2005/12/08 14:45:12 | 00,516,182 | ---- | M] () -- C:\Program Files\HPQ\shared\HpqToaster.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2003/04/07 01:42:52 | 00,217,190 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2005/09/24 00:42:32 | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2008/09/27 13:21:23 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/04/14 01:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/04/14 01:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
[2008/10/18 14:47:28 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danny Lynch\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Disabled | Stopped])
[2008/07/22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/04 04:12:02 | 00,561,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
[2008/07/03 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Disabled | Stopped])
[2007/02/09 14:14:23 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Disabled | Stopped])
File not found -- -- (Automatic LiveUpdate Scheduler [Disabled | Stopped])
[2008/07/29 20:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (avp [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/12 18:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Disabled | Stopped])
[2007/12/16 15:58:22 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
[2007/01/04 02:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2005/12/22 00:06:58 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Disabled | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
[2006/01/05 00:06:02 | 00,163,840 | ---- | M] (Alex Feinman) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper [Disabled | Stopped])
[2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2005/11/15 15:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
[2006/02/20 16:23:08 | 00,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe -- (lxcr_device [Disabled | Stopped])
[2001/02/23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Disabled | Stopped])
[2007/03/19 16:02:54 | 00,081,920 | ---- | M] () -- C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe -- (NtlxSrvMgr [Disabled | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
[2007/05/28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Disabled | Stopped])
[2007/02/21 17:50:49 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Disabled | Stopped])
[2008/09/21 14:27:44 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [Disabled | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [Disabled | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services ==========

[2001/08/17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2005/03/09 15:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2008/07/04 07:33:33 | 03,230,720 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/11/28 10:35:38 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2005/08/18 09:22:54 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2005/08/02 10:58:00 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])
[2005/08/02 11:00:00 | 00,349,312 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])
[2005/05/09 21:08:40 | 00,033,792 | ---- | M] (Team H2O) -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX [On_Demand | Running])
[2005/05/05 10:04:08 | 00,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2005/05/05 10:04:04 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/08/22 10:06:00 | 00,231,424 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI [On_Demand | Running])
[2005/08/22 10:06:00 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2008/07/21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/01/29 18:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2008/07/18 17:39:18 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (klif [System | Running])
[2008/04/30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2004/03/17 05:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2005/06/04 01:56:08 | 00,030,464 | ---- | M] (DiBcom SA) -- C:\WINDOWS\system32\drivers\modbda2.sys -- (MODBDA2 [On_Demand | Stopped])
[2008/04/13 19:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])
[2003/08/01 14:57:54 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/11/29 23:30:24 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/09/30 12:11:00 | 00,078,720 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2008/04/13 19:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2001/08/17 12:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
[2008/08/05 22:29:00 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2006/04/21 00:29:30 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
[2005/06/19 21:33:18 | 00,190,400 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2005/09/20 11:30:56 | 00,162,432 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[2007/12/04 16:47:53 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/07/18 17:39:18 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP [On_Demand | Stopped])
[2008/07/22 20:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2005/08/22 10:06:00 | 00,718,464 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 19:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.ie/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (265422 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9196 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} (HKLM) -- C:\Program Files\Lexmark Toolbar\toolband.dll ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" (HKLM) -- C:\Program Files\Lexmark Toolbar\toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" (HKLM) -- C:\Program Files\Lexmark Toolbar\toolband.dll ()
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe ()
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" (Lexmark International Inc.)
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe (Team H2O)
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" ()
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RecGuard"=C:\Windows\SMINST\RecGuard.exe ()
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2003/04/07 01:42:52 | 00,217,190 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
[2005/03/05 14:18:22 | 00,010,872 | ---- | M] (Autodesk, Inc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
[2005/09/24 01:39:30 | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[2007/03/19 16:03:20 | 00,917,504 | ---- | M] (Sensormatic Electronics Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intellex Event Handler.lnk = C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe
[2001/02/13 02:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 02:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll [2008/07/29 20:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKLM] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 14:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0}: http://update.videoegg.com/Install/Windows...ggPublisher.exe -- VideoEgg ActiveX Loader
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{3D04C69D-5774-4372-A008-1E4656C7D791} (Servers: | Description: Broadcom 802.11a/b/g WLAN)
{5705DDE1-80EB-444D-B442-66B4990C28BC} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{5B336503-606B-40F2-B7F6-BB658385FB76} (Servers: | Description: 1394 Net Adapter)
{894D53E5-8CBB-4F77-B4B4-8FFCA82DE462} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
>[2008/07/29 20:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
>[2008/07/29 20:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
byxvvvs: "DllName" = byxvvvs.dll -- File not found
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
ydvewjws: "DllName" = ydvewjws.dll -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2001/07/27 14:07:38 | 00,000,000 | -HS- | M] () -- E:\AUTOEXEC.BAT -- [ FAT32 ]

AUTORUN.FCB [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 06:01:14 | 00,000,053 | -HS- | M] () -- E:\AUTORUN.FCB -- [ FAT32 ]

Autorun.inf [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ]
[2007/06/20 22:35:24 | 00,000,090 | ---- | M] () -- E:\Autorun.inf -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0266a66f-b3bf-11db-a2b1-806d6172696f}\Shell\AutoRun\command]
""=E:\setupSNK.exe -- [2004/08/04 00:56:58 | 00,028,672 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command]
""=E:\setupSNK.exe -- [2004/08/04 00:56:58 | 00,028,672 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[32 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/10/19 16:11:59 | 21,456,36352 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/19 02:41:25 | 00,000,000 | -HSD | C] -- C:\found.000
[2008/10/18 17:54:36 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/18 17:51:25 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Danny Lynch\Desktop\OTMoveIt3.exe
[2008/10/18 17:49:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/18 17:48:25 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/10/18 17:47:18 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Danny Lynch\Desktop\erunt-setup.exe
[2008/10/18 14:47:25 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Danny Lynch\Desktop\OTViewIt.exe
[2008/10/17 12:59:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Danny Lynch\Desktop\Movie#1_data
[2008/10/16 20:21:20 | 00,001,692 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\Desktop\DeepDVD Movie.lnk
[2008/10/16 20:20:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Astonsoft
[2008/10/16 20:20:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Astonsoft
[2008/10/16 20:20:17 | 00,000,000 | ---D | C] -- C:\Program Files\Astonsoft
[2008/10/16 19:51:22 | 73,419,1616 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\Desktop\The.Eye.DVDRip.XviD.avi
[2008/10/15 20:43:10 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 20:41:07 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 20:40:51 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 20:40:40 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 20:40:29 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 20:40:17 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/05 22:27:06 | 00,027,445 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\Desktop\Ryanair.com.htm
[2008/10/04 01:04:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Danny Lynch\Desktop\Ceephax - Exidy tours
[2008/10/02 20:16:04 | 00,371,200 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\My Documents\Tokyo Mew Mew.ppt
[2008/09/30 13:31:31 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\Desktop\New Sibelius Score.sib
[2008/09/27 15:32:49 | 01,812,116 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\My Documents\Grace.Sims2Pack
[2008/09/27 13:11:37 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/09/27 13:11:24 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/09/27 12:52:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/27 12:09:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/27 12:09:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/27 12:09:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/27 12:09:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/27 11:19:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/25 21:57:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/24 16:10:28 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2008/09/22 23:40:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Danny Lynch\Application Data\InstallShield
[2008/09/22 22:27:42 | 00,001,951 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2008/09/22 22:27:42 | 00,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2008/09/22 22:27:41 | 00,001,987 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intellex Event Handler.lnk
[2008/09/22 22:27:41 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2008/09/21 15:28:17 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/21 15:03:09 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/09/21 14:27:46 | 00,028,416 | ---- | C] (TuneUp Software GmbH) -- C:\WINDOWS\System32\uxtuneup.dll
[2008/09/21 14:27:43 | 00,355,584 | ---- | C] (TuneUp Software GmbH) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2008/09/21 14:27:24 | 00,000,843 | ---- | C] () -- C:\Documents and Settings\Danny Lynch\Desktop\TuneUp Utilities 2008.lnk
[2008/09/21 14:26:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/09/21 14:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2008

========== Files - Modified Within 30 Days ==========

[32 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/10/19 17:00:01 | 00,000,498 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2008/10/19 16:53:31 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/19 16:53:14 | 00,000,041 | ---- | M] () -- C:\XP_TV.ini
[2008/10/19 16:49:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/19 16:48:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/19 16:47:59 | 21,456,36352 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/19 16:00:45 | 36,467,232 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/19 16:00:45 | 01,081,120 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/10/19 16:00:45 | 00,492,608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/19 16:00:45 | 00,105,536 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/10/18 17:51:27 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danny Lynch\Desktop\OTMoveIt3.exe
[2008/10/18 17:47:27 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Danny Lynch\Desktop\erunt-setup.exe
[2008/10/18 14:47:28 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Danny Lynch\Desktop\OTViewIt.exe
[2008/10/16 20:23:17 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/16 20:21:20 | 00,001,692 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Desktop\DeepDVD Movie.lnk
[2008/10/16 16:11:10 | 01,750,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 15:04:26 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 01:03:06 | 73,419,1616 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Desktop\The.Eye.DVDRip.XviD.avi
[2008/10/09 08:57:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/06 17:42:36 | 00,000,605 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\My Documents\My Sharing Folders.lnk
[2008/10/05 22:27:06 | 00,027,445 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Desktop\Ryanair.com.htm
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/02 20:30:25 | 00,371,200 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\My Documents\Tokyo Mew Mew.ppt
[2008/09/30 13:31:31 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Desktop\New Sibelius Score.sib
[2008/09/27 18:34:44 | 00,001,034 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/27 18:34:44 | 00,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/09/27 18:34:44 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/09/27 15:32:49 | 01,812,116 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\My Documents\Grace.Sims2Pack
[2008/09/27 13:52:06 | 00,407,538 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/27 13:52:05 | 00,064,380 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/27 13:51:58 | 00,477,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/27 11:33:52 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/21 19:57:53 | 00,265,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/09/21 15:28:17 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/21 14:27:44 | 00,355,584 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2008/09/21 14:27:24 | 00,000,843 | ---- | M] () -- C:\Documents and Settings\Danny Lynch\Desktop\TuneUp Utilities 2008.lnk
[2008/09/21 13:05:37 | 00,265,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20080921-195753.backup
< End of report >
Thanks again!

Edited by Cp-Poo, 19 October 2008 - 11:17 AM.


#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 AM

Posted 19 October 2008 - 11:37 AM

Hello Cp-Poo.

Please uninstall the following using Add/Remove Programs:
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 5

Submit File to Online Scanner
There is an unidentified file that I would like you to check out for me using Jotti/VirusTotal.
  • Open Jotti Online Scanner, or VirusTotal Online Scanner. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • C:\Program Files\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
Download and Run DAFT
This tool will find and fix problems with your file extension associations.
  • Download daft.exe by Deckard to your desktop.
  • Double click daft.exe to run it.
  • Click Scan.
  • Put a check mark beside the following boxes:
    • .html
  • Click Fix.
  • Clost out of daft.
Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxvvvs]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydvewjws]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please post back with:
-the OTMoveIt log
-the F-Secure log
-a new HijackThis log

Any problems on your side?

With Regards,
The Panda

Edited by PropagandaPanda, 19 October 2008 - 11:39 AM.


#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 AM

Posted 24 October 2008 - 07:30 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users