Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! I Believe I Have A Trojan


  • Please log in to reply
7 replies to this topic

#1 Gypsytwi

Gypsytwi

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katy, TX
  • Local time:09:41 AM

Posted 05 October 2008 - 10:31 PM

I was told to come here and post a hijackthis so...here it is...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:34 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: LPVideoPlugin - {D26848B4-CF41-45B2-A3FB-68E9735898BE} - C:\WINDOWS\system32\LPVideo.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: dkwqgnbe - {DC51F59F-D0BA-4CE7-8CDB-15ABF290546E} - C:\WINDOWS\dkwqgnbe.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190170376890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190170363390
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: neksolda - {065FE35C-0C6B-4F3E-B15C-7D856F910AF1} - C:\WINDOWS\neksolda.dll
O21 - SSODL: xgpsarbm - {E1803616-EBB1-41C4-97EB-827C178766F4} - C:\WINDOWS\xgpsarbm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7739 bytes

BC AdBot (Login to Remove)

 


#2 Gypsytwi

Gypsytwi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katy, TX
  • Local time:09:41 AM

Posted 06 October 2008 - 10:37 AM

I had also went into msconfig and disabled all the services that were by an unknown company before I did the hijackthis

#3 Gypsytwi

Gypsytwi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katy, TX
  • Local time:09:41 AM

Posted 09 October 2008 - 07:34 AM

well...since no one has replied...I have gone hunting for what to do. I believe I had the smitfraud virus. So I ran ad-aware and rebooted a few times then ran spybot and rebooted a few times it seems to have killed it. However my C:\ drive doesn't show up on explorer, and I'm missing a lot of desktop items. this is my new hijackthis log. Please...SOMEONE help me!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:28 AM, on 10/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
G:\games\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\cidaemon.exe
E:\bootcd\wintools\autorun.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\HIJACK.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190170376890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190170363390
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVKLWJWK - AVG Technologies CZ, s.r.o. - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GLQXF - GEAR Software Inc. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - (no file)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - G:\games\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SVZV - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SVZV.exe (file missing)
O23 - Service: WSCUOBYAXOR - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\WSCUOBYAXOR.exe (file missing)

--
End of file - 12162 bytes

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 14 October 2008 - 10:55 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#5 Gypsytwi

Gypsytwi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katy, TX
  • Local time:09:41 AM

Posted 14 October 2008 - 07:14 PM

OTViewIt logfile created on: 10/14/2008 7:12:52 PM - Run
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 5373;G:\pagefile.sys 2 5373;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.28 Gb Total Space | 132.60 Gb Free Space | 45.84% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.43 Gb Free Space | 4.89% Space Free | Partition Type: FAT32
Drive E: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 98.93 Gb Free Space | 42.48% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GYPSY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/08/20 21:05:57 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/08/20 21:05:57 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/08/31 13:01:22 | 01,037,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
[2007/10/25 03:57:56 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2007/08/06 19:05:46 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
[2007/08/31 12:58:52 | 00,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
[2005/08/24 07:51:18 | 00,442,455 | ---- | M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2002/09/10 21:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
[2008/09/29 11:22:34 | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2008/01/08 09:14:26 | 01,260,296 | ---- | M] (Uniblue Software) -- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
[2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/09/29 11:22:32 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/06/07 17:57:46 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
[2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2008/09/29 11:22:29 | 00,638,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
[2008/09/29 11:22:29 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/09/29 11:22:33 | 00,424,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
[2006/03/24 03:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/08/02 12:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- G:\games\Mabinogi\npkcmsvc.exe
[2008/09/02 23:59:05 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2005/10/20 20:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe
[2008/09/29 11:22:29 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2005/10/20 20:55:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\McrdSvc.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/09/28 09:21:55 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/08/09 23:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2008/03/06 23:52:57 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Azureus\Azureus.exe
[2008/10/14 19:12:28 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/20 21:05:57 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/20 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/09/29 11:22:29 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/09/29 11:22:32 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
File not found -- -- (AVKLWJWK [On_Demand | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/06/07 17:57:46 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (GLQXF [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/03/24 03:48:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
File not found -- -- (LVCOMSer [Auto | Stopped])
File not found -- -- (LVPrcSrv [Auto | Stopped])
[2007/07/20 00:42:30 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2005/10/20 20:55:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\McrdSvc.exe -- (McrdSvc [Auto | Running])
[2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2006/09/12 22:55:36 | 00,724,992 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/02 12:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- G:\games\Mabinogi\npkcmsvc.exe -- (npkcmsvc [Auto | Running])
[2006/02/13 23:05:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/09/02 23:59:05 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2005/10/20 21:20:06 | 00,154,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qwave.dll -- (QWAVE [Unknown | Stopped])
[2005/10/20 20:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe -- (RMSvc [Auto | Running])
File not found -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\SVZV.exe -- (SVZV [On_Demand | Stopped])
File not found -- -- (TZI [On_Demand | Stopped])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
File not found -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\WSCUOBYAXOR.exe -- (WSCUOBYAXOR [On_Demand | Stopped])

========== Driver Services ==========

[2008/01/23 03:19:44 | 00,501,560 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11 [Auto | Running])
[2006/07/01 22:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2008/08/20 23:52:41 | 03,299,840 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/09/10 18:20:21 | 00,278,984 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2008/09/29 11:22:29 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/09/29 11:22:29 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/09/29 11:22:29 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
[2008/09/29 11:22:34 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2006/06/07 23:06:58 | 00,329,901 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
[2006/06/07 17:29:10 | 00,030,459 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Stopped])
[2006/06/07 17:33:34 | 00,855,018 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
[2006/06/07 17:28:20 | 00,149,028 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
[2006/06/07 17:28:40 | 00,030,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
[2006/06/07 17:26:52 | 00,067,384 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2006/09/11 03:00:00 | 00,387,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl [System | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/04/13 18:47:38 | 00,168,064 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2 [On_Demand | Running])
[2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/04/13 13:45:26 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys -- (HidIr [On_Demand | Stopped])
[2008/09/10 04:09:58 | 00,267,520 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2008/09/10 04:09:52 | 00,985,728 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2005/12/06 13:20:50 | 00,241,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Stopped])
[2005/12/06 13:20:40 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP [On_Demand | Stopped])
[2005/06/17 08:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2005/08/15 13:08:26 | 00,005,888 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv [Boot | Running])
[2005/08/15 13:08:26 | 00,127,488 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv [Boot | Running])
[2007/10/25 06:29:00 | 04,623,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/04/13 13:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus [On_Demand | Stopped])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/09/07 20:05:37 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2007/07/20 00:39:50 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv [On_Demand | Stopped])
[2005/05/27 09:31:28 | 00,022,016 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2006/06/19 06:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2007/06/26 10:39:02 | 00,035,600 | ---- | M] (INCA Internet Co., Ltd.) -- G:\games\Mabinogi\npkcrypt.sys -- (npkcrypt [Auto | Running])
[2007/04/20 16:49:54 | 00,024,272 | ---- | M] (INCA Internet Co., Ltd.) -- G:\games\Mabinogi\npkcusb.sys -- (npkcusb [On_Demand | Stopped])
[2007/08/31 12:58:20 | 00,018,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Running])
[2006/02/13 23:05:00 | 03,642,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2006/04/24 17:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/02/17 11:28:30 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/02/17 11:28:32 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2008/04/04 14:02:58 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2005/01/31 11:20:04 | 00,211,712 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928 [On_Demand | Stopped])
[2007/08/21 02:13:00 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2005/12/12 19:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Stopped])
[2004/08/09 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/05/07 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/10/20 21:20:06 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qwavedrv.sys -- (QWAVEDRV [Unknown | Stopped])
[2004/08/03 16:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/08/06 19:15:07 | 00,033,052 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/09/10 18:03:16 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/10/12 11:20:35 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2005/12/22 16:17:06 | 00,066,432 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\uts_bus.sys -- (uts_bus [On_Demand | Stopped])
[2005/12/22 16:17:54 | 00,009,264 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\uts_mdfl.sys -- (uts_mdfl [On_Demand | Stopped])
[2005/12/22 16:17:56 | 00,099,104 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\uts_mdm.sys -- (uts_mdm [On_Demand | Stopped])
[2005/12/22 16:18:44 | 00,078,736 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\uts_serd.sys -- (uts_serd [On_Demand | Stopped])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2008/09/10 04:09:54 | 00,731,264 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2005/12/06 13:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx [On_Demand | Stopped])
[2006/10/13 17:48:24 | 00,050,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb20.sys -- (xusb20 [On_Demand | Stopped])
[2007/08/28 17:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://go.microsoft.com/fwlink/?LinkId=54843
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=about:blank

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://go.microsoft.com/fwlink/?LinkId=54843
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

========== (O1) Hosts File ==========

HOSTS File = (267032 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
9213 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{000123B4-9B42-4900-B3F7-F4B073EFC214} (HKLM) -- C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (HKLM) -- C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" (HKLM) -- C:\Program Files\Orbitdownloader\GrabPro.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" (HKLM) -- C:\Program Files\Orbitdownloader\GrabPro.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" (HKLM) -- C:\Program Files\Orbitdownloader\GrabPro.dll ()

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KBD"=C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
"Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe (Motive, Inc.)
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect ()
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE ()
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m (Uniblue Software)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m (Uniblue Software)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[1999/11/07 01:11:14 | 00,027,136 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\Software\policies\microsoft\internet explorer\Restrictions]
"NoBrowserOptions"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoOnlinePrintsWizard"=0
"NoPublishingWizard"=0
"NoToolbarCustomize"=0
"NoStartMenuMorePrograms"=0
"NoSetFolders"=0
"StartMenuLogOff"=0
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"NoDispCPL"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=149

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoOnlinePrintsWizard"=0
"NoPublishingWizard"=0
"NoToolbarCustomize"=0
"NoStartMenuMorePrograms"=0
"NoSetFolders"=0
"StartMenuLogOff"=0
"NoDrives"=0

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"NoDispCPL"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Download by Orbit: C:\Program Files\Orbitdownloader\orbitmxt.dll [2008/09/17 15:01:42 | 00,101,496 | ---- | M] (Orbitdownloader.com)
&Grab video by Orbit: C:\Program Files\Orbitdownloader\orbitmxt.dll [2008/09/17 15:01:42 | 00,101,496 | ---- | M] (Orbitdownloader.com)
&Yahoo! Search: File not found
Do&wnload selected by Orbit: C:\Program Files\Orbitdownloader\orbitmxt.dll [2008/09/17 15:01:42 | 00,101,496 | ---- | M] (Orbitdownloader.com)
Down&load all by Orbit: C:\Program Files\Orbitdownloader\orbitmxt.dll [2008/09/17 15:01:42 | 00,101,496 | ---- | M] (Orbitdownloader.com)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2003/05/29 14:53:12 | 00,001,320 | ---- | M] ()
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\Software\Microsoft\Internet Explorer\MenuExt\]
&Download by Orbit: C:\Program Files\Orbitdownloader\orbitmxt.dll [2008/09/17 15:01:42 | 00,101,496 | ---- | M] (Orbitdownloader.com)
&Grab video by Orbit: C:\Program Files\Orbitdownloader\orbitmxt.dll [2008/09/17 15:01:42 | 00,101,496 | ---- | M] (Orbitdownloader.com)
&Yahoo! Search: File not found
Do&wnload selected by Orbit: C:\Program Files\Orbitdownloader\orbitmxt.dll [2008/09/17 15:01:42 | 00,101,496 | ---- | M] (Orbitdownloader.com)
Down&load all by Orbit: C:\Program Files\Orbitdownloader\orbitmxt.dll [2008/09/17 15:01:42 | 00,101,496 | ---- | M] (Orbitdownloader.com)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2003/05/29 14:53:12 | 00,001,320 | ---- | M] ()
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2003/05/29 14:53:08 | 00,002,681 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2003/05/29 14:53:08 | 00,002,681 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Button: Internet Connection Help -- %SystemRoot%\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Menu: Internet Connection Help -- %SystemRoot%\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Button: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2006/11/30 22:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [2006/11/30 22:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> [2006/11/30 22:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> [2006/11/30 22:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\*.windowsupdate: https in My Computer
microsoft.com\windowsupdate: https in My Computer
windosupdate.com: https in Trusted sites
66 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\*.windowsupdate: https in My Computer
microsoft.com\windowsupdate: https in My Computer
windosupdate.com: https in Trusted sites
66 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll -- Installation Support
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.1.99.cab -- CDownloadCtrl Object
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftu...b?1190170376890 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1190170363390 -- MUWebControl Class
{6F15128C-E66A-490C-B848-5000B5ABEEAC}: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab -- HP Download Manager
{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}: http://secure2.comned.com/signuptemplates/...login-devel.cab -- SecureLogin class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_05
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
Microsoft XML Parser for Java: file:///C:/WINDOWS/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1741BDC2-D034-4A01-806B-858451F2B8BA} (Servers: | Description: 1394 Net Adapter)
{324F85A4-F5A1-47B5-9ACF-AAC4CE971C59} (Servers: | Description: )
{75A6E3DC-41F3-4E7F-BBEF-C9560B72FD1C} (Servers: | Description: NVIDIA nForce Networking Controller)
{892900FC-9814-4488-99C0-81491C1EE93D} (Servers: | Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
{CD9C636A-EBA9-4FC5-AB48-5AE447418F89} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/09/29 11:22:29 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2006/05/31 09:47:06 | 00,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 07:01:14 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

autorun []
[2006/09/25 11:01:39 | 04,386,816 | R--- | M] () -- E:\autorun.exe -- [ UDF ]

Autorun.exe [MZ | ]
[2006/09/25 11:01:39 | 04,386,816 | R--- | M] () -- E:\Autorun.exe -- [ UDF ]

Autorun.inf [[autorun] | icon=bf2142.ico | open=Autorun.exe | ]
[2006/09/25 11:01:39 | 00,000,046 | R--- | M] () -- E:\Autorun.inf -- [ UDF ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command]
""=E:\bootcd\wintools\autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N\Shell\AutoRun\command]
""=N:\autorun.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[86 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/14 19:12:18 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe
[2008/10/14 18:16:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/10/12 17:29:05 | 00,848,328 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\octosetup_v_l_odd.exe
[2008/10/10 20:24:13 | 00,013,732 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\altanuralcovergf4.jpg
[2008/10/10 20:09:05 | 00,011,761 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Altan_Urag.torrent
[2008/10/10 14:08:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CCP
[2008/10/10 00:05:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\EVE
[2008/10/10 00:05:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\CCP
[2008/10/09 23:43:30 | 00,001,543 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\EVE.lnk
[2008/10/09 01:19:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/08 19:50:14 | 00,000,307 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to - Media Drive - - (G).lnk
[2008/10/08 19:48:47 | 00,000,747 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to YahooMessenger.exe.lnk
[2008/10/08 19:47:37 | 00,000,727 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to SpyEraser.exe.lnk
[2008/10/08 19:47:21 | 00,000,757 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to SpeedUpMyPC.exe.lnk
[2008/10/08 19:47:06 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to RegistryBooster.exe.lnk
[2008/10/08 19:45:15 | 00,000,626 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to msmsgs.exe.lnk
[2008/10/08 19:43:35 | 00,000,832 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to PitBoss.exe.lnk
[2008/10/08 19:43:07 | 00,001,005 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Civ4BeyondSword.exe.lnk
[2008/10/08 19:41:10 | 00,002,072 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Fall from Heaven (2).lnk
[2008/10/07 18:15:56 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\stinger.exe
[2008/10/06 23:46:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/10/06 23:30:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/10/06 23:30:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/10/06 23:30:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/10/06 23:27:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/10/06 23:22:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/10/06 23:17:40 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/10/06 23:17:38 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/10/06 23:17:38 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/10/06 23:17:37 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/10/06 23:17:37 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/10/06 23:17:36 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/10/06 23:17:36 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/10/06 23:17:33 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/10/06 23:17:33 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/10/06 23:17:32 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/10/06 23:17:30 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/10/06 23:17:30 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/10/06 23:17:29 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/10/06 23:17:29 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/10/06 23:17:28 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/10/06 23:17:28 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/10/06 23:17:27 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/10/06 23:17:27 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/10/06 23:17:27 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/10/06 23:17:26 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/10/06 23:17:22 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/10/06 23:17:22 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/10/06 23:17:21 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/10/06 23:17:21 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/10/06 23:17:21 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/10/06 23:17:21 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/10/06 23:17:21 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/10/06 23:17:20 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/10/06 23:17:20 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/10/06 23:17:15 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/10/06 23:17:15 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/10/06 23:17:15 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/10/06 23:17:15 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/10/06 23:17:11 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/10/06 23:17:05 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/10/06 23:17:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/10/06 23:17:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/10/06 23:17:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/10/06 23:17:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/10/06 23:16:54 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/10/06 23:16:54 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/10/06 23:16:54 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/10/06 23:16:52 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/10/06 23:16:52 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/10/06 23:16:50 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/10/06 23:16:49 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/10/06 23:16:47 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/10/06 23:16:47 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/10/06 23:16:47 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/10/06 23:16:47 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/10/06 23:16:47 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/10/06 23:16:47 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/10/06 23:16:47 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/10/06 23:16:47 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/10/06 23:16:47 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/10/06 23:16:45 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/10/06 23:16:45 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/10/06 23:16:45 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/10/06 23:16:45 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/10/06 23:16:45 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/10/06 23:16:45 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/10/06 23:16:45 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/10/06 23:16:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/10/06 23:16:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/10/06 23:16:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/10/06 23:16:44 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/10/06 23:16:43 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/10/06 23:16:41 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/10/06 23:16:41 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/10/06 23:16:41 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/10/06 23:16:41 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/10/06 23:16:40 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/10/06 23:16:39 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/10/06 23:16:38 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/10/06 23:16:38 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/10/06 20:18:48 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2008/10/06 01:22:52 | 00,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaee.dll
[2008/10/06 01:17:38 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/10/06 01:16:30 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/10/06 00:22:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2008/10/06 00:22:28 | 37,565,76768 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/05 22:33:28 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/05 22:33:28 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/05 22:33:27 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/05 22:33:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/05 22:33:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/05 16:01:47 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/10/05 16:01:46 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2008/10/05 11:13:43 | 00,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Cleaner v5.1 Free Edition.lnk
[2008/10/05 11:13:38 | 00,000,000 | ---D | C] -- C:\Program Files\The Cleaner Demo
[2008/10/05 10:08:53 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/10/04 23:56:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\FCULF
[2008/10/04 19:58:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\TmpRecentIcons
[2008/10/04 19:37:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Received Files
[2008/10/04 19:29:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\MSNInstaller
[2008/10/04 19:29:53 | 00,237,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2008/10/03 17:51:10 | 00,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2008/10/03 16:05:14 | 00,053,760 | ---- | C] (Tolunay Orkun) -- C:\Documents and Settings\HP_Administrator\Desktop\DRTCP021.exe
[2008/09/30 17:44:02 | 00,010,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Andy.wav
[2008/09/28 17:47:46 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/09/28 09:27:02 | 00,002,174 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sid Meier's Civilization IV Colonization.lnk
[2008/09/28 09:25:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\AzureusDownloading
[2008/09/28 09:24:27 | 00,000,000 | ---D | C] -- C:\Program Files\2K Games
[2008/09/28 01:36:06 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/09/28 01:36:06 | 00,012,936 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2008/09/28 01:36:06 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/09/28 01:36:06 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2008/09/28 01:36:03 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/09/28 01:36:03 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/09/28 01:36:01 | 28,751,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/09/28 01:36:01 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/09/28 01:36:01 | 00,307,238 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/09/28 01:36:01 | 00,068,419 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/09/28 01:36:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/09/26 07:29:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/09/26 02:01:04 | 02,233,942 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2008/09/24 20:01:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2008/09/24 19:31:53 | 00,000,000 | ---D | C] -- C:\nDoors
[2008/09/22 21:13:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2008/09/22 17:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Dreamlords
[2008/09/22 17:44:51 | 00,000,649 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2008/09/22 17:44:10 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2008/09/22 17:44:10 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2008/09/22 17:44:09 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2008/09/22 17:44:09 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2008/09/22 17:44:09 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2008/09/22 17:44:09 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2008/09/22 17:44:09 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2008/09/22 17:44:09 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2008/09/22 17:44:09 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2008/09/22 17:44:09 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2008/09/20 20:39:56 | 00,000,000 | ---D | C] -- C:\Program Files\AVG

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[86 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/14 19:12:28 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe
[2008/10/14 17:46:13 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/14 17:43:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/14 17:43:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/14 17:43:52 | 00,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2008/10/14 17:43:40 | 37,565,76768 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/14 07:43:55 | 28,751,634 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/13 19:17:27 | 00,139,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/10/13 19:17:20 | 00,111,928 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/10/12 23:52:42 | 00,187,392 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/12 18:03:50 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/12 17:29:12 | 00,848,328 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\octosetup_v_l_odd.exe
[2008/10/10 20:24:13 | 00,013,732 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\altanuralcovergf4.jpg
[2008/10/10 20:23:36 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/10/10 20:09:06 | 00,011,761 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Altan_Urag.torrent
[2008/10/10 19:25:35 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/10 07:27:52 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/09 23:43:30 | 00,001,543 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\EVE.lnk
[2008/10/09 20:25:24 | 02,233,942 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2008/10/09 03:30:00 | 00,000,464 | ---- | M] () -- C:\WINDOWS\tasks\ErrorRepairTool Scheduled Scan.job
[2008/10/08 23:56:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/08 19:50:14 | 00,000,307 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to - Media Drive - - (G).lnk
[2008/10/08 19:48:47 | 00,000,747 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to YahooMessenger.exe.lnk
[2008/10/08 19:47:37 | 00,000,727 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to SpyEraser.exe.lnk
[2008/10/08 19:47:21 | 00,000,757 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to SpeedUpMyPC.exe.lnk
[2008/10/08 19:47:06 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to RegistryBooster.exe.lnk
[2008/10/08 19:45:15 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to msmsgs.exe.lnk
[2008/10/08 19:43:35 | 00,000,832 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to PitBoss.exe.lnk
[2008/10/08 19:43:07 | 00,001,005 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to Civ4BeyondSword.exe.lnk
[2008/10/08 19:41:10 | 00,002,072 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Fall from Heaven (2).lnk
[2008/10/08 17:45:40 | 00,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/07 19:42:36 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bridge.sys
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\bridge.sys:SummaryInformation
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\drivers\bridge.sys:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[2008/10/07 19:42:36 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bridge.sys
[2008/10/07 18:16:04 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\stinger.exe
[2008/10/07 18:03:08 | 00,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/07 18:03:08 | 00,000,435 | -HS- | M] () -- C:\boot.ini
[2008/10/07 18:03:08 | 00,000,259 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/06 23:51:04 | 00,522,264 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/06 23:51:04 | 00,440,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/06 23:51:04 | 00,071,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/06 23:41:31 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/06 23:25:11 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/06 20:21:47 | 00,267,032 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/06 20:18:48 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2008/10/05 22:33:28 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/05 21:50:25 | 00,000,627 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\My Sharing Folders.lnk
[2008/10/05 16:12:41 | 00,267,032 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081006-202147.backup
[2008/10/05 15:05:06 | 00,068,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/05 11:13:43 | 00,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Cleaner v5.1 Free Edition.lnk
[2008/10/04 23:56:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\FCULF
[2008/10/03 17:51:10 | 00,000,091 | ---- | M] () -- C:\WINDOWS\CIV.INI
[2008/10/03 16:05:16 | 00,053,760 | ---- | M] (Tolunay Orkun) -- C:\Documents and Settings\HP_Administrator\Desktop\DRTCP021.exe
[2008/09/30 17:44:02 | 00,010,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Andy.wav
[2008/09/29 11:22:34 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/09/29 11:22:29 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/09/29 11:22:29 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/09/29 11:22:29 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2008/09/29 11:22:29 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/09/28 16:15:18 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2008/09/28 09:27:13 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/09/28 09:27:02 | 00,002,174 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sid Meier's Civilization IV Colonization.lnk
[2008/09/28 01:41:43 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/09/28 01:36:06 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.0.lnk
[2008/09/27 17:58:57 | 00,049,592 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2008/09/22 21:13:25 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2008/09/22 21:13:25 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2008/09/22 21:13:25 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2008/09/22 17:44:51 | 00,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2008/09/18 22:22:51 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PUTTY.RND
< End of report >








OTViewIt Extras logfile created on: 10/14/2008 7:12:52 PM - Run
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 5373;G:\pagefile.sys 2 5373;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.28 Gb Total Space | 132.60 Gb Free Space | 45.84% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.43 Gb Free Space | 4.89% Space Free | Partition Type: FAT32
Drive E: | 3.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 98.93 Gb Free Space | 42.48% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GYPSY
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/05/31 09:51:07 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/12/15 20:40:44 | 00,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/12/15 21:47:22 | 00,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/01/24 03:40:30 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/01/24 03:40:04 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/01/24 03:35:14 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/09/21 06:40:04 | 00,196,608 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/09/21 06:01:22 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/01/24 04:09:36 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/09/21 06:25:22 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/01/24 03:38:52 | 00,438,272 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2006/02/10 01:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2006/02/10 01:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/01/24 04:03:00 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2005/12/15 21:51:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
[2006/05/31 09:51:07 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
[2007/05/16 23:52:50 | 11,739,782 | ---- | M] (Firaxis Games) -- C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
[2006/11/30 22:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/11/30 22:49:06 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/05/16 20:25:20 | 11,134,130 | ---- | M] (Firaxis Games) -- C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords
[2007/05/16 20:57:52 | 08,581,120 | ---- | M] (Firaxis Games) -- C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/10/09 17:19:14 | 03,223,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Mycelia Networks\FireAnt RC1\FireANT.exe:*:Enabled:FireAnt
File not found -- F:\games\STALKER\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
File not found -- F:\games\STALKER\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
[2008/09/06 15:09:38 | 07,685,424 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player
[2008/08/22 12:18:30 | 02,330,624 | ---- | M] () -- C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad
File not found -- C:\Program Files\Steam\steamapps\common\silverfall demo\Silverfall.exe:*:Enabled:Silverfall
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader
File not found -- C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Disabled:Blizzard Downloader
File not found -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Documents and Settings\HP_Administrator\Desktop\utorrent(2).exe:*:Enabled:µTorrent
[2007/04/16 03:50:16 | 01,740,800 | ---- | M] () -- C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla
[2007/11/20 18:48:55 | 01,271,032 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe:*:Enabled:Steam
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\WINDOWS\system32\msnmgr32.exe:*:Enabled:msnmgr32
[2008/04/13 19:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App
[2008/04/13 19:12:20 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program
[2008/09/28 09:21:55 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2007/09/27 15:48:40 | 14,105,000 | R--- | M] (Firaxis Games) -- C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword
[2007/09/27 15:48:42 | 11,650,360 | R--- | M] (Firaxis Games) -- C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss
File not found -- F:\games\COD4\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp
File not found -- F:\games\Halo\Halo\halo.exe:*:Enabled:Halo
File not found -- F:\games\Sins of a Solar Empire\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire
File not found -- F:\games\Elite Forces II\EF2.exe:*:Enabled:Elite Force II
File not found -- F:\games\Test Drive Unlimited\TDU\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited
[2008/03/06 23:52:57 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Azureus\Azureus.exe:LocalSubNet:Enabled:Azureus
File not found -- G:\games\Elite Forces II\EF2.exe:*:Enabled:Elite Force II
File not found -- C:\KAV\kis\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup
[2008/09/17 15:01:54 | 01,707,208 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
[2008/03/18 15:34:14 | 00,356,352 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
[2008/05/21 13:33:10 | 08,419,956 | ---- | M] () -- G:\games\BATTLEFIELD2142\BF2142.exe:*:Enabled:Battlefield 2
[2008/09/02 23:59:05 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/10/13 19:17:20 | 00,111,928 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
[2008/10/13 19:17:20 | 00,111,928 | ---- | M] () -- G:\games\BATTLEFIELD2142\pb\PnkBstrB.exe:*:Enabled:PnkBstrB.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/28 09:07:48 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/09/29 11:22:29 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/09/29 11:22:33 | 00,424,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
[2008/09/23 16:41:58 | 40,834,360 | ---- | M] (Firaxis Games) -- C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization
[2008/06/23 04:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/09/25 16:40:46 | 00,513,280 | ---- | M] (CCP hf.) -- C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/29 11:22:33 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 13:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 11:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 14:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 14:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 14:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}"=SlideShow
"{0A7FBF0B-F96C-B34F-7627-0F93C9A8FABD}"=Skins
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}"=AiO_Scan
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}"=TrayApp
"{0E2DAB2F-5A2F-8F65-1006-30E94506B15D}"=Skins
"{0EAEADF7-E54A-44A2-A8A8-0C33282C8716}"=Ringtone Maker
"{0ED47137-C071-46CC-A243-E5E33271E10E}"=Windows Live Sign-in Assistant
"{0F33250B-7C59-5A14-6ED5-FCC251A962D0}"=Skins
"{1341D838-719C-4A05-B50F-49420CA1B4BB}"=HP Boot Optimizer
"{14378007-ACD5-2482-33A1-F79289A452E7}"=Catalyst Control Center Graphics Full Existing
"{1506CE23-3FB8-E0DA-3B07-D68669C33CD7}"=ccc-core-preinstall
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}"=cp_OnlineProjectsConfig
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1E1CB0CC-50E9-2618-5D7C-03BE0A27E118}"=Catalyst Control Center Core Implementation
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}"=Status
"{1FD7A431-CFA5-EDB0-830B-9FADA4847E94}"=Catalyst Control Center Graphics Full Existing
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}"=Media Center Extender
"{269D9176-CEF5-81BE-D204-B90ACA0ECD79}"=Catalyst Control Center Core Implementation
"{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}"=muvee autoProducer 5.0
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}"=Quicken 2006
"{285BA1C9-183C-40A3-A925-6078B82F01B3}"=Java Access Bridge
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}"=HP Deskjet Printer Preload
"{2CCBABCB-6427-4A55-B091-49864623C43F}"=Google Toolbar for Firefox
"{2D85CB00-4FF0-26A5-D07F-3548AE418506}"=Skins
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}"=Sonic_PrimoSDK
"{302EF6FB-3EE7-407D-2DDE-2C021A1A0918}"=ccc-utility
"{30852BD9-1787-4834-B0B5-D20C6CF10666}"=AMD OverDrive
"{31263605-FC84-4787-B847-BA445B147E24}"=ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150050}"=J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150080}"=J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}"=Sid Meier's Civilization 4 - Beyond the Sword
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}"=SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}"=HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}"=LightScribe 1.4.84.1
"{35725FBC-A136-4A46-9F29-091759D9BB93}"=MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}"=Logitech QuickCam
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}"=ATI Parental Control & Encoder
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}"=OptionalContentQFolder
"{3819891A-030B-4a4e-98ED-B28A649E48AB}"=HP Deskjet 3900 series
"{393C1150-6EBF-D1DA-BDC2-3E1D1D772B44}"=Catalyst Control Center Graphics Full Existing
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}"=DocumentViewer
"{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10
"{3E4B349F-10B5-4586-9D99-489A90A8B228}"=Sid Meier's Civilization 4 - Warlords
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}"=WIDCOMM Bluetooth Software
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}"=CP_Package_Basic1
"{42F6BED9-41DD-40F1-85A8-8E0350493626}"=HPDeskjet3900Series
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}"=HP DVD Play 2.1
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}"=SolutionCenter
"{4CA9EA31-65E6-00E2-3DBB-19AF01D51C8D}"=Catalyst Control Center Graphics Light
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{536F7C74-844B-4683-B0C5-EA39E19A6FE3}"=Microsoft AntiSpyware
"{5421155F-B033-49DB-9B33-8F80F233D4D5}"=GdiplusUpgrade
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}"=NewCopy
"{554E0167-0B53-B866-9512-44B766FABAAF}"=ccc-utility
"{55574205-0833-A7A2-FD0D-D1520E5469DD}"=CCC Help English
"{57F7C02B-D36E-3F81-239B-FD031984ADFE}"=Catalyst Control Center Graphics Previews Common
"{5B257C09-6A05-4308-9A6D-E8A2CAE21EA9}"=Star Wars Galaxies: The Total Experience
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}"=MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}"=HP PSC & OfficeJet 5.3.B
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}"=HP Photosmart Cameras 6.0
"{5E6E4E39-B0D8-4FA8-826A-31ABA2935E92}"=Machine Check Analysis Tool
"{5EF19AD3-1873-9072-D526-E8F4E6A9EE59}"=Catalyst Control Center Graphics Full New
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}"=PlayNC Launcher
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}"=muvee autoProducer unPlugged 2.0
"{621C02EA-AAFF-4026-A903-165D59529A16}"=Driver Detective
"{62369F2F77534556AEF4C58152E3BDE5}"=
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}"=Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}"=RandMap
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}"=Microsoft Xbox 360 Accessories 1.1
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{68C83D63-C661-C444-7E60-E0328D842ECB}"=ccc-core-preinstall
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69580770-C77E-67FE-014F-BE02DF5D8A4F}"=ccc-core-preinstall
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}"=CameraDrivers
"{6A4C13C8-39F5-305C-44DE-CD26E1DE0DD6}"=Catalyst Control Center Graphics Full New
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}"=Power Tab Editor 1.7
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{6EACA7EA-CA28-1333-206C-C985F7F22C2F}"=CCC Help English
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{729DF902-05F9-4C00-9E6D-411119824E5F}"=hpiCamDrvQFolder
"{72D07FDD-94B7-A4EE-8C28-888C55D33831}"=ccc-core-static
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}"=PSTAPlugin
"{7585478E9D9B42108671C12F8714CEFE}"=
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}"=PSPrinters08
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1"=ConvertXtoDVD 3.0.0.9
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}"=AiOSoftware
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7A239A2D-92B3-3AC3-484D-2E487F87F0E0}"=Catalyst Control Center Graphics Light
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7FFC95A3-A514-E94D-72A1-B0FF80656519}"=CCC Help English
"{80FD852F-5AAC-4129-B931-06AAFFA43138}"=iTunes
"{8183EF47-6E87-E9F8-47ED-2FE07F85F656}"=Catalyst Control Center Graphics Previews Common
"{82081779-4175-4666-A457-AB711CD37EF0}"=cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}"=CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}"=CP_AtenaShokunin1Config
"{82E760D8-F344-3DE4-134D-2D782E31AACF}"=Catalyst Control Center Core Implementation
"{83FF62E8-EAE3-B5DA-7A63-A2ADD3499671}"=Catalyst Control Center Graphics Full New
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}"=SlideShowMusic
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}"=ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A534F71-3202-4464-A422-B767295E67B9}"=CP_Package_Variety2
"{8ADC27DB-E2C8-446C-A576-166C05C2DD24}"=
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}"=URGE
"{8C30E1DC-D83E-4A90-AD02-1A275FC71033}"=Nero 7 Premium
"{8C5FAD77-F678-4758-A296-C12F08D179E0}"=Microsoft IntelliPoint 6.2
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{8D0049D9-265D-145D-96D7-CD5814DA7092}"=ccc-core-static
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8F3CF9E1-D738-4C2B-8193-F45AC8B0EC7C}"=Windows Vista Upgrade Advisor
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{91BFB889-7BDE-E3BB-A622-068DB5202B0F}"=Catalyst Control Center Graphics Previews Common
"{92682D65-E96D-83B0-AB2B-547F32FDCB8C}"=CCC Help English
"{93E5A317-24EC-4744-812C-16FECFE86E6A}"=CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}"=
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}"=AGEIA PhysX v7.11.13
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{97FA9DC8-B4AF-84EE-DA97-B13FE28381BA}"=ccc-utility
"{9862B19F-4CAD-4EED-920F-2F378D84393F}"=ATI Parental Control & Encoder
"{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}"=ATI MCE Transcode
"{9D622363-9235-E8F0-380C-D9114D77FB52}"=ccc-core-static
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}"=InstantShareDevices
"{A3455242-DAE0-4523-8242-FD82706ABF4B}"=CameraDrivers
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-5760-0000-800000000003}"=Japanese Fonts Support For Adobe Reader 8
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B0DF3B29-A391-47BE-B6E0-A128459E9C72}"=OfficeFX
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}"=cp_PosterPrintConfig
"{B2873CC3-6176-40EC-A0D6-3433BD0ED7D0}"=UTStarcom CDMA Handset USB Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}"=Sid Meier's Civilization 4
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B6286A44-7505-471A-A72B-04EC2DB2F442}"=CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}"=CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B83245C1-AB8A-40C1-91C0-CEDBDB84255D}"=LG PhoneManager
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}"=CameraUserGuides
"{BA9A7A5D-5976-3682-826C-CDE03A0DE33D}"=Catalyst Control Center Graphics Full New
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}"=DocProc
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}"=PhotoGallery
"{C23C75C1-2243-4CA0-8299-AA03097E3EB9}"=RSD_LITE_3_2
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}"=cp_UpdateProjectsConfig
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}"=Scan
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}"=Windows Vista Upgrade Advisor
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}"=AVIVO Codecs
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}"=Toolbox
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{C9DD3547-2B8B-B451-F479-30F8B05ED6D6}"=Catalyst Control Center Graphics Full Existing
"{CAB14F80-C2F5-9A26-4B65-81EDBB7D8F7F}"=Catalyst Control Center Core Implementation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}"=Fax
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}"=Microsoft Game Studios Common Redistributables Pack 1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}"=Sid Meier's Civilization 4
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D6E00160-F372-F959-A54C-ABDE5E03B170}"=ccc-core-preinstall
"{D721F201-E316-0825-7D23-48C16939914F}"=ccc-utility
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}"=HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DEBB2986-15B0-4D28-95FA-5C966A396589}"=HPProductAssistant
"{E07FEDF6-3E9E-2F4C-3734-15B839CC3CD3}"=Catalyst Control Center Graphics Light
"{E2BE1618-AF5F-4F7D-8484-42E080EDF609}"=AGEIA PhysX v7.01.12
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}"=PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}"=HP PSC & OfficeJet 6.1.A
"{E5D3E730-1EF6-7876-358A-41C0E61475F5}"=Catalyst Control Center Graphics Light
"{E655FF26-A57F-4411-8468-47D153E699E9}"=Battlefield 2142 Server
"{EB21A812-671B-4D08-B974-2A347F0D8F70}"=HP Photosmart Essential
"{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}"=
"{EC2715CE-C182-483C-84CC-81D7D914CF14}"=WebReg
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}"=Sins of a Solar Empire
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}"=CP_CalendarTemplates1
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}"=Battlefield 2142
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}"=Sid Meier's Civilization IV Colonization
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{F6E8A267-465A-59EC-7720-84EA1DB2D579}"=ccc-core-static
"{F73920B1-FD39-6893-4E9B-748311B666AF}"=Catalyst Control Center Graphics Previews Common
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}"=HP DigitalMedia Archive
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"{FB15E224-67C3-491F-9F5C-F257BC418412}"=Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"12133444-BF36-4d4e-B7FB-A3424C645DE4"=GemMaster Mystic
"53F13DB4D9611FD63BE580F06F0729BF236ABE68"=Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip"=7-Zip 4.57
"AddressBook"=
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"Age of Empires 2.0"=Microsoft Age of Empires II
"Age of Empires Gold 1.0"=Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0"=Microsoft Age of Empires II: The Conquerors Expansion
"Alarm Clock_is1"=Alarm Clock v1.0
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"AudioPlugin.dll"=
"AVG8Uninstall"=AVG 8.0
"AviSynth"=AviSynth 2.5
"AwayMode160"=Microsoft Away Mode
"Azureus"=Azureus
"B3EE3001-DC24-4cd1-8743-5692C716659F"=Otto
"Battlefield 2142 Map - Walker Battle"=Battlefield 2142 Map - Walker Battle
"BroadJump Client Foundation"=BroadJump Client Foundation
"Cell Phone Wallpaper Maker_is1"=Cell Phone Wallpaper Maker 2.0
"Celtic Kings"=Celtic Kings
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1"=Soft Data Fax Modem with SmartCP
"Connection Manager"=
"CopyNow.dll"=
"DataPlugin.dll"=
"DirectAnimation"=
"DirectDrawEx"=
"DivX Codec"=DivX Codec
"DVD Shrink_is1"=DVD Shrink 3.2
"DXM_Runtime"=
"EAFunctions.dll"=
"Earthsim"=Earthsim
"EHome Devices"=Media Center Extender
"EVE"=EVE-ONLINE (remove only)
"FileZilla"=FileZilla (remove only)
"FireflySS1 Screensaver"=FireflySS1 Screensaver
"Fontcore"=
"Forgotten Realms Atlas"=Forgotten Realms Atlas
"Galactic Civilizations II - Gold Edition"=Galactic Civilizations II - Gold Edition
"GrabProGrabPro"=GrabPro - Toolbar
"Guitar Pro 5_is1"=Guitar Pro 5.0
"GuitarScalesMethod_is1"=GSM 1.1.4.2
"HijackThis"=HijackThis 2.0.2
"Homeworld2"=Homeworld2
"HP Document Viewer"=HP Document Viewer 6.1
"HP Game Console"=HP Game Console
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Photo & Imaging"=HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC"=HP Photosmart for Media Center PC
"HP Rhapsody"=HP Rhapsody
"HP Solution Center & Imaging Support Tools"=HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities"=HP Extended Capabilities 5.0
"HPOOVClient-9972322 Uninstaller"=Updates from HP (remove only)
"ICW"=
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"IE40"=
"IE4Data"=
"IE5BAKEX"=
"ie7"=Windows Internet Explorer 7
"IEData"=
"IGN Download Manager"=IGN Download Manager 2.3.1
"ImgBurn"=ImgBurn (Remove Only)
"InstallShield Uninstall Information"=
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10
"InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=
"InterActual Player"=InterActual Player
"KB884016"=
"KB884267"=
"KB885353"=
"KB886612"=
"KB887078"=
"KB887626"=
"KB888656"=
"KB889858"=
"KB891122"=
"KB892313"=
"KB893240"=
"KB893241"=
"KB893803"=
"KB895181"=
"KB895316"=
"KB895572"=
"KB897586"=
"KB898549"=
"KB900325"=Update Rollup 2 for Windows XP Media Center Edition 2005
"KB900399"=
"KB902344"=
"KB907658"=
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"KB911854"=
"KBD"=Enhanced Multimedia Keyboard Solution
"KBKB895961"=
"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)
"Logitech VideoCall"=
"LucasArts' TIE Fighter"=LucasArts' TIE Fighter
"LucasArts' XvT: Flight School"=LucasArts' XvT: Flight School
"LucasArts' X-Wing"=LucasArts' X-Wing
"Mabinogi"=Mabinogi
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Microsoft Interactive Training"=
"MobileOptionPack"=
"Money2006b"=Microsoft Money 2006
"Move Player_is1"=Move Networks Player for Firefox
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016"=
"MSI30-Beta1"=
"MSI30-Beta2"=
"MSI30-KB884016"=
"MSI30-RC1"=
"MSI30-RC2"=
"MSI31-Beta"=
"MSI31-RC1"=
"MSNINST"=MSN
"Nero - Burning Rom!UninstallKey"=
"NeroBackItUp!UninstallKey"=
"NeroMediaHome!UninstallKey"=
"NeroRecode!UninstallKey"=
"NeroShowTime!UninstallKey"=
"NeroVision!UninstallKey"=
"NetMeeting"=
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Orbit_is1"=Orbit Downloader
"OutlookExpress"=
"PCHealth"=
"PowerISO"=PowerISO
"ProtectDisc Driver 11"=ProtectDisc Driver, Version 11
"PunkBusterSvc"=PunkBuster Services
"Python 2.2.3"=Python 2.2.3
"pywin32-py2.2"=Python 2.2 pywin32 extensions (build 203)
"QcDrv"=Logitech® Camera Driver
"RealPlayer 6.0"=RealPlayer
"RegistryBooster 2_is1"=Uniblue RegistryBooster 2
"RTP for RM2K (Png, Wav, Midi, Fonts)"=RTP for RM2K (Png, Wav, Midi, Fonts)
"SBC.MCCInstall"=AT&T Self Support Tool
"SchedulingAgent"=
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Sid Meier's Alpha Centauri"=Sid Meier's Alpha Centauri
"Sins of a Solar Empire"=Sins of a Solar Empire
"SpeedUpMyPC_is1"=Uniblue SpeedUpMyPC 3
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.1.15
"SpyEraser_is1"=Uniblue SpyEraser
"ST6UNST #1"=Character Creator 1.1
"Stardock Central"=Stardock Central
"Syncrosoft's License Control"=Syncrosoft's License Control
"SystemRequirementsLab"=System Requirements Lab
"The Cleaner v5.2 Demo Edition_is1"=The Cleaner 5.2
"Trend Micro HouseCall 6.6"=HouseCall 6.6
"UnityWebPlayer"=Unity Web Player
"Videora iPod Converter"=Videora iPod Converter 0.91
"View32"=View32
"VLC media player"=VideoLAN VLC media player 0.8.6d
"Wdf01000"=
"Wdf01001"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WT004613"=Tornado Jockey
"WT005513"=Super Granny
"WT005515"=Polar Bowler
"WT005517"=Blasterball 2 Remix
"WT005518"=Polar Golfer
"WT005519"=Ricochet Lost Worlds
"WT005520"=Blackhawk Striker 2
"WT005521"=Blasterball 2 Revolution
"WT005523"=Tradewinds
"WT005524"=Bounce Symphony
"WT005630"=Alien Outbreak 2
"WT005631"=Fairies
"WT005632"=Snowy The Bears Adventure
"WT005634"=Bejeweled 2 Deluxe
"WT005635"=Big Kahuna Reef
"WT005636"=Bookworm Deluxe
"WT005637"=Chuzzle Deluxe
"WT005638"=Diner Dash
"WT005639"=Family Feud
"WT005640"=Flip Words
"WT005641"=Insaniquarium Deluxe
"WT005642"=Jewel Quest
"WT005643"=Mah Jong Quest
"WT005644"=Mystery Case Files
"WT005645"=Poker Superstars
"WT005646"=SCRABBLE
"WT005647"=Slingo Deluxe
"WT005648"=Tennis Titans
"WT006069"=FATE
"WT006072"=Ancient Sudoku
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver"=Xbox 360 Controller for Windows
"Xfire"=Xfire (remove only)
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Customizations"=Yahoo! Browser Services
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Toolbar"=Yahoo! Toolbar
"Zoo Tycoon 1.0"=Zoo Tycoon: Complete Collection

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Add-on best BF2142"=Add-on best BF2142
"NCSOFT-TABULARASAPTS"=Tabula Rasa (PTS)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3658070223-4091123075-1730714233-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Add-on best BF2142"=Add-on best BF2142
"NCSOFT-TABULARASAPTS"=Tabula Rasa (PTS)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2008 2:06:59 PM | Computer Name = GYPSY | Source = | ID = 0
Description =

Error - 10/10/2008 2:06:59 PM | Computer Name = GYPSY | Source = | ID = 0
Description =

Error - 10/11/2008 1:15:01 AM | Computer Name = GYPSY | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 10/11/2008 3:31:00 AM | Computer Name = GYPSY | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 10/11/2008 11:53:04 AM | Computer Name = GYPSY | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 10/11/2008 3:48:15 PM | Computer Name = GYPSY | Source = Application Error | ID = 1000
Description = Faulting application spyeraser.exe, version 2.0.1.1530, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00037fd4.

Error - 10/12/2008 11:42:20 AM | Computer Name = GYPSY | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 10/13/2008 8:10:51 AM | Computer Name = GYPSY | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 10/13/2008 5:27:46 PM | Computer Name = GYPSY | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

Error - 10/14/2008 8:11:31 AM | Computer Name = GYPSY | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x00000000.

[ System Events ]
Error - 10/13/2008 2:31:45 PM | Computer Name = GYPSY | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 340 (0x154).

Error - 10/13/2008 5:43:19 PM | Computer Name = GYPSY | Source = PlugPlayManager | ID = 12
Description = The device 'TSSTcorp CD/DVDW TS-H652L' (IDE\CdRomTSSTcorp_CD/DVDW_TS-H652L_______________0603____\5&3b6e5ef6&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 10/13/2008 8:12:01 PM | Computer Name = GYPSY | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%3

Error - 10/13/2008 8:12:01 PM | Computer Name = GYPSY | Source = Service Control Manager | ID = 7000
Description = The LVCOMSer service failed to start due to the following error: %%3

Error - 10/13/2008 8:12:01 PM | Computer Name = GYPSY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 10/13/2008 8:12:10 PM | Computer Name = GYPSY | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 340 (0x154).

Error - 10/14/2008 6:45:21 PM | Computer Name = GYPSY | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%3

Error - 10/14/2008 6:45:21 PM | Computer Name = GYPSY | Source = Service Control Manager | ID = 7000
Description = The LVCOMSer service failed to start due to the following error: %%3

Error - 10/14/2008 6:45:21 PM | Computer Name = GYPSY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 10/14/2008 6:45:38 PM | Computer Name = GYPSY | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 340 (0x154).


< End of report >

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 15 October 2008 - 07:20 AM

Hello Gypsytwi.

I see that you have AVG and symantec installed. Please uninstall one antivirus through Add/Remove Programs.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore when booted, navigate to C:\WINDOWS\erdnt (possibly WINNT), choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.
Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :services
    AVKLWJWK
    GLQXF
    SVZV
    WSCUOBYAXOR
    
    :commands
    [Reboot]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

You can refer to this page which has a visual of the instructions above.


Please post back with:
-the OTMoveIt log
-the MalwareBytes log
-a new OTViewIt log
-a new HijackThis log

Also tell me how your computer is running now.

With Regards,
The Panda

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 20 October 2008 - 10:48 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 20 October 2008 - 04:43 PM

Hello.

Topic is re-opened :thumbsup: .

Please complete the instructions above an post back with the logs.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users