Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Problems


  • This topic is locked This topic is locked
9 replies to this topic

#1 wino_lino

wino_lino

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 05 October 2008 - 05:50 PM

Hi there,

Any assistance with this would be appreciated. Every day Norton picks up a vundo and sometimes a trojan.fakeavalert on my system. I have completed the tutorial using the recommended programs and a HijackThis log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:51, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\New Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\RunOnce: [SpybotDeletingA318] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\BPS Spyware-Adware Remover.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8676] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\BPS Spyware-Adware Remover.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6083] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\Help.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2488] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\Help.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA961] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\Uninstall.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3280] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\Uninstall.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6763] command /c del "C:\Program Files\BPS Remover\Box.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4211] cmd /c del "C:\Program Files\BPS Remover\Box.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5646] command /c del "C:\Program Files\BPS Remover\DataBase.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7660] cmd /c del "C:\Program Files\BPS Remover\DataBase.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7120] command /c del "C:\Program Files\BPS Remover\DB.fix"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8353] cmd /c del "C:\Program Files\BPS Remover\DB.fix"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7136] command /c del "C:\Program Files\BPS Remover\DB1.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2041] cmd /c del "C:\Program Files\BPS Remover\DB1.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3553] command /c del "C:\Program Files\BPS Remover\DB2.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3190] cmd /c del "C:\Program Files\BPS Remover\DB2.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3836] command /c del "C:\Program Files\BPS Remover\DB3.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9003] cmd /c del "C:\Program Files\BPS Remover\DB3.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingA679] command /c del "C:\Program Files\BPS Remover\DB4.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingC76] cmd /c del "C:\Program Files\BPS Remover\DB4.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6225] command /c del "C:\Program Files\BPS Remover\DB5.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1883] cmd /c del "C:\Program Files\BPS Remover\DB5.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7531] command /c del "C:\Program Files\BPS Remover\English.inf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7882] cmd /c del "C:\Program Files\BPS Remover\English.inf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9047] command /c del "C:\Program Files\BPS Remover\Espanol.inf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4598] cmd /c del "C:\Program Files\BPS Remover\Espanol.inf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2741] command /c del "C:\Program Files\BPS Remover\Francais.inf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1845] cmd /c del "C:\Program Files\BPS Remover\Francais.inf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7498] command /c del "C:\Program Files\BPS Remover\Italiano.inf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4863] cmd /c del "C:\Program Files\BPS Remover\Italiano.inf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7985] command /c del "C:\Program Files\BPS Remover\English.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC626] cmd /c del "C:\Program Files\BPS Remover\English.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1021] command /c del "C:\Program Files\BPS Remover\Espanol.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7313] cmd /c del "C:\Program Files\BPS Remover\Espanol.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1696] command /c del "C:\Program Files\BPS Remover\Francais.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5716] cmd /c del "C:\Program Files\BPS Remover\Francais.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6065] command /c del "C:\Program Files\BPS Remover\Italiano.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6923] cmd /c del "C:\Program Files\BPS Remover\Italiano.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5572] command /c del "C:\Program Files\BPS Remover\Errors.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5706] cmd /c del "C:\Program Files\BPS Remover\Errors.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7159] command /c del "C:\Program Files\BPS Remover\EXCLUDEL.DAT"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3625] cmd /c del "C:\Program Files\BPS Remover\EXCLUDEL.DAT"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3381] command /c del "C:\Program Files\BPS Remover\exList.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5106] cmd /c del "C:\Program Files\BPS Remover\exList.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6392] command /c del "C:\Program Files\BPS Remover\FixConf.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3990] cmd /c del "C:\Program Files\BPS Remover\FixConf.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1615] command /c del "C:\Program Files\BPS Remover\guard.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1166] cmd /c del "C:\Program Files\BPS Remover\guard.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6710] command /c del "C:\Program Files\BPS Remover\Help.chm"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1682] cmd /c del "C:\Program Files\BPS Remover\Help.chm"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6785] command /c del "C:\Program Files\BPS Remover\home.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingC486] cmd /c del "C:\Program Files\BPS Remover\home.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2603] command /c del "C:\Program Files\BPS Remover\hosts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6266] cmd /c del "C:\Program Files\BPS Remover\hosts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8347] command /c del "C:\Program Files\BPS Remover\Ignorelst98"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6449] cmd /c del "C:\Program Files\BPS Remover\Ignorelst98"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6017] command /c del "C:\Program Files\BPS Remover\Ignorelstxp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6545] cmd /c del "C:\Program Files\BPS Remover\Ignorelstxp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5929] command /c del "C:\Program Files\BPS Remover\Mask.skn"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3046] cmd /c del "C:\Program Files\BPS Remover\Mask.skn"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5805] command /c del "C:\Program Files\BPS Remover\Purchase.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4340] cmd /c del "C:\Program Files\BPS Remover\Purchase.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3314] command /c del "C:\Program Files\BPS Remover\Scan Session.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5210] cmd /c del "C:\Program Files\BPS Remover\Scan Session.txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8020] command /c del "C:\Program Files\BPS Remover\scanning.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9635] cmd /c del "C:\Program Files\BPS Remover\scanning.bps"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7574] command /c del "C:\Program Files\BPS Remover\Splash.spl"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3209] cmd /c del "C:\Program Files\BPS Remover\Splash.spl"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8457] command /c del "C:\Program Files\BPS Remover\unins000.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3893] cmd /c del "C:\Program Files\BPS Remover\unins000.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3719] command /c del "C:\Program Files\BPS Remover\unins000.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1914] cmd /c del "C:\Program Files\BPS Remover\unins000.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7236] command /c del "C:\Program Files\BPS Remover\update.cli"
O4 - HKLM\..\RunOnce: [SpybotDeletingC824] cmd /c del "C:\Program Files\BPS Remover\update.cli"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3551] command /c del "C:\Program Files\BPS Remover\update.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4331] cmd /c del "C:\Program Files\BPS Remover\update.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6814] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\BPS Spyware-Adware Remover.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7708] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\BPS Spyware-Adware Remover.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2683] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\Help.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2895] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\Help.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1007] command /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\Uninstall.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7721] cmd /c del "C:\Documents and Settings\All Users\Start Menu\Programs\BulletProfSoft.com\BPS Remover\Uninstall.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2529] command /c del "C:\Program Files\BPS Remover\Box.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingD305] cmd /c del "C:\Program Files\BPS Remover\Box.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1978] command /c del "C:\Program Files\BPS Remover\DataBase.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8725] cmd /c del "C:\Program Files\BPS Remover\DataBase.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4004] command /c del "C:\Program Files\BPS Remover\DB.fix"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6460] cmd /c del "C:\Program Files\BPS Remover\DB.fix"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5961] command /c del "C:\Program Files\BPS Remover\DB1.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6927] cmd /c del "C:\Program Files\BPS Remover\DB1.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8312] command /c del "C:\Program Files\BPS Remover\DB2.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7554] cmd /c del "C:\Program Files\BPS Remover\DB2.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingB134] command /c del "C:\Program Files\BPS Remover\DB3.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingD913] cmd /c del "C:\Program Files\BPS Remover\DB3.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4218] command /c del "C:\Program Files\BPS Remover\DB4.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1073] cmd /c del "C:\Program Files\BPS Remover\DB4.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6580] command /c del "C:\Program Files\BPS Remover\DB5.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1800] cmd /c del "C:\Program Files\BPS Remover\DB5.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8931] command /c del "C:\Program Files\BPS Remover\English.inf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8690] cmd /c del "C:\Program Files\BPS Remover\English.inf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2] command /c del "C:\Program Files\BPS Remover\Espanol.inf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3604] cmd /c del "C:\Program Files\BPS Remover\Espanol.inf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8350] command /c del "C:\Program Files\BPS Remover\Francais.inf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD541] cmd /c del "C:\Program Files\BPS Remover\Francais.inf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7248] command /c del "C:\Program Files\BPS Remover\Italiano.inf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8094] cmd /c del "C:\Program Files\BPS Remover\Italiano.inf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8775] command /c del "C:\Program Files\BPS Remover\English.jpg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3295] cmd /c del "C:\Program Files\BPS Remover\English.jpg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7264] command /c del "C:\Program Files\BPS Remover\Espanol.jpg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1372] cmd /c del "C:\Program Files\BPS Remover\Espanol.jpg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2991] command /c del "C:\Program Files\BPS Remover\Francais.jpg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2316] cmd /c del "C:\Program Files\BPS Remover\Francais.jpg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9289] command /c del "C:\Program Files\BPS Remover\Italiano.jpg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9182] cmd /c del "C:\Program Files\BPS Remover\Italiano.jpg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4786] command /c del "C:\Program Files\BPS Remover\Errors.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7161] cmd /c del "C:\Program Files\BPS Remover\Errors.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB211] command /c del "C:\Program Files\BPS Remover\EXCLUDEL.DAT"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7359] cmd /c del "C:\Program Files\BPS Remover\EXCLUDEL.DAT"
O4 - HKCU\..\RunOnce: [SpybotDeletingB465] command /c del "C:\Program Files\BPS Remover\exList.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3325] cmd /c del "C:\Program Files\BPS Remover\exList.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2866] command /c del "C:\Program Files\BPS Remover\FixConf.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD291] cmd /c del "C:\Program Files\BPS Remover\FixConf.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7297] command /c del "C:\Program Files\BPS Remover\guard.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3500] cmd /c del "C:\Program Files\BPS Remover\guard.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1435] command /c del "C:\Program Files\BPS Remover\Help.chm"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2738] cmd /c del "C:\Program Files\BPS Remover\Help.chm"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6343] command /c del "C:\Program Files\BPS Remover\home.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3693] cmd /c del "C:\Program Files\BPS Remover\home.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1437] command /c del "C:\Program Files\BPS Remover\hosts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD585] cmd /c del "C:\Program Files\BPS Remover\hosts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2223] command /c del "C:\Program Files\BPS Remover\Ignorelst98"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2355] cmd /c del "C:\Program Files\BPS Remover\Ignorelst98"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8177] command /c del "C:\Program Files\BPS Remover\Ignorelstxp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3479] cmd /c del "C:\Program Files\BPS Remover\Ignorelstxp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7145] command /c del "C:\Program Files\BPS Remover\Mask.skn"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9879] cmd /c del "C:\Program Files\BPS Remover\Mask.skn"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1523] command /c del "C:\Program Files\BPS Remover\Purchase.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7907] cmd /c del "C:\Program Files\BPS Remover\Purchase.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2556] command /c del "C:\Program Files\BPS Remover\Scan Session.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4648] cmd /c del "C:\Program Files\BPS Remover\Scan Session.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5967] command /c del "C:\Program Files\BPS Remover\scanning.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1021] cmd /c del "C:\Program Files\BPS Remover\scanning.bps"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2258] command /c del "C:\Program Files\BPS Remover\Splash.spl"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1948] cmd /c del "C:\Program Files\BPS Remover\Splash.spl"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7831] command /c del "C:\Program Files\BPS Remover\unins000.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9644] cmd /c del "C:\Program Files\BPS Remover\unins000.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB128] command /c del "C:\Program Files\BPS Remover\unins000.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7893] cmd /c del "C:\Program Files\BPS Remover\unins000.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB617] command /c del "C:\Program Files\BPS Remover\update.cli"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4505] cmd /c del "C:\Program Files\BPS Remover\update.cli"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7970] command /c del "C:\Program Files\BPS Remover\update.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD76] cmd /c del "C:\Program Files\BPS Remover\update.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O20 - AppInit_DLLs: ppxhra.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 22180 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 14 October 2008 - 10:48 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 wino_lino

wino_lino
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 14 October 2008 - 01:27 PM

Hi PP

Thanks for the reply. OTViewIt logs follow.
The only change Ive made to my computer is to create a new User Profile, mainly because the one that I had before was shafted by a virus. Im pretty sure my HijackThis log was from my new user profile however.
Hope this doesnt screw things up.
Also I have installed Norton internet security 2009, and up until today(!) it hadnt picked up any traces of the Vundo. Given the nature of the virus, I dont feel like leaving anything to chance...


Thanks again,

Wino


OTViewIt logfile created on: 14/10/2008 19:13:26 - Run
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\New Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.24 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 57.91% Memory free
1.83 Gb Paging File | 1.45 Gb Available in Paging File | 79.12% Paging File free
Paging file location(s): C:\pagefile.sys 756 2000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 30.40 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINO
Current User Name: New Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/05 21:12:42 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/10/07 20:53:40 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
[2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2008/10/07 20:53:40 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
[2008/05/27 10:50:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2004/07/19 08:51:24 | 00,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/06/23 10:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/14 01:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/10/14 19:12:30 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/05 21:12:42 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
[2006/01/05 01:06:02 | 00,163,840 | ---- | M] (Alex Feinman) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper [Disabled | Stopped])
[2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Stopped])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [Disabled | Stopped])
[2008/10/07 20:53:40 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
[2007/12/05 02:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Disabled | Stopped])
[2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services ==========

[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/03/01 15:33:06 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2008/10/07 20:53:42 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys -- (BHDrvx86 [System | Running])
[2008/10/07 20:53:42 | 00,362,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys -- (ccHP [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2004/10/14 09:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/10/07 20:53:42 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2004/10/25 21:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH [On_Demand | Stopped])
[2008/10/07 20:53:42 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2005/09/22 19:19:54 | 00,148,608 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2 [On_Demand | Stopped])
[2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/03/23 20:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2008/10/07 20:53:43 | 00,274,808 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081009.001\IDSxpx86.sys -- (IDSxpx86 [System | Running])
[2004/03/06 05:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/06 05:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/16 04:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2005/02/11 10:19:20 | 00,055,216 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus [On_Demand | Stopped])
[2005/02/11 10:21:02 | 00,006,576 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl [On_Demand | Stopped])
[2005/02/11 10:21:10 | 00,089,872 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm [On_Demand | Stopped])
[2005/02/11 10:22:48 | 00,081,728 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped])
[2005/02/11 10:24:24 | 00,079,488 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex [On_Demand | Stopped])
[2008/04/13 19:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/06 05:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
File not found -- C:\DOCUME~1\Finchy\LOCALS~1\Temp\musbehco.sys -- (musbehco [On_Demand | Stopped])
[2008/10/07 20:53:43 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081012.009\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/10/07 20:53:43 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081012.009\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2007/12/05 02:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/04/25 03:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2006/12/24 20:15:00 | 00,008,576 | ---- | M] () -- C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Stopped])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/08/10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/08/10 15:06:28 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2008/04/13 19:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/03/12 11:15:48 | 00,038,400 | R--- | M] () -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter [On_Demand | Stopped])
[2008/10/07 20:53:44 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\srtsp.sys -- (SRTSP [On_Demand | Running])
[2008/10/07 20:53:44 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\srtspx.sys -- (SRTSPX [System | Running])
[2005/08/30 02:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2005/08/30 02:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
[2005/08/30 02:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
[2005/08/30 18:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
[2005/08/30 18:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
[2005/08/30 18:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
[2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
[2005/11/16 22:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2008/10/07 20:53:44 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/10/07 20:53:44 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SymEFA.sys -- (SymEFA [Boot | Running])
[2008/10/07 20:53:57 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/10/07 20:53:44 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/10/07 20:53:44 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/10/07 20:53:44 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/10/07 20:53:44 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/10/07 20:53:44 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/10/07 20:53:44 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/10/07 20:53:44 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symtdi.sys -- (SYMTDI [System | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2006/05/24 16:40:45 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://uk.msn.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=MSN Search
"SearchMigratedDefaultURL"=http://search.msn.co.uk/previewx.aspx?q={searchTerms}&FORM=CBPW&first=1&noredir=1
"Start Page"=http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://uk.msn.com/

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-500\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (732 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.dll (Symantec Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4oD"="C:\Program Files\Kontiki\KHost.exe" -all (Kontiki Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- Reg Error: Key does not exist or could not be opened. File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Sun Java Console] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Sun Java Console] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Sun Java Console] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Sun Java Console] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Sun Java Console] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\s-1-5-21-3998676977-3627010577-1362678039-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Sun Java Console] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{166B1BCA-3F9C-11CF-8075-444553540000}: http://active.macromedia.com/director/cabs/sw.cab -- Shockwave ActiveX Control
{55027008-315F-4F45-BBC3-8BE119764741}: http://www.slide.com/uploader/SlideImageUploader.cab -- Slide Image Uploader Control
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}: http://upload.facebook.com/controls/Facebo...toUploader3.cab -- Facebook Photo Uploader 4 Control
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab -- System Requirements Lab Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{74DBCB52-F298-4110-951D-AD2FF67BC8AB}: http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab -- NVIDIA Smart Scan
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}: http://upload.facebook.com/controls/Facebo...Uploader4_5.cab -- Facebook Photo Uploader 4

========== (O17) DNS Name Servers ==========

{DFBD426F-FA2B-4392-8083-7AE52E446A97} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{F5027B9F-700B-4753-9F9C-686DF38A9931} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=ppxhra.dll
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 05:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AutoRun []
[2006/11/06 22:59:47 | 00,569,344 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

AutoRun.exe [MZ | ]
[2006/11/06 22:59:47 | 00,569,344 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

autorun.inf [[autorun] | open=Autorun.exe | Icon=LotRIcon.exe | Name=The Lord of the Rings, The Rise of the Witch-king | | [Special] | Disk=1 | ProductGuiID={B931FB80-537A-4600-00AD-AC5DEDB6C25B} | | ]
[2006/11/06 23:18:16 | 00,000,180 | R--- | M] () -- D:\autorun.inf -- [ UDF ]

AutoRunGUI.dll [MZ | ]
[2006/10/29 03:39:19 | 00,880,640 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRunGUI.dll -- [ UDF ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/14 19:12:26 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\New Administrator\Desktop\OTViewIt.exe
[2008/10/11 16:27:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\Adobe
[2008/10/11 14:38:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
[2008/10/10 20:05:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Desktop\Passwords
[2008/10/10 20:03:45 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\New Administrator\Desktop\Budget.xlr
[2008/10/09 18:42:50 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\New Administrator\Desktop\Mr Matt Lines.doc
[2008/10/08 19:10:19 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 19:04:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/08 18:52:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/08 18:52:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/08 18:52:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/08 18:52:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/10/08 18:48:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/10/08 18:38:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/10/08 18:29:26 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/10/08 18:29:22 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/10/08 18:29:20 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/10/08 18:29:20 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/10/08 18:29:15 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/10/08 18:29:09 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/10/08 18:29:08 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/10/08 18:29:04 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/10/08 18:29:03 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/10/08 18:29:03 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/10/08 18:28:50 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/10/08 18:28:48 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/10/08 18:28:46 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/10/08 18:28:40 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/10/08 18:28:40 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/10/08 18:28:34 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/10/08 18:28:34 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/10/08 18:28:33 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/10/08 18:28:31 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/10/08 18:28:30 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/10/08 18:28:28 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/10/08 18:28:28 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/10/08 18:28:28 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/10/08 18:28:25 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/10/08 18:28:21 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/10/08 18:28:10 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/10/08 18:28:07 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/10/08 18:28:07 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/10/08 18:28:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/10/08 18:28:05 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/10/08 18:28:05 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/10/08 18:28:04 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/10/08 18:28:04 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/10/08 18:28:02 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/10/08 18:28:02 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/10/08 18:27:36 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/10/08 18:27:36 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/10/08 18:27:35 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/10/08 18:27:35 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/10/08 18:27:19 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/10/08 18:27:19 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/10/08 18:27:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/10/08 18:27:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/10/08 18:27:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/10/08 18:27:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/10/08 18:27:06 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/10/08 18:27:04 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/10/08 18:27:04 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/10/08 18:27:02 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/10/08 18:26:57 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/10/08 18:26:55 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/10/08 18:26:53 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/10/08 18:26:51 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/10/08 18:26:51 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/10/08 18:26:51 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/10/08 18:26:51 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/10/08 18:26:51 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/10/08 18:26:51 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/10/08 18:26:51 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/10/08 18:26:51 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/10/08 18:26:50 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/10/08 18:26:50 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/10/08 18:26:50 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/10/08 18:26:50 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/10/08 18:26:50 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/10/08 18:26:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/10/08 18:26:50 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/10/08 18:26:49 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/10/08 18:26:49 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/10/08 18:26:47 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/10/08 18:26:47 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/10/08 18:26:46 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/10/08 18:26:40 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/10/08 18:26:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/10/08 18:26:40 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/10/08 18:26:40 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/10/08 18:26:39 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/10/08 18:26:39 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/10/08 18:26:30 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/10/07 20:54:26 | 02,115,626 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\Cat.DB
[2008/10/07 20:54:15 | 00,035,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2008/10/07 20:53:57 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/10/07 20:53:57 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/10/07 20:53:57 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/10/07 20:53:57 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/10/07 20:53:57 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2008/10/07 20:53:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2008/10/07 20:53:46 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2008/10/07 20:53:44 | 00,309,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.sys
[2008/10/07 20:53:44 | 00,305,712 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.sys
[2008/10/07 20:53:44 | 00,198,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symtdi.sys
[2008/10/07 20:53:44 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symfw.sys
[2008/10/07 20:53:44 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.sys
[2008/10/07 20:53:44 | 00,040,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndisv.sys
[2008/10/07 20:53:44 | 00,037,424 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndis.sys
[2008/10/07 20:53:44 | 00,034,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symids.sys
[2008/10/07 20:53:44 | 00,024,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symredrv.sys
[2008/10/07 20:53:44 | 00,012,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symdns.sys
[2008/10/07 20:53:42 | 00,254,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.sys
[2008/10/07 20:53:19 | 00,003,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.inf
[2008/10/07 20:53:19 | 00,001,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.inf
[2008/10/07 20:53:19 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.inf
[2008/10/07 20:53:19 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.inf
[2008/10/07 20:53:19 | 00,000,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.inf
[2008/10/07 20:53:19 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\isolate.ini
[2008/10/07 20:53:10 | 00,013,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.cat
[2008/10/07 20:53:10 | 00,010,659 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.cat
[2008/10/07 20:53:10 | 00,010,621 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.cat
[2008/10/07 20:53:10 | 00,010,617 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.cat
[2008/10/07 20:53:10 | 00,010,613 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.CAT
[2008/10/07 20:53:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1000000.07D
[2008/10/07 20:53:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2008/10/07 20:53:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2008/10/07 20:53:07 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2008/10/07 20:52:45 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2008/10/06 14:00:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Desktop\Security Programs
[2008/10/05 23:47:01 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\New Administrator\Desktop\HiJackThis.exe
[2008/10/05 22:44:51 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/05 22:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/05 21:12:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/05 21:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/05 21:01:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/05 20:38:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\WinRAR
[2008/10/05 19:56:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Malwarebytes
[2008/10/05 19:56:41 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/05 19:56:40 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/05 19:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/05 19:56:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/04 16:06:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Desktop\Finchy
[2008/10/04 15:53:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Corel Photo Album
[2008/10/04 15:53:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\Corel Photo Album
[2008/10/04 15:45:07 | 00,320,032 | ---- | C] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/04 15:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\Symantec
[2008/10/04 15:30:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Macromedia
[2008/10/04 15:28:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Adobe
[2008/10/04 15:26:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\Scansoft
[2008/10/04 15:24:53 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2008/10/04 15:24:19 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\New Administrator\Application Data\desktop.ini
[2008/10/04 15:24:16 | 03,780,884 | -H-- | C] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\IconCache.db
[2008/10/04 15:24:16 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\fusioncache.dat
[2008/10/04 15:24:15 | 00,000,088 | -HS- | C] () -- C:\Documents and Settings\New Administrator\My Documents\desktop.ini
[2008/10/04 15:24:14 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\New Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/10/04 15:24:13 | 00,000,000 | --SD | C] -- C:\Documents and Settings\New Administrator\Application Data\Microsoft
[2008/10/04 15:24:13 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\New Administrator\Application Data\Gtek
[2008/10/04 15:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\You've Got Pictures Screensaver
[2008/10/04 15:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Sun
[2008/10/04 15:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Identities
[2008/10/04 15:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Corel
[2008/10/04 15:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\AOL
[2008/10/04 15:24:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\New Administrator\My Documents\My Pictures
[2008/10/04 15:24:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\New Administrator\My Documents\My Music
[2008/10/04 15:24:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\Microsoft
[2008/10/04 15:24:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\ApplicationHistory
[2008/10/04 15:24:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2008/10/04 12:46:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2008/10/04 12:43:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2008/10/04 10:49:31 | 00,131,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADODC.ocx
[2008/10/04 10:49:30 | 01,435,272 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2008/10/04 10:49:30 | 01,140,472 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGUltraGrid20.ocx
[2008/10/04 10:49:30 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2008/10/04 10:49:30 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2008/10/04 10:49:30 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\systray.ocx
[2008/10/04 10:49:29 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2008/10/04 10:49:29 | 00,265,753 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\AS-Exp2.ocx
[2008/10/04 10:49:29 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2008/10/04 10:49:28 | 00,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2008/10/04 10:49:28 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2008/10/04 10:49:27 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\md5.dll
[2008/10/04 10:49:26 | 00,000,000 | ---D | C] -- C:\Program Files\BPS Remover
[2008/10/03 20:54:02 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\vtimcxvq.dll
[2008/10/02 21:00:45 | 01,029,116 | -HS- | C] () -- C:\WINDOWS\System32\bfumvnsh.ini
[2008/10/02 20:54:43 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\daxoekee.dll
[2008/10/02 18:52:54 | 01,012,276 | -HS- | C] () -- C:\WINDOWS\System32\wxbnnhnn.ini
[2008/10/02 18:46:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\EV19
[2008/09/21 16:05:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Desktop\Star Wars - Pod Racer
[2008/09/21 09:55:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/09/20 19:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/09/20 19:35:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/09/17 14:16:33 | 00,549,159 | RHS- | C] () -- C:\Program Files\Norton2009Reset.exe
[2008/09/16 18:44:51 | 00,000,000 | ---D | C] -- C:\ConvertTemp

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/14 19:12:30 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New Administrator\Desktop\OTViewIt.exe
[2008/10/14 19:05:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/14 19:02:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/14 19:02:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/13 14:20:01 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/10/12 18:17:12 | 02,115,626 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\Cat.DB
[2008/10/11 14:25:25 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\New Administrator\Desktop\Budget.xlr
[2008/10/09 18:43:35 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\New Administrator\Desktop\Mr Matt Lines.doc
[2008/10/08 19:10:19 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 19:08:47 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/08 19:08:47 | 00,407,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/08 19:08:47 | 00,064,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/08 19:03:43 | 01,030,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/08 19:02:04 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/08 18:44:42 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/07 20:53:57 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/10/07 20:53:57 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/10/07 20:53:57 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/10/07 20:53:57 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/10/07 20:53:46 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2008/10/07 20:53:44 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.sys
[2008/10/07 20:53:44 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.sys
[2008/10/07 20:53:44 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symtdi.sys
[2008/10/07 20:53:44 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symfw.sys
[2008/10/07 20:53:44 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.sys
[2008/10/07 20:53:44 | 00,040,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndisv.sys
[2008/10/07 20:53:44 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndis.sys
[2008/10/07 20:53:44 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2008/10/07 20:53:44 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symids.sys
[2008/10/07 20:53:44 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symredrv.sys
[2008/10/07 20:53:44 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symdns.sys
[2008/10/07 20:53:42 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.sys
[2008/10/07 20:53:19 | 00,003,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.inf
[2008/10/07 20:53:19 | 00,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.inf
[2008/10/07 20:53:19 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.inf
[2008/10/07 20:53:19 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.inf
[2008/10/07 20:53:19 | 00,000,641 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.inf
[2008/10/07 20:53:19 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\isolate.ini
[2008/10/07 20:53:10 | 00,013,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.cat
[2008/10/07 20:53:10 | 00,010,659 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.cat
[2008/10/07 20:53:10 | 00,010,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.cat
[2008/10/07 20:53:10 | 00,010,617 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.cat
[2008/10/07 20:53:10 | 00,010,613 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.CAT
[2008/10/05 23:47:04 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\New Administrator\Desktop\HiJackThis.exe
[2008/10/05 23:13:31 | 00,002,669 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/04 15:58:26 | 00,164,314 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/04 15:53:34 | 00,006,686 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/10/04 15:53:32 | 00,000,104 | RHS- | M] () -- C:\WINDOWS\System32\229AE56E9B.sys
[2008/10/04 15:45:07 | 00,320,032 | ---- | M] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/04 15:26:08 | 00,000,088 | -HS- | M] () -- C:\Documents and Settings\New Administrator\My Documents\desktop.ini
[2008/10/04 12:45:09 | 00,180,256 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2008/10/04 11:39:00 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/04 10:40:42 | 01,029,116 | -HS- | M] () -- C:\WINDOWS\System32\bfumvnsh.ini
[2008/10/02 18:52:57 | 01,012,276 | -HS- | M] () -- C:\WINDOWS\System32\wxbnnhnn.ini
[2008/09/28 15:10:59 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\New Administrator\Desktop\Budget.xls
< End of report >

OTViewIt Extras logfile created on: 14/10/2008 19:13:26 - Run
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\New Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.24 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 57.91% Memory free
1.83 Gb Paging File | 1.45 Gb Available in Paging File | 79.12% Paging File free
Paging file location(s): C:\pagefile.sys 756 2000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 30.40 Gb Free Space | 43.56% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINO
Current User Name: New Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/09/26 16:48:46 | 12,300,200 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
File not found -- C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL
[2008/06/23 10:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\WINDOWS\kdx\KHost.exe:*:Enabled:Delivery Manager
File not found -- C:\Program Files\KService\KService.exe:*:Enabled:Delivery Manager Service
[2006/01/25 20:39:46 | 00,249,856 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat:*:Enabled:patchgrabber
[2008/04/14 01:12:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console
[2000/04/15 19:47:10 | 00,888,832 | ---- | M] () -- C:\Program Files\Maxis\SimCity 3000 UK Edition\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC
[2006/03/01 15:33:03 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
File not found -- C:\Games\FreeSpace\FS.exe:*:Disabled:FreeSpace
[2006/10/29 14:32:00 | 12,203,360 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king
[2006/04/25 11:29:38 | 00,249,856 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\patchget.dat:*:Enabled:patchgrabber
File not found -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/04/29 18:51:26 | 00,587,568 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 01:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 01:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 01:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/09/23 04:28:18 | 00,866,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2004/07/01 10:32:38 | 00,073,728 | ---- | M] () C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll application/x-internet-signup:{A173B69A-1F9B-4823-9FDA-412F641E65D6} (HKLM) [INSMimeFilterPP Class]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{05D60953-9012-44DF-A1A6-9DD97AD6580A}"=Corel Painter X
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}"=Corel Painter X
"{075473F5-846A-448B-BCB3-104AA1760205}"=Roxio RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series"=Canon MP140 series
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Roxio DLA
"{1A15507A-8551-4626-915D-3D5FA095CC1B}"=Corel Paint Shop Pro X
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}"=ARTEuro
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Roxio MyDVD LE
"{21A127AE-2DAF-40B7-8374-34C3E629521C}"=Far Cry (Patch 1.3)
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}"=The Battle for Middle-earth ™ II
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}"=Ulead Photo Express 5 SE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}"=Oblivion
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}"=Dell CinePlayer
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}"=Microsoft Visual Basic 2005 Express Edition - ENU
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}"=Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}"=Sonic Activation Module
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}"=DSA Theory Test
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}"=Intel® PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}"=Corel Photo Album 6
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}"=4oD
"{9838EAFF-B13B-4A03-AEAE-6D508136545D}"=X3 Reunion
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Roxio RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}"=The Lord of the Rings, The Rise of the Witch-king
"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}"=MCU
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}"=Far Cry
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}"=ScanSoft OmniPage SE 4
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}"=ISO Recorder
"{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}"=Samsung PC Studio 3
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}"=STK02N 2.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}"=Microsoft WorldWide Telescope
"4oD"=4oD
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Canon MP140 series User Registration"=Canon MP140 series User Registration
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"DellSupport"=Dell Support 5.0.0 (630)
"Driving Test Success 2005/6_is1"=Driving Test Success 2005/6
"Easy-LayoutPrint"=Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"EmeraldQFE2"=Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EPSON Printer and Utilities"=EPSON Printer Software
"ESPNMotion"=ESPNMotion
"getPlus®_ocx"=getPlus®_ocx
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Imperium Galactica 2"=Imperium Galactica 2
"InstallShield_{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}"=DSA Theory Test
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}"=Far Cry
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"KB835221WXP"=High Definition Audio Driver Package - KB835221
"KB900325"=Update Rollup 2 for Windows XP Media Center Edition 2005
"KB908246"=Windows XP Media Center Edition 2005 KB908246
"KB925766"=Windows XP Media Center Edition 2005 KB925766
"LightWave 3D 9.3"=LightWave 3D 9.3
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft Visual Basic 2005 Express Edition - ENU"=Microsoft Visual Basic 2005 Express Edition - ENU
"MP Navigator 3.1"=Canon MP Navigator 3.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NIS"=Norton Internet Security
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Oldblivion"=Oldblivion
"PKR"=PKR
"PROSet"=Intel® PRO Network Connections Drivers
"RealPlayer 6.0"=RealPlayer Basic
"RivaTuner"=RivaTuner v2.0 Final Release
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device"=SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver"=Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave"=Shockwave
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SimCity 3000 UK Edition"=SimCity 3000 UK Edition
"StreetPlugin"=Learn2 Player (Uninstall Only)
"SystemRequirementsLab"=System Requirements Lab
"ViewpointMediaPlayer"=Viewpoint Media Player
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WOLAPI"=Westwood Shared Internet Components
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Plugin Manager"=X Plugin Manager 2.12
"X3 Bonus Package_is1"=X3 Bonus Package 3.1.05
"Xfire"=Xfire (remove only)
"Xvid_is1"=Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/10/2008 06:30:10 | Computer Name = LINO | Source = Application Error | ID = 1000
Description = Faulting application manager.exe, version 0.0.0.0, faulting module
manager.exe, version 0.0.0.0, fault address 0x000037c8.

Error - 04/10/2008 06:40:07 | Computer Name = LINO | Source = Application Error | ID = 1000
Description = Faulting application manager.exe, version 0.0.0.0, faulting module
manager.exe, version 0.0.0.0, fault address 0x000037c8.

Error - 04/10/2008 07:41:17 | Computer Name = LINO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 04/10/2008 07:55:08 | Computer Name = LINO | Source = Application Error | ID = 1000
Description = Faulting application bpsrem.exe, version 9.4.0.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 04/10/2008 10:04:30 | Computer Name = LINO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 04/10/2008 11:12:06 | Computer Name = LINO | Source = MsiInstaller | ID = 1013
Description = Product: DellSupport -- Dell Support cannot be installed on your computer
because your country code is not supported by the software installation.

Error - 10/10/2008 14:54:13 | Computer Name = LINO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 12/10/2008 13:15:20 | Computer Name = LINO | Source = MsiInstaller | ID = 1013
Description = Product: DellSupport -- Dell Support cannot be installed on your computer
because your country code is not supported by the software installation.

Error - 12/10/2008 14:29:22 | Computer Name = LINO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft WorldWide Telescope -- Error 1706. An installation
package for the product Microsoft WorldWide Telescope cannot be found. Try the
installation again using a valid copy of the installation package 'WWTSetup.msi'.

Error - 13/10/2008 08:50:02 | Computer Name = LINO | Source = MsiInstaller | ID = 1013
Description = Product: DellSupport -- Dell Support cannot be installed on your computer
because your country code is not supported by the software installation.

[ System Events ]
Error - 14/10/2008 14:07:22 | Computer Name = LINO | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 14/10/2008 14:07:50 | Computer Name = LINO | Source = DCOM | ID = 10010
Description = The server {83D70C88-12F2-4B69-B4E7-D2AF6DA1079B} did not register
with DCOM within the required timeout.

Error - 14/10/2008 14:07:52 | Computer Name = LINO | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 14/10/2008 14:08:21 | Computer Name = LINO | Source = DCOM | ID = 10010
Description = The server {8C9813D0-9FEA-4F37-AAF0-89D9C805B89F} did not register
with DCOM within the required timeout.

Error - 14/10/2008 14:08:23 | Computer Name = LINO | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 14/10/2008 14:08:51 | Computer Name = LINO | Source = DCOM | ID = 10010
Description = The server {83D70C88-12F2-4B69-B4E7-D2AF6DA1079B} did not register
with DCOM within the required timeout.

Error - 14/10/2008 14:08:53 | Computer Name = LINO | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 14/10/2008 14:09:21 | Computer Name = LINO | Source = DCOM | ID = 10010
Description = The server {8C9813D0-9FEA-4F37-AAF0-89D9C805B89F} did not register
with DCOM within the required timeout.

Error - 14/10/2008 14:09:23 | Computer Name = LINO | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 14/10/2008 14:09:51 | Computer Name = LINO | Source = DCOM | ID = 10010
Description = The server {83D70C88-12F2-4B69-B4E7-D2AF6DA1079B} did not register
with DCOM within the required timeout.


< End of report >

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 14 October 2008 - 03:25 PM

Hello wino_lino.

It looks like the infection has been disabled. There are traces leftover, but nothing active.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run.

To disable Norton Antivirus: (your version might be slightly different)
  • Right click on thr Norton icon (Posted Image) beside your click and select Disable Auto-Protect.
  • Select a disabled duration of 5 hours to ensure that it will not interfere with this fix.
  • Click OK to apply the settings.
When done properly, you should recieve a pop-up warning saying that protection was disabled. The Norton icon should now look like Posted Image.

To disable Ad-Aware:
  • Right click on the Ad-Watch icon in the system tray.
  • At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
    • Active: This will turn Ad-Watch On\Off without closing it.
    • Automatic: Suspicious activity will be blocked automatically.
  • Uncheck both of those boxes.
  • (When done, you can re-enable it using the same steps but this time check both boxes.)
Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :services
    musbehco
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=""
    
    :files
    C:\WINDOWS\System32\vtimcxvq.dll
    C:\WINDOWS\System32\bfumvnsh.ini
    C:\WINDOWS\System32\daxoekee.dll
    C:\WINDOWS\System32\wxbnnhnn.ini
    :commands
    [emptytemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Update Java to Version 6 Update 7
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please then install the latest Java from this page. Follow the prompts and select the appropriate settings for your machine (most likely "Windows"). Click on the "Required File" jdk-6u7-windows-i586-p.exe to download the installer. Double click the installer to run. Delete the installer after use.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.



Please post back with:
-the OTMoveIt log
-the Kaspersky log
-a new OTViewIt log
-a new HijackThis log

With Regards,
The Panda

#5 wino_lino

wino_lino
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 15 October 2008 - 05:36 PM

As requested, MoveIt log, Kasperskey log, New ViewIt log, new Hijackthis Log

Thanks in advance

wino

========== SERVICES/DRIVERS ==========
Service musbehco stopped successfully.
Service musbehco deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"" /E : value set successfully!
========== FILES ==========
File/Folder C:\WINDOWS\System32\vtimcxvq.dll not found.
C:\WINDOWS\System32\bfumvnsh.ini moved successfully.
File/Folder C:\WINDOWS\System32\daxoekee.dll not found.
C:\WINDOWS\System32\wxbnnhnn.ini moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\~DF2D22.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NEWADM~1\LOCALS~1\Temp\~DF2D2F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETF325.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_130.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10152008_182144


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 15, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 15, 2008 18:02:32
Records in database: 1313778
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 94237
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:11:36


File name / Threat name / Threats count
C:\Program Files\PKR\pkr.exe Infected: not-a-virus:Monitor.Win32.PKRPoker.a 1

The selected area was scanned.


OTViewIt logfile created on: 15/10/2008 23:32:58 - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\New Administrator\Desktop\Security Programs
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.24 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 58.05% Memory free
1.83 Gb Paging File | 1.21 Gb Available in Paging File | 65.83% Paging File free
Paging file location(s): C:\pagefile.sys 756 2000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 30.10 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINO
Current User Name: New Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/05 21:12:42 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/05/27 10:50:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2004/07/19 08:51:24 | 00,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
[2008/10/07 20:53:40 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
[2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2008/10/07 20:53:40 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
[2008/06/23 10:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/15 18:58:10 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\New Administrator\Local Settings\Temp\jkos-New Administrator\binaries\ScanningProcess.exe
[2008/10/15 18:58:10 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\New Administrator\Local Settings\Temp\jkos-New Administrator\binaries\ScanningProcess.exe
[2006/03/23 20:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2008/10/14 19:12:30 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New Administrator\Desktop\Security Programs\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/05 21:12:42 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
[2006/01/05 01:06:02 | 00,163,840 | ---- | M] (Alex Feinman) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper [Disabled | Stopped])
[2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Stopped])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [Disabled | Stopped])
[2008/10/07 20:53:40 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
[2007/12/05 02:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Disabled | Stopped])
[2006/11/02 20:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services ==========

[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/03/01 15:33:06 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2008/10/07 20:53:42 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys -- (BHDrvx86 [System | Running])
[2008/10/07 20:53:42 | 00,362,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys -- (ccHP [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/09/08 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2005/09/08 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2005/09/08 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2005/09/08 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2005/09/08 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2005/09/08 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2005/09/08 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2004/10/14 09:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/10/07 20:53:42 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2004/10/25 21:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH [On_Demand | Stopped])
[2008/10/07 20:53:42 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2005/09/22 19:19:54 | 00,148,608 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2 [On_Demand | Stopped])
[2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/03/23 20:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Stopped])
[2008/10/07 20:53:43 | 00,274,808 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081014.001\IDSxpx86.sys -- (IDSxpx86 [System | Running])
[2004/03/06 05:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/06 05:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/16 04:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2005/02/11 10:19:20 | 00,055,216 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus [On_Demand | Stopped])
[2005/02/11 10:21:02 | 00,006,576 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl [On_Demand | Stopped])
[2005/02/11 10:21:10 | 00,089,872 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm [On_Demand | Stopped])
[2005/02/11 10:22:48 | 00,081,728 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped])
[2005/02/11 10:24:24 | 00,079,488 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex [On_Demand | Stopped])
[2008/04/13 19:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/06 05:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/10/07 20:53:43 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081015.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/10/07 20:53:43 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081015.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2007/12/05 02:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/04/25 03:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/08/10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/08/10 15:06:28 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2008/04/13 19:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/03/12 11:15:48 | 00,038,400 | R--- | M] () -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter [On_Demand | Stopped])
[2008/10/07 20:53:44 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\srtsp.sys -- (SRTSP [System | Running])
[2008/10/07 20:53:44 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\srtspx.sys -- (SRTSPX [System | Running])
[2005/08/30 02:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2005/08/30 02:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
[2005/08/30 02:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
[2005/08/30 18:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
[2005/08/30 18:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
[2005/08/30 18:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
[2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
[2005/11/16 22:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2008/10/07 20:53:44 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/10/07 20:53:44 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SymEFA.sys -- (SymEFA [Boot | Running])
[2008/10/07 20:53:57 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/10/07 20:53:44 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/10/07 20:53:44 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/10/07 20:53:44 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
[2008/10/07 20:53:44 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])
[2008/10/07 20:53:44 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/10/07 20:53:44 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/10/07 20:53:44 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\symtdi.sys -- (SYMTDI [System | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2006/05/24 16:40:45 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://uk.msn.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://uk.msn.com/

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (732 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.dll (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4oD"="C:\Program Files\Kontiki\KHost.exe" -all (Kontiki Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispScrSavPage"=0
"NoDispBackgroundPage"=0

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage"=0
"NoDispScrSavPage"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3998676977-3627010577-1362678039-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/Facebo...toUploader5.cab -- Facebook Photo Uploader 5
{166B1BCA-3F9C-11CF-8075-444553540000}: http://active.macromedia.com/director/cabs/sw.cab -- Shockwave ActiveX Control
{55027008-315F-4F45-BBC3-8BE119764741}: http://www.slide.com/uploader/SlideImageUploader.cab -- Slide Image Uploader Control
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}: http://upload.facebook.com/controls/Facebo...toUploader3.cab -- Facebook Photo Uploader 4 Control
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab -- System Requirements Lab Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{74DBCB52-F298-4110-951D-AD2FF67BC8AB}: http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab -- NVIDIA Smart Scan
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}: http://upload.facebook.com/controls/Facebo...Uploader4_5.cab -- Facebook Photo Uploader 4

========== (O17) DNS Name Servers ==========

{DFBD426F-FA2B-4392-8083-7AE52E446A97} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{F5027B9F-700B-4753-9F9C-686DF38A9931} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 05:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AutoRun []
[2006/11/06 22:59:47 | 00,569,344 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

AutoRun.exe [MZ | ]
[2006/11/06 22:59:47 | 00,569,344 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

autorun.inf [[autorun] | open=Autorun.exe | Icon=LotRIcon.exe | Name=The Lord of the Rings, The Rise of the Witch-king | | [Special] | Disk=1 | ProductGuiID={B931FB80-537A-4600-00AD-AC5DEDB6C25B} | | ]
[2006/11/06 23:18:16 | 00,000,180 | R--- | M] () -- D:\autorun.inf -- [ UDF ]

AutoRunGUI.dll [MZ | ]
[2006/10/29 03:39:19 | 00,880,640 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRunGUI.dll -- [ UDF ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/15 23:29:36 | 00,002,870 | ---- | C] () -- C:\Documents and Settings\New Administrator\Desktop\report.html
[2008/10/15 18:49:46 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/10/15 18:46:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/10/15 18:21:44 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/15 18:18:37 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\New Administrator\Desktop\OTMoveIt3.exe
[2008/10/11 16:27:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\Adobe
[2008/10/11 14:38:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
[2008/10/10 20:05:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Desktop\Passwords
[2008/10/10 20:03:45 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\New Administrator\Desktop\Budget.xlr
[2008/10/09 18:42:50 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\New Administrator\Desktop\Mr Matt Lines.doc
[2008/10/08 19:10:19 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 19:04:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/08 18:52:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/08 18:52:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/08 18:52:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/08 18:52:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/10/08 18:48:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/10/08 18:38:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/10/08 18:29:26 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/10/08 18:29:22 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/10/08 18:29:20 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/10/08 18:29:20 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/10/08 18:29:15 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/10/08 18:29:09 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/10/08 18:29:08 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/10/08 18:29:04 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/10/08 18:29:03 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/10/08 18:29:03 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/10/08 18:28:50 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/10/08 18:28:48 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/10/08 18:28:46 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/10/08 18:28:40 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/10/08 18:28:40 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/10/08 18:28:34 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/10/08 18:28:34 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/10/08 18:28:33 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/10/08 18:28:31 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/10/08 18:28:30 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/10/08 18:28:28 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/10/08 18:28:28 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/10/08 18:28:28 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/10/08 18:28:25 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/10/08 18:28:21 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/10/08 18:28:10 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/10/08 18:28:07 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/10/08 18:28:07 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/10/08 18:28:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/10/08 18:28:05 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/10/08 18:28:05 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/10/08 18:28:04 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/10/08 18:28:04 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/10/08 18:28:02 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/10/08 18:28:02 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/10/08 18:27:36 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/10/08 18:27:36 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/10/08 18:27:35 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/10/08 18:27:35 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/10/08 18:27:19 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/10/08 18:27:19 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/10/08 18:27:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/10/08 18:27:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/10/08 18:27:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/10/08 18:27:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/10/08 18:27:06 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/10/08 18:27:04 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/10/08 18:27:04 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/10/08 18:27:02 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/10/08 18:26:57 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/10/08 18:26:55 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/10/08 18:26:53 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/10/08 18:26:51 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/10/08 18:26:51 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/10/08 18:26:51 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/10/08 18:26:51 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/10/08 18:26:51 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/10/08 18:26:51 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/10/08 18:26:51 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/10/08 18:26:51 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/10/08 18:26:50 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/10/08 18:26:50 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/10/08 18:26:50 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/10/08 18:26:50 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/10/08 18:26:50 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/10/08 18:26:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/10/08 18:26:50 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/10/08 18:26:49 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/10/08 18:26:49 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/10/08 18:26:47 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/10/08 18:26:47 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/10/08 18:26:46 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/10/08 18:26:40 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/10/08 18:26:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/10/08 18:26:40 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/10/08 18:26:40 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/10/08 18:26:39 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/10/08 18:26:39 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/10/08 18:26:30 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/10/07 20:54:26 | 02,115,626 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\Cat.DB
[2008/10/07 20:54:15 | 00,035,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2008/10/07 20:53:57 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/10/07 20:53:57 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/10/07 20:53:57 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/10/07 20:53:57 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/10/07 20:53:57 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2008/10/07 20:53:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2008/10/07 20:53:46 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2008/10/07 20:53:44 | 00,309,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.sys
[2008/10/07 20:53:44 | 00,305,712 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.sys
[2008/10/07 20:53:44 | 00,198,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symtdi.sys
[2008/10/07 20:53:44 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symfw.sys
[2008/10/07 20:53:44 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.sys
[2008/10/07 20:53:44 | 00,040,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndisv.sys
[2008/10/07 20:53:44 | 00,037,424 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndis.sys
[2008/10/07 20:53:44 | 00,034,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symids.sys
[2008/10/07 20:53:44 | 00,024,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symredrv.sys
[2008/10/07 20:53:44 | 00,012,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symdns.sys
[2008/10/07 20:53:42 | 00,254,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.sys
[2008/10/07 20:53:19 | 00,003,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.inf
[2008/10/07 20:53:19 | 00,001,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.inf
[2008/10/07 20:53:19 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.inf
[2008/10/07 20:53:19 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.inf
[2008/10/07 20:53:19 | 00,000,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.inf
[2008/10/07 20:53:19 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\isolate.ini
[2008/10/07 20:53:10 | 00,013,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.cat
[2008/10/07 20:53:10 | 00,010,659 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.cat
[2008/10/07 20:53:10 | 00,010,621 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.cat
[2008/10/07 20:53:10 | 00,010,617 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.cat
[2008/10/07 20:53:10 | 00,010,613 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.CAT
[2008/10/07 20:53:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1000000.07D
[2008/10/07 20:53:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2008/10/07 20:53:07 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2008/10/07 20:53:07 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2008/10/07 20:52:45 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2008/10/06 14:00:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Desktop\Security Programs
[2008/10/05 23:47:01 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\New Administrator\Desktop\HiJackThis.exe
[2008/10/05 22:44:51 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/05 22:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/05 21:12:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/05 21:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/05 21:01:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/05 20:38:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\WinRAR
[2008/10/05 19:56:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Malwarebytes
[2008/10/05 19:56:41 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/05 19:56:40 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/05 19:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/05 19:56:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/04 16:06:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Desktop\Finchy
[2008/10/04 15:53:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Corel Photo Album
[2008/10/04 15:53:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\Corel Photo Album
[2008/10/04 15:45:07 | 00,320,032 | ---- | C] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/04 15:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\Symantec
[2008/10/04 15:30:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Macromedia
[2008/10/04 15:28:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Adobe
[2008/10/04 15:26:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\Scansoft
[2008/10/04 15:24:53 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2008/10/04 15:24:19 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\New Administrator\Application Data\desktop.ini
[2008/10/04 15:24:16 | 03,780,884 | -H-- | C] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\IconCache.db
[2008/10/04 15:24:16 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\fusioncache.dat
[2008/10/04 15:24:15 | 00,000,088 | -HS- | C] () -- C:\Documents and Settings\New Administrator\My Documents\desktop.ini
[2008/10/04 15:24:14 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\New Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/10/04 15:24:13 | 00,000,000 | --SD | C] -- C:\Documents and Settings\New Administrator\Application Data\Microsoft
[2008/10/04 15:24:13 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\New Administrator\Application Data\Gtek
[2008/10/04 15:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\You've Got Pictures Screensaver
[2008/10/04 15:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Sun
[2008/10/04 15:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Identities
[2008/10/04 15:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\Corel
[2008/10/04 15:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Application Data\AOL
[2008/10/04 15:24:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\New Administrator\My Documents\My Pictures
[2008/10/04 15:24:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\New Administrator\My Documents\My Music
[2008/10/04 15:24:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\Microsoft
[2008/10/04 15:24:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\ApplicationHistory
[2008/10/04 15:24:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2008/10/04 12:46:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2008/10/04 12:43:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2008/10/04 10:49:31 | 00,131,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSADODC.ocx
[2008/10/04 10:49:30 | 01,435,272 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2008/10/04 10:49:30 | 01,140,472 | ---- | C] (Infragistics, Inc.) -- C:\WINDOWS\System32\IGUltraGrid20.ocx
[2008/10/04 10:49:30 | 00,512,688 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll
[2008/10/04 10:49:30 | 00,423,784 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedBkp.dll
[2008/10/04 10:49:30 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\systray.ocx
[2008/10/04 10:49:29 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\ACTSKN43.OCX
[2008/10/04 10:49:29 | 00,265,753 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\AS-Exp2.ocx
[2008/10/04 10:49:29 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2008/10/04 10:49:28 | 00,089,088 | ---- | C] (Ariad Software) -- C:\WINDOWS\System32\ProgressBar4.ocx
[2008/10/04 10:49:28 | 00,011,012 | ---- | C] () -- C:\WINDOWS\System32\threadapi.tlb
[2008/10/04 10:49:27 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\md5.dll
[2008/10/04 10:49:26 | 00,000,000 | ---D | C] -- C:\Program Files\BPS Remover
[2008/10/02 18:46:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\EV19
[2008/09/21 16:05:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\New Administrator\Desktop\Star Wars - Pod Racer
[2008/09/21 09:55:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/09/20 19:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/09/20 19:35:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/09/17 14:16:33 | 00,549,159 | RHS- | C] () -- C:\Program Files\Norton2009Reset.exe
[2008/09/16 18:44:51 | 00,000,000 | ---D | C] -- C:\ConvertTemp

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[5 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/15 23:29:36 | 00,002,870 | ---- | M] () -- C:\Documents and Settings\New Administrator\Desktop\report.html
[2008/10/15 18:39:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/15 18:39:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/15 18:38:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/15 18:18:38 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\New Administrator\Desktop\OTMoveIt3.exe
[2008/10/13 14:20:01 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/10/12 18:17:12 | 02,115,626 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\Cat.DB
[2008/10/11 14:25:25 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\New Administrator\Desktop\Budget.xlr
[2008/10/09 18:43:35 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\New Administrator\Desktop\Mr Matt Lines.doc
[2008/10/08 19:10:19 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 19:08:47 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/08 19:08:47 | 00,407,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/08 19:08:47 | 00,064,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/08 19:03:43 | 01,030,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/08 19:02:04 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/08 18:44:42 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/07 20:53:57 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2008/10/07 20:53:57 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2008/10/07 20:53:57 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2008/10/07 20:53:57 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2008/10/07 20:53:46 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2008/10/07 20:53:44 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.sys
[2008/10/07 20:53:44 | 00,305,712 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.sys
[2008/10/07 20:53:44 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symtdi.sys
[2008/10/07 20:53:44 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symfw.sys
[2008/10/07 20:53:44 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.sys
[2008/10/07 20:53:44 | 00,040,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndisv.sys
[2008/10/07 20:53:44 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symndis.sys
[2008/10/07 20:53:44 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2008/10/07 20:53:44 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symids.sys
[2008/10/07 20:53:44 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symredrv.sys
[2008/10/07 20:53:44 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\symdns.sys
[2008/10/07 20:53:42 | 00,254,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.sys
[2008/10/07 20:53:19 | 00,003,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.inf
[2008/10/07 20:53:19 | 00,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.inf
[2008/10/07 20:53:19 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.inf
[2008/10/07 20:53:19 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.inf
[2008/10/07 20:53:19 | 00,000,641 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.inf
[2008/10/07 20:53:19 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\isolate.ini
[2008/10/07 20:53:10 | 00,013,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymNet.cat
[2008/10/07 20:53:10 | 00,010,659 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\SymEFA.cat
[2008/10/07 20:53:10 | 00,010,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtspx.cat
[2008/10/07 20:53:10 | 00,010,617 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\srtsp.cat
[2008/10/07 20:53:10 | 00,010,613 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1000000.07D\BHDrvx86.CAT
[2008/10/05 23:47:04 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\New Administrator\Desktop\HiJackThis.exe
[2008/10/05 23:13:31 | 00,002,669 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/04 15:58:26 | 00,164,314 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/04 15:53:34 | 00,006,686 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/10/04 15:53:32 | 00,000,104 | RHS- | M] () -- C:\WINDOWS\System32\229AE56E9B.sys
[2008/10/04 15:45:07 | 00,320,032 | ---- | M] () -- C:\Documents and Settings\New Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/04 15:26:08 | 00,000,088 | -HS- | M] () -- C:\Documents and Settings\New Administrator\My Documents\desktop.ini
[2008/10/04 12:45:09 | 00,180,256 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2008/10/04 11:39:00 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/09/28 15:10:59 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\New Administrator\Desktop\Budget.xls
< End of report >

OTViewIt Extras logfile created on: 15/10/2008 23:32:58 - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\New Administrator\Desktop\Security Programs
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.24 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 58.05% Memory free
1.83 Gb Paging File | 1.21 Gb Available in Paging File | 65.83% Paging File free
Paging file location(s): C:\pagefile.sys 756 2000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 30.10 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINO
Current User Name: New Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/09/26 16:48:46 | 12,300,200 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
File not found -- C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL
[2008/06/23 10:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- C:\WINDOWS\kdx\KHost.exe:*:Enabled:Delivery Manager
File not found -- C:\Program Files\KService\KService.exe:*:Enabled:Delivery Manager Service
[2006/01/25 20:39:46 | 00,249,856 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat:*:Enabled:patchgrabber
[2008/04/14 01:12:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console
[2000/04/15 19:47:10 | 00,888,832 | ---- | M] () -- C:\Program Files\Maxis\SimCity 3000 UK Edition\Apps\Updater\UPDATER.EXE:*:Enabled:SC3UpdaterMFC
[2006/03/01 15:33:03 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
File not found -- C:\Games\FreeSpace\FS.exe:*:Disabled:FreeSpace
[2006/10/29 14:32:00 | 12,203,360 | ---- | M] (Electronic Arts Inc.) -- C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king
[2006/04/25 11:29:38 | 00,249,856 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\patchget.dat:*:Enabled:patchgrabber
File not found -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/04/29 18:51:26 | 00,587,568 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 01:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 01:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 01:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/09/23 04:28:18 | 00,866,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2004/07/01 10:32:38 | 00,073,728 | ---- | M] () C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll application/x-internet-signup:{A173B69A-1F9B-4823-9FDA-412F641E65D6} (HKLM) [INSMimeFilterPP Class]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{05D60953-9012-44DF-A1A6-9DD97AD6580A}"=Corel Painter X
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}"=Corel Painter X
"{075473F5-846A-448B-BCB3-104AA1760205}"=Roxio RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series"=Canon MP140 series
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Roxio DLA
"{1A15507A-8551-4626-915D-3D5FA095CC1B}"=Corel Paint Shop Pro X
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}"=ARTEuro
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Roxio MyDVD LE
"{21A127AE-2DAF-40B7-8374-34C3E629521C}"=Far Cry (Patch 1.3)
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}"=The Battle for Middle-earth ™ II
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}"=Ulead Photo Express 5 SE
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}"=Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}"=Oblivion
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}"=Dell CinePlayer
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}"=Microsoft Visual Basic 2005 Express Edition - ENU
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}"=Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}"=Sonic Activation Module
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}"=DSA Theory Test
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}"=Intel® PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}"=Corel Photo Album 6
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}"=4oD
"{9838EAFF-B13B-4A03-AEAE-6D508136545D}"=X3 Reunion
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Roxio RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}"=The Lord of the Rings, The Rise of the Witch-king
"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}"=Java DB 10.3.1.4
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}"=MCU
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}"=Far Cry
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}"=ScanSoft OmniPage SE 4
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}"=ISO Recorder
"{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}"=Samsung PC Studio 3
"{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}"=STK02N 2.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}"=Microsoft WorldWide Telescope
"4oD"=4oD
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Canon MP140 series User Registration"=Canon MP140 series User Registration
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"DellSupport"=Dell Support 5.0.0 (630)
"Driving Test Success 2005/6_is1"=Driving Test Success 2005/6
"Easy-LayoutPrint"=Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"EmeraldQFE2"=Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EPSON Printer and Utilities"=EPSON Printer Software
"ESPNMotion"=ESPNMotion
"getPlus®_ocx"=getPlus®_ocx
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Imperium Galactica 2"=Imperium Galactica 2
"InstallShield_{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}"=DSA Theory Test
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}"=Far Cry
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"KB835221WXP"=High Definition Audio Driver Package - KB835221
"KB900325"=Update Rollup 2 for Windows XP Media Center Edition 2005
"KB908246"=Windows XP Media Center Edition 2005 KB908246
"KB925766"=Windows XP Media Center Edition 2005 KB925766
"LightWave 3D 9.3"=LightWave 3D 9.3
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft Visual Basic 2005 Express Edition - ENU"=Microsoft Visual Basic 2005 Express Edition - ENU
"MP Navigator 3.1"=Canon MP Navigator 3.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"NIS"=Norton Internet Security
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Oldblivion"=Oldblivion
"PKR"=PKR
"PROSet"=Intel® PRO Network Connections Drivers
"RealPlayer 6.0"=RealPlayer Basic
"RivaTuner"=RivaTuner v2.0 Final Release
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device"=SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver"=Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave"=Shockwave
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SimCity 3000 UK Edition"=SimCity 3000 UK Edition
"StreetPlugin"=Learn2 Player (Uninstall Only)
"SystemRequirementsLab"=System Requirements Lab
"ViewpointMediaPlayer"=Viewpoint Media Player
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WOLAPI"=Westwood Shared Internet Components
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"X Plugin Manager"=X Plugin Manager 2.12
"X3 Bonus Package_is1"=X3 Bonus Package 3.1.05
"Xfire"=Xfire (remove only)
"Xvid_is1"=Xvid 1.1.3 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/10/2008 07:41:17 | Computer Name = LINO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 04/10/2008 07:55:08 | Computer Name = LINO | Source = Application Error | ID = 1000
Description = Faulting application bpsrem.exe, version 9.4.0.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 04/10/2008 10:04:30 | Computer Name = LINO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 04/10/2008 11:12:06 | Computer Name = LINO | Source = MsiInstaller | ID = 1013
Description = Product: DellSupport -- Dell Support cannot be installed on your computer
because your country code is not supported by the software installation.

Error - 10/10/2008 14:54:13 | Computer Name = LINO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 12/10/2008 13:15:20 | Computer Name = LINO | Source = MsiInstaller | ID = 1013
Description = Product: DellSupport -- Dell Support cannot be installed on your computer
because your country code is not supported by the software installation.

Error - 12/10/2008 14:29:22 | Computer Name = LINO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft WorldWide Telescope -- Error 1706. An installation
package for the product Microsoft WorldWide Telescope cannot be found. Try the
installation again using a valid copy of the installation package 'WWTSetup.msi'.

Error - 13/10/2008 08:50:02 | Computer Name = LINO | Source = MsiInstaller | ID = 1013
Description = Product: DellSupport -- Dell Support cannot be installed on your computer
because your country code is not supported by the software installation.

Error - 14/10/2008 14:33:52 | Computer Name = LINO | Source = Spybot - Search & Destroy | ID = 0
Description =

Error - 15/10/2008 13:36:08 | Computer Name = LINO | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

[ System Events ]
Error - 15/10/2008 13:40:53 | Computer Name = LINO | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 15/10/2008 13:41:21 | Computer Name = LINO | Source = DCOM | ID = 10010
Description = The server {83D70C88-12F2-4B69-B4E7-D2AF6DA1079B} did not register
with DCOM within the required timeout.

Error - 15/10/2008 13:41:23 | Computer Name = LINO | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 15/10/2008 13:41:51 | Computer Name = LINO | Source = DCOM | ID = 10010
Description = The server {8C9813D0-9FEA-4F37-AAF0-89D9C805B89F} did not register
with DCOM within the required timeout.

Error - 15/10/2008 13:41:53 | Computer Name = LINO | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 15/10/2008 13:42:21 | Computer Name = LINO | Source = DCOM | ID = 10010
Description = The server {83D70C88-12F2-4B69-B4E7-D2AF6DA1079B} did not register
with DCOM within the required timeout.

Error - 15/10/2008 13:42:25 | Computer Name = LINO | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 15/10/2008 13:42:53 | Computer Name = LINO | Source = DCOM | ID = 10010
Description = The server {8C9813D0-9FEA-4F37-AAF0-89D9C805B89F} did not register
with DCOM within the required timeout.

Error - 15/10/2008 13:42:55 | Computer Name = LINO | Source = Service Control Manager | ID = 7023
Description = The KService service terminated with the following error: %%2147500037

Error - 15/10/2008 13:43:24 | Computer Name = LINO | Source = DCOM | ID = 10010
Description = The server {83D70C88-12F2-4B69-B4E7-D2AF6DA1079B} did not register
with DCOM within the required timeout.


< End of report >

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:08, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\New Administrator\Local Settings\Temp\jkos-New Administrator\binaries\ScanningProcess.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\New Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 6443 bytes

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 15 October 2008 - 07:39 PM

Hello wino_lino.

Logs look clean to me now. How is it on your side? Does your antivirus pick up anything other than cookies?

If it seems good to you, then follow the instructions below for cleanup. If not, tell me of the problems you still have.

Delete Orphaned Service
The file for this service is missing.

Open your command prompt by clicking on your Start Menu, then Run, then typing "cmd". Copy into the command prompt:
sc delete "getPlus Helper"
You should get a success message. If you get anything different, tell me what the message is.

Run Cleanup! with OTMoveIt
  • Double click the OTMoveIt2.exe icon on your desktop to start the program.
  • Click Posted Image.
  • A pop-up box will appear asking "Begin Removal Process?". Click Yes.
  • Click Yes when asked to reboot.
Set New System Restore Point
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restor.
  • Choose the radio button marked "Create a Restore Point" on the first screen then click Next. Give the R.P. a name then click Create. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type:
    cleanmgr
  • Click OK.
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

For general slowness problems, take a look at Slow Computer/browser? It May Not Be Malware. Take a look at How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Thank you for choosing Bleeping Computer as your malware removal source. Be sure to tell your friends about us!


Any further questions or concerns?

With Regards,
The Panda

#7 wino_lino

wino_lino
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 16 October 2008 - 12:54 PM

Thanks PP, you're a legend. :thumbsup: ll seems ok, the only thing is when im trying to do this:



Delete Orphaned Service
The file for this service is missing.

Open your command prompt by clicking on your Start Menu, then Run, then typing "cmd". Copy into the command prompt:

CODE
sc delete "getPlus Helper"

You should get a success message. If you get anything different, tell me what the message is.


I get a message saying 'the specified service does not exist as an installed service'
How important this is I dont know, but im happy to report ive not had any problems and have followed the other steps to the letter. Have also read tutorial on preventative measures and downloaded SpywareBlaster.

I sincerely appreciate your help, I cant begin to say how much easier this has made my computing life!

Also, i would learn more about recognising and preventing/destroying malware on a more advanced level. Any pointers or reference material you could steer me towards would be greatly appreciated.

Again sincere thanks.

Wino

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 16 October 2008 - 02:52 PM

Hello Wino.

You are very welcome :thumbsup: .

I get a message saying 'the specified service does not exist as an installed service'

That is not a problem.

Also, i would learn more about recognising and preventing/destroying malware on a more advanced level. Any pointers or reference material you could steer me towards would be greatly appreciated.

For starters, in addition to the links I gave in my last post, take a look at some of the pinned topics in this forum:
http://www.bleepingcomputer.com/forums/f/25/antivirus-firewall-and-privacy-products-and-protection-methods/

Keeping an eye on the Breaking Virus & Security News helps too.

Anything else I can do for you?

With Regards,
The Panda

#9 wino_lino

wino_lino
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 17 October 2008 - 03:20 PM

No Im all good now, thanks. I'll be more careful from now on!

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 17 October 2008 - 03:23 PM

Hello wino_lino.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users