Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezes and Restarts on its own


  • This topic is locked This topic is locked
12 replies to this topic

#1 Darkumas

Darkumas

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 06 October 2008 - 03:20 PM

For the past week my computer would just freeze on its own and just restarts by itself. There are also programs that I have uninstalled that are still there. Below is a hijackthis log and my log from running kaspersky online scanner.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:21 PM, on 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.packetnews.com
O16 - DPF: PUFLITE - http://www.hinesville-homes.com/Office/Col...rol/PUFLITE.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://cor.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://sav.mlxchange.com/Control/Specfile.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsol...scueControl.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://sav.mlxchange.com/Control/SISC.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sav.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140527851687
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sav.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://sav.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/amun...mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sav.mlxchange.com/4.2.07.27/Control/IRCSharc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...s/heartbeat.cab
O16 - DPF: {8D81ABB2-067E-4B3F-B942-87DAFF3DABEC} (Installer Class) - https://www.topproduceronline.com/tpmedic/t...staller1100.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://sav.mlxchange.com/Control/AspCustomCtrls.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 13625 bytes



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 6, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 06, 2008 13:05:11
Records in database: 1294374
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 79408
Threat name: 6
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 07:05:46


File name / Threat name / Threats count
C:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\winmx_music_42l.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 1
C:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\winmx_music_42l.exe Infected: not-a-virus:AdWare.Win32.WebHancer.b 1
C:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\winmx_music_42l.exe Infected: not-a-virus:AdWare.Win32.WebHancer 2
C:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\winmx_music_42l.exe Infected: not-a-virus:AdWare.Win32.WebHancer.370 1
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Backdoor.Win32.Rbot.rhs 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Program Files\WinMX Music\Shared\winmx_music_42l.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 1
C:\Program Files\WinMX Music\Shared\winmx_music_42l.exe Infected: not-a-virus:AdWare.Win32.WebHancer.b 1
C:\Program Files\WinMX Music\Shared\winmx_music_42l.exe Infected: not-a-virus:AdWare.Win32.WebHancer 2
C:\Program Files\WinMX Music\Shared\winmx_music_42l.exe Infected: not-a-virus:AdWare.Win32.WebHancer.370 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:59 PM

Posted 06 October 2008 - 06:21 PM

Hi Darkumas,

I am going to assist you with your problem.

Please refrain from making any changes to your system as it might prolong handling your log and make the job for both of us more difficult.
  • Disable automatic startup:
  • Go to start right-click My computer and select Properties.
  • Under Advanced tab in the section Startup and Recovery press Settings.
  • Under System failure section:
  • Write an event to the system log option should be checked.
  • Send an administrative alert should be checked.
  • Uncheck Automatically restart.
  • Click OK twice.
  • The next time Windows encounter a problem will not restart automatically and gives you an error message. If it happens Note the exact message and post it to your reply

[*]Turn off Windows automatic updates as it might lead to unexpected results at this stage:
  • Go to start -> Control Panel -> double-click System to open it.
  • Go to the Automatic Updates tab.
  • Select the "Turn off Automatic Updates" box.
  • Click Apply and then OK.

[*]You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do.
  • First disable TeaTimer:
    • Run Spybot-S&D
    • Go to the Mode menu, and make sure Advanced Mode is selected
    • On the left hand side, choose Tools -> Resident
    • Uncheck Resident TeaTimer and OK any prompts
    • Restart your computer.
    Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

    Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

  • Then download ResetTeaTimer.exe to your desktop. (In case you use Firefox, rightclick the link and choose "Save Link As").
    • Doubleclick ResetTeaTimer.exe and let it run.
This will only take a few seconds.


[*]You have an infected e-mail with attachment in one of the Outlook folders. Tell me if you can empty all the e-mails with attachment without opening them or there e-mails with attachment you want to keep. In that case we might need to run Kaspersky again later on.


[*]Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

O15 - Trusted Zone: http://*.packetnews.com

Optional: The above site is set to the safe zone. It means that the traffic created by this site won't be checked by security checkpoints any more. While this might be safe to visit it might not be safe all the time and its traffic better pass through the security checkpoint.

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


[*]Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the OTViewIt icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Set File age to 60 days.
  • Type in the Custom Scans section: hijackthisbackups
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

[*]Tell me what programs you have uninstalled but they are still on your system?
[/list]

#3 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 06 October 2008 - 08:06 PM

I deleted everything in all the outlook folders. I uninstalled WinMX Music a while ago and thats one of the files Kaspersky said was infected so I'm assuming it's still there. I also noticed that whenever I open the "My Documents" folder my explore receives an error and shuts down. Below are th elogs you requested.

OTViewIt logfile created on: 10/6/2008 8:59:30 PM - Run
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 98.42 Mb Available Physical Memory | 19.24% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 69.09% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 34.70 Gb Free Space | 23.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 154.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MY-BCFF96EF5289
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2004/08/04 08:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
[2004/08/04 08:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
[2004/08/04 08:00:00 | 00,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
[2004/08/04 08:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
[2004/08/04 08:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/06/10 19:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
[2008/10/05 22:06:04 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2007/01/12 17:45:32 | 00,249,904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
[2007/12/05 02:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/01/12 17:45:24 | 00,590,384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
[2008/02/01 01:13:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
[2007/01/12 17:45:28 | 00,251,440 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
[2007/02/05 15:34:38 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2005/11/16 23:19:00 | 05,264,384 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
[2007/01/12 17:45:32 | 00,897,584 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
[2008/10/05 22:06:07 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2004/08/04 08:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/05/04 06:52:00 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2008/10/05 22:06:05 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2004/08/04 08:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
[2007/09/06 09:08:02 | 00,136,136 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
[2004/08/04 08:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
[2008/09/28 10:06:02 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/10/06 20:58:17 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Alerter [Auto | Running])
[2004/08/04 08:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe -- (ALG [On_Demand | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AppMgmt [On_Demand | Stopped])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AudioSrv [Auto | Running])
[2008/10/05 22:06:04 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (BITS [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Browser [Auto | Stopped])
[2004/08/04 08:00:00 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv [Disabled | Stopped])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (CryptSvc [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (DcomLaunch [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dhcp [Auto | Running])
[2004/08/04 08:00:00 | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (dmserver [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Dnscache [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ERSvc [Auto | Running])
[2004/08/04 08:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (Eventlog [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (EventSystem [On_Demand | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (FastUserSwitchingCompatibility [On_Demand | Running])
[2008/05/30 12:02:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/01/12 17:45:32 | 00,249,904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (helpsvc [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (HidServ [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (HTTPFilter [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,150,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imapi.exe -- (ImapiService [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanserver [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (lanmanworkstation [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (LmHosts [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Messenger [Disabled | Stopped])
[2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC [On_Demand | Stopped])
[2005/05/04 17:45:36 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
[2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
[2002/12/17 18:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDE [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (Netlogon [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Netman [On_Demand | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Nla [On_Demand | Running])
[2004/08/04 08:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (NtmsSvc [On_Demand | Stopped])
[2007/12/05 02:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (PlugPlay [Auto | Running])
[2008/02/01 01:13:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2004/08/04 08:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent [Auto | Running])
[2004/08/04 08:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasAuto [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RasMan [Auto | Running])
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RemoteAccess [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\locator.exe -- (RpcLocator [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (RpcSs [Auto | Running])
[2004/08/04 08:00:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvp.exe -- (RSVP [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (SamSs [Auto | Running])
[2004/08/04 08:00:00 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Schedule [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (seclogon [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SENS [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SharedAccess [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (ShellHWDetection [Auto | Running])
[2005/06/10 19:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler [Auto | Running])
[2002/12/17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (srservice [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (SSDPSRV [On_Demand | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (stisvc [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (SwPrv [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TapiSrv [On_Demand | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TermService [On_Demand | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (Themes [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (TrkWks [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (upnphost [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ups.exe -- (UPS [On_Demand | Stopped])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,289,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vssvc.exe -- (VSS [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (W32Time [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WebClient [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (winmgmt [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WmdmPmSN [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wscsvc [Auto | Running])
[2007/02/05 15:34:38 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (wuauserv [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WudfSvc [Auto | Running])
[2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- (WUSB54Gv42SVC [Auto | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (WZCSVC [Auto | Stopped])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (xmlprov [On_Demand | Stopped])

========== Driver Services ==========

[2004/08/04 08:00:00 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI [Boot | Running])
[2004/08/04 08:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC [Disabled | Stopped])
[2006/02/14 20:22:26 | 00,142,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys -- (aec [On_Demand | Stopped])
[2007/09/30 15:43:01 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2008/06/20 06:44:38 | 00,138,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD [System | Running])
[2005/05/06 02:35:00 | 02,318,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2000/01/08 10:22:36 | 00,010,240 | ---- | M] (VOB Computersysteme GmbH) -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi [System | Running])
[2004/08/04 08:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2008/02/12 00:06:51 | 00,278,984 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2004/08/04 08:00:00 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc [On_Demand | Stopped])
[2001/08/17 09:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub [On_Demand | Running])
[2008/10/05 22:06:18 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/10/05 22:06:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
[2004/08/04 08:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio [System | Stopped])
[2004/08/04 08:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs [Disabled | Running])
[2008/07/11 02:05:33 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2004/08/04 08:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom [System | Running])
[2004/08/04 08:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk [Boot | Running])
[2004/08/04 08:00:00 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload [Disabled | Stopped])
[2004/08/04 02:07:40 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic [On_Demand | Stopped])
[2004/08/04 02:07:58 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud [On_Demand | Stopped])
[2006/12/10 19:56:44 | 00,018,816 | ---- | M] (RIF) -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh [On_Demand | Running])
[2004/08/04 08:00:00 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc [On_Demand | Running])
[2004/08/04 08:00:00 | 00,034,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips [System | Running])
[2004/08/04 08:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk [On_Demand | Running])
[2006/08/21 05:14:58 | 00,128,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr [Boot | Running])
[2004/08/04 08:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk [Boot | Running])
[2004/08/04 08:00:00 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc [On_Demand | Running])
[2001/08/17 14:02:20 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb [On_Demand | Running])
[2006/03/16 20:33:10 | 00,262,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP [On_Demand | Running])
[2004/08/04 08:00:00 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt [System | Stopped])
[2004/08/04 08:00:00 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi [System | Running])
[2004/08/04 08:00:00 | 00,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp [On_Demand | Stopped])
[2004/09/29 18:28:37 | 00,134,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat [On_Demand | Running])
[2004/08/04 08:00:00 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec [System | Running])
[2004/08/04 08:00:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp [Boot | Running])
[2004/08/04 08:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass [System | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2006/06/14 04:47:45 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,092,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD [Boot | Running])
[2008/02/12 00:06:51 | 00,025,416 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd [System | Running])
[2004/08/04 08:00:00 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass [System | Running])
[2001/08/17 13:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid [On_Demand | Running])
[2004/08/04 08:00:00 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr [Boot | Running])
[2007/12/18 05:51:35 | 00,179,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV [On_Demand | Running])
[2006/05/05 05:41:45 | 00,453,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb [System | Running])
[2004/08/04 08:00:00 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs [System | Running])
[2004/08/04 01:58:42 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV [On_Demand | Stopped])
[2004/08/04 01:58:40 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK [On_Demand | Stopped])
[2004/08/04 01:58:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios [On_Demand | Running])
[2004/08/04 08:00:00 | 00,107,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup [Boot | Running])
[2004/08/04 08:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
[2004/08/04 08:00:00 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi [On_Demand | Running])
[2004/08/04 08:00:00 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio [On_Demand | Running])
[2004/08/04 08:00:00 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan [On_Demand | Running])
[2004/08/04 08:00:00 | 00,038,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy [On_Demand | Running])
[2004/08/04 08:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS [System | Running])
[2004/08/04 08:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT [System | Running])
[2004/08/04 08:00:00 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs [System | Running])
[2007/02/09 07:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
[2004/08/04 08:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
[2007/12/05 02:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/02/11 06:11:02 | 00,089,856 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2005/02/11 06:11:32 | 00,016,640 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvcchflt.sys -- (nvcchflt [Boot | Running])
[2005/02/24 05:04:56 | 00,033,408 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2005/02/24 05:04:58 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2004/08/04 08:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport [On_Demand | Running])
[2004/08/04 08:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr [Boot | Running])
[2004/08/04 08:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm [Auto | Running])
[2004/08/04 02:07:48 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI [Boot | Running])
[2004/08/04 08:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2004/08/04 08:00:00 | 00,119,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport [On_Demand | Running])
[2004/01/07 05:04:00 | 00,339,488 | R--- | M] (Cisco-Linksys, LLC.) -- C:\WINDOWS\system32\drivers\WUSB20XP.sys -- (PRISM_A02 [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Running])
[2004/08/04 08:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched [On_Demand | Running])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/07/26 19:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 08:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd [System | Running])
[2004/08/04 08:00:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp [On_Demand | Running])
[2004/08/04 08:00:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe [On_Demand | Running])
[2004/08/04 08:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti [On_Demand | Running])
[2006/05/05 05:47:57 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss [System | Running])
[2004/08/04 08:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD [System | Running])
[2005/06/10 00:09:46 | 00,139,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD [On_Demand | Stopped])
[2004/08/03 18:59:38 | 00,057,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook [System | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/08/04 08:00:00 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum [On_Demand | Running])
[2004/08/04 08:00:00 | 00,064,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial [System | Running])
[2004/08/04 08:00:00 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy [System | Stopped])
[2006/06/14 04:47:46 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter [On_Demand | Stopped])
[2008/02/11 21:56:26 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2004/08/04 08:00:00 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys -- (sr [Boot | Running])
[2006/08/14 06:34:41 | 00,332,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv [On_Demand | Running])
[2004/08/04 08:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum [On_Demand | Running])
[2001/08/17 17:00:52 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi [On_Demand | Stopped])
[2004/08/04 02:15:56 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio [On_Demand | Running])
[2008/06/20 06:45:13 | 00,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip [System | Running])
[2004/08/04 08:00:00 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP [On_Demand | Stopped])
[2004/08/04 04:01:08 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD [System | Running])
[2004/08/04 08:00:00 | 00,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,209,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys -- (Update [On_Demand | Running])
[2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2004/08/03 23:08:48 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2004/08/04 08:00:00 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub [On_Demand | Running])
[2004/08/04 08:00:00 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci [On_Demand | Running])
[2004/08/04 00:01:26 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint [On_Demand | Stopped])
[2004/08/04 00:08:48 | 00,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys -- (VgaSave [System | Running])
[2004/08/04 08:00:00 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap [Boot | Running])
[2004/08/04 08:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp [On_Demand | Running])
[2006/06/14 05:00:45 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud [On_Demand | Running])
[2006/10/18 21:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])
[2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [Boot | Running])
[2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2005/10/17 19:50:06 | 00,245,376 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV [On_Demand | Running])
[2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"Start Page"=http://www.msn.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"Start Page"=http://www.msn.com

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (266744 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
9240 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (DT Soft Ltd.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (DT Soft Ltd.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]
"wininet.dll"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2006/10/11 00:26:40 | 00,544,032 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2006/10/11 00:26:40 | 00,544,032 | ---- | M] (Microsoft Corporation)
Add to Windows &Live Favorites: File not found
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/07/03 16:08:56 | 17,929,752 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Button: Absolute Poker -- %AllUsersProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{13C1DBF6-7535-495c-91F6-8C13714ED485}: Menu: Absolute Poker -- %AllUsersProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker File not found
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 16:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 21:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> %AllUsersProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found
CmdMapping\\{49783ED4-258D-4f9f-BE11-137C18D3E543} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 21:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKLM] -> %AllUsersProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found
CmdMapping\\{49783ED4-258D-4f9f-BE11-137C18D3E543} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{D45D9D5F-B491-4c95-8B05-FA6B6C69CA82} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Interealty.com: * is out of zone range (5)
MLXchange.com: * is out of zone range (5)
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Interealty.com: * is out of zone range (5)
MLXchange.com: * is out of zone range (5)
46 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- Reg Error: Key does not exist or could not be opened.
{05D44720-58E3-49E6-BDF6-D00330E511D3}: http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab -- StagingUI Object
{08B0E5C0-4FCB-11CF-AAA5-00401C608500}: https://www.topproduceronline.com/downloads/msjavx86.exe -- Microsoft VM
{0D859AF0-C75E-11D4-B760-00E0B81077E8}: http://cor.mlxchange.com/Control/FileCruiser.cab -- FileCruiser Class
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}: http://download.microsoft.com/download/a/f...tualEarth3D.cab -- Reg Error: Key does not exist or could not be opened.
{16FD824B-8E7B-11D2-9855-00802962956C}: http://sav.mlxchange.com/Control/Specfile.cab -- Specfile Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{254AA86E-5655-4518-AA87-185D7CC41801}: https://secure.logmeinrescue.com/TechConsol...scueControl.cab -- LogMeIn Rescue Technician Console
{284DAE3C-A691-11D3-AD58-00E0B8107A24}: http://sav.mlxchange.com/Control/SISC.cab -- SISCtrl Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab -- MSN Games – Buddy Invite
{49232000-16E4-426C-A231-62846947304B}: http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab -- SysData Class
{4989312D-58CF-11D5-A7D7-00E02911103E}: http://sav.mlxchange.com/Control/MultiSelectComboBox.cab -- Interealty MultiSelect
{5736C456-EA94-4AAC-BB08-917ABDD035B3}: http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab -- ZonePAChat Object
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1140527851687 -- MUWebControl Class
{6FD482A3-7B57-438B-B040-52CAA30147EE}: http://sav.mlxchange.com/Control/MLXClientUtils.cab -- MLXchange Client Utils
{78523E50-56EB-11D3-B739-CAA1986A452F}: http://sav.mlxchange.com/Control/LiteGrid.cab -- LiteGridCtl Class
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}: http://sympatico.zone.msn.com/bingame/amun...mjolauncher.cab -- MJLauncherCtrl Class
{809A6301-7B40-4436-A02C-87B8D3D7D9E3}: http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab -- ZPA_DMNO Object
{83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E}: http://sav.mlxchange.com/4.2.07.27/Control/IRCSharc.cab -- GeacRevw Control
{88D969C0-F192-11D4-A65F-0040963251E5}: http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab -- XML DOM Document 4.0
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8C63DABA-CBA8-4B5D-A0F7-AE00F2920929}: http://cdn2.zone.msn.com/Bingame/BRDG/data...s/heartbeat.cab -- Bridge Installer
{8D81ABB2-067E-4B3F-B942-87DAFF3DABEC}: https://www.topproduceronline.com/tpmedic/t...staller1100.cab -- Installer Class
{95B5D20C-BD31-4489-8ABF-F8C8BE748463}: http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab -- ZPA_HRTZ Object
{9BDF4724-10AA-43D5-BD15-AEA0D2287303}: http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab -- ZPA_TexasHoldem Object
{A4110378-789B-455F-AE86-3A1BFC402853}: http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab -- ZPA_SHVL Object
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{CAC181B0-4D70-402D-B571-C596A47D0CE0}: http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab -- CBankshotZoneCtrl Class
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41}: http://zone.msn.com/bingame/gold/default/gf.cab -- TikGames Online Control
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}: http://zone.msn.com/binframework/v10/StProxy.cab55579.cab -- MSN Games – Game Communicator
{E473A65C-8087-49A3-AFFD-C5BC4A10669B}: http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab -- Quantum Streaming IE Player Class
{E5D419D6-A846-4514-9FAD-97E826C84822}: http://fdl.msn.com/zone/datafiles/heartbeat.cab -- HeartbeatCtl Class
{F060A272-A18A-11D3-B75B-00E0B81077E8}: http://sav.mlxchange.com/Control/AspCustomCtrls.cab -- DropList Class
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.
PUFLITE: http://www.hinesville-homes.com/Office/Col...rol/PUFLITE.CAB -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{2CCE94D2-6EF5-4FAD-895C-9A98814BD1AC} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{B55AE1CE-4B2E-4332-9E0E-859BF3766035} (Servers: | Description: )
{B9D70C59-42AC-4C9B-A107-A9AE87F1B440} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{D06102AC-2D1E-4EC9-AA84-1EC17B0A0378} (Servers: | Description: Linksys Wireless-G USB Network Adapter)
{F726A09A-74B8-49A7-A23D-39BF42679A90} (Servers: | Description: Linksys Wireless-G USB Network Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/10/05 22:06:21 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>[2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

"UserInit"=C:\WINDOWS\system32\userinit.exe,
>[2004/08/04 08:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe

"UIHost"=logonui.exe
>[2004/08/04 08:00:00 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe

"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>[2007/10/25 23:36:51 | 08,454,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
>[2004/08/04 08:00:00 | 00,298,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sysdm.cpl


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
GoToMyPC: "DllName" = C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll -- C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd.exe (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
>[2004/08/04 08:00:00 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msapsspc.dll
>[2007/04/25 10:21:15 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
>[2004/08/04 08:00:00 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\digest.dll
>[2004/08/04 08:00:00 | 00,290,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msnsspc.dll

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,
>[2004/08/04 08:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,
>[2005/06/15 13:49:30 | 00,295,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kerberos.dll
>[2004/08/04 08:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msv1_0.dll
>[2007/04/25 10:21:15 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schannel.dll
>[2006/03/24 00:37:50 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdigest.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/10/03 19:58:11 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[autorun] | open=setup.exe | icon=PuzzleQuest.ico | ]
[2007/09/24 09:45:47 | 00,000,049 | R--- | M] () -- F:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c33830-d912-11dc-9d56-0018f832de75}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c33830-d912-11dc-9d56-0018f832de75}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c33830-d912-11dc-9d56-0018f832de75}\Shell\AutoRun\command]
""=F:\setup.exe -- [2007/09/25 17:35:20 | 90,544,048 | R--- | M] ()

========== Files/Folders - Created Within 60 Days ==========

[22 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/06 20:58:17 | 00,416,768 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTViewIt.exe
[2008/10/06 20:55:54 | 00,126,976 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ResetTeaTimer.exe
[2008/10/06 05:21:36 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/10/06 03:01:32 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/10/05 22:06:22 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/10/05 22:06:21 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/10/05 22:06:18 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/10/05 22:06:16 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/10/05 22:06:12 | 28,317,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/05 22:06:12 | 00,249,919 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/05 22:06:12 | 00,068,419 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/05 22:06:11 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/10/05 22:06:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/10/05 22:06:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVGTOOLBAR
[2008/10/05 22:02:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\vlc
[2008/10/05 22:01:47 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2008/10/05 20:17:52 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/05 20:17:52 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/05 20:12:01 | 00,180,178 | ---- | C] () -- C:\Documents and Settings\user\My Documents\cc_20081005_201158.reg
[2008/09/24 10:43:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\encarta
[2008/09/12 01:55:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2008/09/03 23:03:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Governor of Poker
[2008/09/03 10:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Righteous Kill
[2008/09/03 10:44:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Righteous Kill
[2008/09/02 21:19:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\The Mystery of the Crystal Portal
[2008/09/02 21:19:02 | 00,000,000 | ---D | C] -- C:\Program Files\The Mystery of the Crystal Portal
[2008/08/27 21:52:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\LimeWire
[2008/08/27 21:52:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\LimeWire
[2008/08/26 17:14:15 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/08/25 18:08:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Puzzle Quest
[2008/08/25 18:08:23 | 00,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2008/08/25 18:08:22 | 00,409,600 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2008/08/25 18:08:22 | 00,114,688 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2008/08/25 18:07:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\Puzzle Quest
[2008/08/25 18:07:44 | 00,000,000 | ---D | C] -- C:\Program Files\Puzzle Quest
[2008/08/18 14:38:28 | 00,919,594 | ---- | C] () -- C:\Documents and Settings\user\My Documents\cc_20080818_143823.reg
[2008/08/18 13:04:18 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\user\Desktop\CCleaner.lnk
[2008/08/18 13:04:17 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/08/18 13:02:31 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!

========== Files - Modified Within 60 Days ==========

[22 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/06 20:58:17 | 00,416,768 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTViewIt.exe
[2008/10/06 20:55:55 | 00,126,976 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ResetTeaTimer.exe
[2008/10/06 20:52:53 | 00,013,706 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/06 20:52:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/06 20:52:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/06 20:51:58 | 00,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/06 20:41:58 | 00,000,650 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/06 20:40:35 | 28,317,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/06 20:08:01 | 00,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/06 08:36:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2008/10/06 03:22:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/05 22:07:52 | 00,249,919 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/05 22:07:52 | 00,068,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/05 22:06:22 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/10/05 22:06:21 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/10/05 22:06:18 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/10/05 22:06:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/10/05 22:06:12 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/10/05 22:01:47 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2008/10/05 21:44:20 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\user\Desktop\µTorrent.lnk
[2008/10/05 20:17:52 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/05 20:17:52 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/05 20:12:05 | 00,180,178 | ---- | M] () -- C:\Documents and Settings\user\My Documents\cc_20081005_201158.reg
[2008/10/05 19:37:56 | 00,266,744 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/05 19:33:58 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Spybot - Search & Destroy.lnk
[2008/10/04 02:50:12 | 00,078,088 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/30 00:45:02 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/30 00:44:55 | 00,099,328 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/29 20:31:14 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\user\Desktop\CCleaner.lnk
[2008/08/26 17:17:37 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/08/26 13:28:14 | 16,208,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/08/25 18:08:23 | 00,409,600 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2008/08/25 18:08:22 | 00,114,688 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2008/08/18 14:38:36 | 00,919,594 | ---- | M] () -- C:\Documents and Settings\user\My Documents\cc_20080818_143823.reg

========== Custom Scans ==========


========== HijackThis Backups ==========

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080218-194246-191
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080218-194246-474
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)

C:\Program Files\Trend Micro\HijackThis\backups\backup-20080218-194246-795
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

C:\Program Files\Trend Micro\HijackThis\backups\backup-20081006-205740-659
O15 - Trusted Zone: http://*.packetnews.com

======= End HijackThis Backups =========

< End of report >



OTViewIt Extras logfile created on: 10/6/2008 8:59:30 PM - Run
OTViewIt by OldTimer - Version 1.0.10.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 98.42 Mb Available Physical Memory | 19.24% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 69.09% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 34.70 Gb Free Space | 23.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 154.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MY-BCFF96EF5289
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/10/05 23:31:39 | 01,949,696 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2004/08/04 08:00:00 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
[2007/01/01 17:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
File not found -- C:\Documents and Settings\user\Desktop\WinGate6.0.4.1025-USE.EXE:*:Enabled:WinGate 6.0.4 Installation
File not found -- C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2006/04/26 18:24:48 | 00,404,480 | ---- | M] () -- C:\Program Files\WinMX Music\WinMX Music.exe:*:Enabled:WinMX Music
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\PopCap Games\Pixelus Deluxe\Pixelus.exe:*:Enabled:Pixelus Game
File not found -- C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek
File not found -- C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2006/06/19 10:15:34 | 05,283,840 | ---- | M] () -- C:\Program Files\BeamFile\BeamFile.exe:*:Enabled:BeamFile
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
File not found -- C:\Program Files\Worms Forts Under Siege\Worms Forts Under Siege\WF.exe:*:Enabled:WF
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
File not found -- C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
[2008/10/05 21:44:20 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/02/01 01:13:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/02/01 01:12:57 | 00,103,736 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Ares\Ares.exe:*:Disabled:Ares
File not found -- C:\Program Files\PopCap Games\AstroPop Deluxe\WinAP.exe:*:Disabled:AstroPop Deluxe
File not found -- C:\Program Files\Azureus\Azureus.exe:*:Disabled:Azureus
File not found -- C:\Program Files\Black Isle\BGII - SoA\BGMain.exe:*:Disabled:Baldur's Gate II - Shadows of Amn
File not found -- C:\Program Files\Eidos Interactive\Pyro Studios\Praetorians\Praetorians.exe:*:Disabled:Praetorians
File not found -- C:\Program Files\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Disabled:Worms 4 Mayhem
[2007/12/14 01:57:24 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/10/05 22:06:05 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/09/28 10:06:02 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -- C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/01/29 10:08:23 | 00,868,352 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/08/04 08:00:00 | 01,428,480 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/08/24 07:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL http\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL http\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL https\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL https\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/05/26 22:04:27 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/05 22:06:09 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/04/11 14:50:43 | 00,683,520 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/05/26 22:04:27 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/08/04 08:00:00 | 01,428,480 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/06/24 10:57:40 | 03,592,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/08/04 08:00:00 | 00,075,776 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/10/24 02:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/10/24 02:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/10/24 02:47:38 | 00,282,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\mscoree.dll application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D} (HKLM) [Cor MIME Filter, CorFltr, CorFltr 1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} (HKLM) [AP Class Install Handler filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/06/23 12:57:40 | 01,159,680 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/10/25 23:36:51 | 08,454,656 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{117CD9C0-0F15-4633-93D7-F957B50535A5}"=Popup Blocker (Windows Live Toolbar)
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}"=Sony ACID Pro 6.0
"{2B5A75F0-FD85-4094-AB00-94902398D192}"=Sony Media Manager 2.2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}"=Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3F99D180-34C3-4151-8C6C-86FC5D7BDFBD}"=Hoyle Casino
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}"=OneCare Advisor (Windows Live Toolbar)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}"=GoToMyPC
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}"=Microsoft Office Converter Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{85A52A89-81D8-4736-BF5D-032AC2CD61E5}"=eFax Messenger 4.2
"{873D68B3-EDE5-4DFD-85AC-FFC430FB7EE2}"=Form Viewer
"{8C5766F2-81D9-4B5A-8AD5-A8BD6361EF0A}"=Hoyle Card Games
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}"=Smart Menus (Windows Live Toolbar)
"{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}"=Windows Live Toolbar
"{A40D6757-B145-4FE7-B694-89180A9F3F64}"=Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}"=Dungeon Siege 2 Broken World
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}"=Windows Defender Signatures
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{AC76BA86-1033-F400-7760-000000000003}"=Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}"=Linksys Wireless-G USB Network Adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D60D2B02-125F-4DDB-9674-41DD538C457A}"=Sony Media Manager 2.0
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}"=Windows Live Favorites for Windows Live Toolbar
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E031338C-839D-4EDD-9537-99B653C39D81}"=Autodesk MapGuide® Viewer ActiveX Control Release 6.5
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}"=Map Button (Windows Live Toolbar)
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}"=Nero Mega Plugin Pack
"{F4AB51DC-0F2E-4723-A52F-10EA3769CE59}"=Windows Media Player Tag Support Extender
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}"=Form Fill (Windows Live Toolbar)
"{F652D238-5F29-42D5-BAF3-0115EF977EC2}"=Windows Live Sign-in Assistant
"{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}"=Hoyle Puzzle and Board Games
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Adobe Acrobat 8 Professional - English, Français, Deutsch"=Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe SVG Viewer"=Adobe SVG Viewer 6.0
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"ASAPI Update"=ASAPI Update
"AVG8Uninstall"=AVG Free 8.0
"BeamFile"=BeamFile
"CCleaner"=CCleaner (remove only)
"DVD43_is1"=DVD43 v3.9.0
"ENTERPRISE"=Microsoft Office Enterprise 2007
"GPL Ghostscript_is1"=Docudesk GPL Ghostscript 8.15
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"KB917013"=Windows Desktop Search 3.01
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Messenger Plus! Live"=Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"mIRC"=mIRC
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin"=Messenger Plus! 3
"MSN Music Assistant"=MSN Music Assistant
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"OpenAL"=OpenAL
"pdfFactory"=pdfFactory
"PokerStars"=PokerStars
"SystemRequirementsLab"=System Requirements Lab
"Virtual DJ - Atomix Productions"=Virtual DJ - Atomix Productions
"VLC media player"=VLC media player 0.9.2
"WIC"=Windows Imaging Component
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1"=Xvid 1.1.3 final uninstall
"XviDDec"=Nic's XviD Decoder
"ys12_cmp"=YsI & II COMPLETE

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-616249376-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/5/2008 7:06:29 AM | Computer Name = MY-BCFF96EF5289 | Source = ESENT | ID = 482
Description = wuauclt (3548) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system
error 112 (0x00000070): "There is not enough space on the disk. ". The write operation
will fail with error -1808 (0xfffff8f0). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 9/5/2008 7:06:29 AM | Computer Name = MY-BCFF96EF5289 | Source = ESENT | ID = 439
Description = wuauclt (3548) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1808.

Error - 9/5/2008 7:06:30 AM | Computer Name = MY-BCFF96EF5289 | Source = ESENT | ID = 482
Description = wuauclt (3248) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system
error 112 (0x00000070): "There is not enough space on the disk. ". The write operation
will fail with error -1808 (0xfffff8f0). If this error persists then the file
may be damaged and may need to be restored from a previous backup.

Error - 9/5/2008 7:06:30 AM | Computer Name = MY-BCFF96EF5289 | Source = ESENT | ID = 439
Description = wuauclt (3248) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb.
Error -1808.

Error - 9/9/2008 2:20:55 AM | Computer Name = MY-BCFF96EF5289 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 9/18/2008 9:07:12 AM | Computer Name = MY-BCFF96EF5289 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module xvid.ax, version 0.0.0.0, fault address 0x0004de00.

Error - 9/24/2008 2:00:52 AM | Computer Name = MY-BCFF96EF5289 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 9/29/2008 1:29:23 AM | Computer Name = MY-BCFF96EF5289 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module xvid.ax, version 0.0.0.0, fault address 0x0003d928.

Error - 9/30/2008 12:45:09 AM | Computer Name = MY-BCFF96EF5289 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 9/30/2008 12:45:51 AM | Computer Name = MY-BCFF96EF5289 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

[ OSession Events ]
Error - 3/13/2008 12:06:53 PM | Computer Name = MY-BCFF96EF5289 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2044
seconds with 780 seconds of active time. This session ended with a crash.

Error - 3/13/2008 12:16:51 PM | Computer Name = MY-BCFF96EF5289 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 430
seconds with 240 seconds of active time. This session ended with a crash.

Error - 4/4/2008 12:13:21 AM | Computer Name = MY-BCFF96EF5289 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 105
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/13/2008 12:32:50 AM | Computer Name = MY-BCFF96EF5289 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6045
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/5/2008 9:37:06 PM | Computer Name = MY-BCFF96EF5289 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/6/2008 3:06:32 AM | Computer Name = MY-BCFF96EF5289 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 10/6/2008 3:06:32 AM | Computer Name = MY-BCFF96EF5289 | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 10/6/2008 3:21:30 AM | Computer Name = MY-BCFF96EF5289 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 10/6/2008 3:21:30 AM | Computer Name = MY-BCFF96EF5289 | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 10/6/2008 3:30:46 AM | Computer Name = MY-BCFF96EF5289 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/6/2008 8:37:22 AM | Computer Name = MY-BCFF96EF5289 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/6/2008 8:56:50 AM | Computer Name = MY-BCFF96EF5289 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/6/2008 8:38:31 PM | Computer Name = MY-BCFF96EF5289 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 10/6/2008 8:53:03 PM | Computer Name = MY-BCFF96EF5289 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:59 PM

Posted 07 October 2008 - 04:55 PM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent and LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the file(s) and folder(s) in bold (if present):

    C:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\winmx_music_42l.exe <------ this file
    C:\Program Files\WinMX Music <---- this folder

  • You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon. Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java™ 6 Update 4
    Java™ 6 Update 5


  • I see on your log that Pokerstar is installed on your computer:

    This program is known to be related to adware/spyware. More information here: http://www.bleepingcomputer.com/uninstall/...rStars.net.html
    You may uninstall it from "Add or Remove Programs" by clicking on the following entries and selecting "remove":

    PokerStars

    Also remove the folder in bold: C:\Program Files\PokerStars

  • I see no apparent infection on the logs. We are going to run Combofix to dig deeper. But One of the reasons Windows explorer crashes is xvid.ax which is a part of XviD software. You have to uninstall the software, clean the explorer cache and later on when the computer functions normally decide on reinstalling or finding an alternative software:
    • Go to add/remove programs and uninstall Nic's XviD Decoder.
    • Then use also Xvid 1.1.3 final uninstall to uninstall its codec.
  • We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully.

    You have to install the Recovery Console before running the tool because Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Instruction to install Recovery Console :

    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System


    Posted Image


    Download the file & save it as it's originally named, next to ComboFix.exe.


    Posted Image


    Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
    • At the next prompt, click 'Yes' to run the full ComboFix scan.

      Posted Image
    • When the tool is finished, it will produce a report for you.
    Please copy and paste the content of C:\ComboFix.txt for further review.

  • Open notepad, make sure the wordwrap under format menu is not selected
    Copy and paste the text in the code box in it:

    if exist Export.txt del /q Export.txt
    regedit /e Check1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
    regedit /e Check2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer"
    Type Check*.txt > Export.txt
    del /q Check*.txt 
    notepad Export.txt
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: look.bat
    • Save as type: All files.
    • Click save
    • Close the Notepad.
    • Locate and double-click look.bat on the desktop.
    • Notepad will open with some text in it. Copy and paste the contents (Export.txt) in your next reply.
  • Please visit URL=http://www.billsway.com/vbspage/.
    • Scroll down the page to "Registry Search Tool".
    • Download RegSrch.zip and extract it to your desktop.
    • Doubleclick RegSrch.vbs to run the program.
    • Copy/paste in the search window: xvid.ax
    • After the search is done a WordPad opens with a report.
    • Copy and paste the content of the report to your reply.
  • Please copy and paste a fresh Hijackthis log to your reply.
Please copy/paste in your next reply:
  • The Combofix log.
  • The content of export.txt.
  • The result of RegSearch.
  • A fresh Hijackthis log.


#5 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 07 October 2008 - 09:42 PM

There was no wordpad that came up for regsearch it did however say that no instances of xvid.ax detected.

ComboFix 08-10-07.06 - user 2008-10-07 22:11:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.195 [GMT -4:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.

2008-10-07 21:53 . 2008-10-07 21:53 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-06 05:21 . 2008-10-06 05:21 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-06 03:01 . 2008-10-06 03:22 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-10-05 22:06 . 2008-10-06 20:40 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-05 22:06 . 2008-10-06 09:00 <DIR> d-------- C:\Documents and Settings\user\Application Data\AVGTOOLBAR
2008-10-05 22:06 . 2008-10-05 22:06 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-05 22:06 . 2008-10-05 22:06 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-05 22:02 . 2008-10-05 23:02 <DIR> d-------- C:\Documents and Settings\user\Application Data\vlc
2008-09-12 01:55 . 2008-09-17 15:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 01:51 --------- d-----w C:\Program Files\Java
2008-10-08 01:43 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent
2008-10-07 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-07 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-06 02:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-06 01:52 --------- d-----w C:\Program Files\Common Files\Real
2008-10-06 01:50 --------- d-----w C:\Program Files\Steinberg
2008-10-06 01:50 --------- d-----w C:\Program Files\SpacialAudio
2008-10-06 01:45 --------- d-----w C:\Program Files\Yahoo!
2008-10-06 00:17 --------- d-----w C:\Program Files\Lavasoft
2008-10-06 00:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-06 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-05 23:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-27 19:47 --------- d-----w C:\Documents and Settings\user\Application Data\Hoyle Card Games
2008-09-12 23:45 --------- d-----w C:\Program Files\The Mystery of the Crystal Portal
2008-09-04 02:58 --------- d-----w C:\Documents and Settings\user\Application Data\Righteous Kill
2008-08-30 14:50 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-08-25 22:08 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-25 22:08 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-08-25 22:08 --------- d-----w C:\Program Files\OpenAL
2008-08-18 17:04 --------- d-----w C:\Program Files\CCleaner
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-11 06:05 59,488 ----a-w C:\WINDOWS\system32\GenSvcInst.exe
2008-07-11 06:05 145,504 ----a-w C:\WINDOWS\system32\bgsvcgen.exe
2008-07-11 01:43 10,752 ------w C:\WINDOWS\system32\pxwma.dll
2008-02-01 05:06 22,328 ----a-w C:\Documents and Settings\user\Application Data\PnkBstrK.sys
2006-07-23 22:01 563,712 ----a-w C:\Documents and Settings\user\gotomypc_370.exe
2006-07-17 10:35 3,167,744 ----a-w C:\Documents and Settings\user\gosetup.exe
2006-04-22 20:01 563,712 ----a-w C:\Documents and Settings\user\370_gotomypc.exe
2001-06-28 00:00 176,128 ----a-r C:\Documents and Settings\Temp\fsetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-05 1234712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2005-05-04 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2007-01-12 17:45 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.2.lnk
backup=C:\WINDOWS\pss\eFax 4.2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Documents and Settings\user\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\user\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 09:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2006-05-22 14:26 694272 C:\Program Files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.2]
--a------ 2006-07-14 16:36 107008 C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 17:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
--a------ 2007-01-12 17:45 249904 C:\Program Files\Citrix\GoToMyPC\g2svc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-16 19:50 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-10-11 19:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3]
--a------ 2007-04-20 14:42 503808 C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\BeamFile\\BeamFile.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10240]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-05 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-05 231704]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe [ ]

*Newly Created Service* - GTNDIS5
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-10-11 00:25]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
MSConfigStartUp-a-squared - C:\Program Files\a-squared Anti-Malware\a2guard.exe
MSConfigStartUp-COMMUNICATOR - C:\Program Files\Microsoft Office Communicator\Communicator.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lav8htol.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.msn.com
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 22:14:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-07 22:19:31
ComboFix-quarantined-files.txt 2008-10-08 02:18:27

Pre-Run: 27,437,211,648 bytes free
Post-Run: 27,477,082,112 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

194 --- E O F --- 2008-10-06 07:22:11







Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=dword:00000000
"NoDriveTypeAutoRun"=dword:000000e3
"NoDrives"=dword:00000000
"NoDriveAutoRun"=dword:03ffffff

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:19 PM, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PUFLITE - http://www.hinesville-homes.com/Office/Col...rol/PUFLITE.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://cor.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://sav.mlxchange.com/Control/Specfile.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsol...scueControl.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://sav.mlxchange.com/Control/SISC.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sav.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140527851687
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sav.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://sav.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://sympatico.zone.msn.com/bingame/amun...mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sav.mlxchange.com/4.2.07.27/Control/IRCSharc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {8C63DABA-CBA8-4B5D-A0F7-AE00F2920929} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/data...s/heartbeat.cab
O16 - DPF: {8D81ABB2-067E-4B3F-B942-87DAFF3DABEC} (Installer Class) - https://www.topproduceronline.com/tpmedic/t...staller1100.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://sav.mlxchange.com/Control/AspCustomCtrls.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 13106 bytes

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:59 PM

Posted 08 October 2008 - 07:01 AM

The logs all looks OK. The problem seems not malware related. With removing the software causing explorer to crash I expect no irregularity on that. I suggest you run the computer for some time, use explorer, open My Documents folder and see how it runs.

Then run another OTViewIt scan, post both logs and tell me how is your computer running.

#7 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 08 October 2008 - 08:47 AM

Ok I will do that

#8 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 10 October 2008 - 04:13 PM

It hasn't restarted itself automatically anymore, no more freezing and my explorer doesn't crash anymore. Thx. What's next?

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:59 PM

Posted 10 October 2008 - 04:32 PM

Good.
  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

  • Please run OTViewIt.
    • Click Clean Up button.
    • Accept any prompts.
    • This will remove any tools we used, including OTViewIt, and will require a reboot.
  • Your log looks clean. But your computer is still very much susceptible in particular to hacking and intrusion from outside. I strongly advise you to install a firewall before surfing. The windows firewall is not good enough. The Windows firewall provides protection from outside threats as long as the malware is not on your system. When the malware gets to your computer Windows firewall is no more effective. You find more information on firewalls below.
    Click for more information on:Understanding and Using Firewalls

    There are several good free programs available like:
    Sunbelt-Kerio
    Comodo Firewall Pro
    Online Armor Free edition
    Note: If you choose to install Comodo. Uncheck Ask Toolbar while you are installing the software.

  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC. Windows XP Service Pack 2 is now outdated. Microsoft has recently released Service Pack 3 which has more features and is more secure than Service Pack 2. You may update your Windows via Windows update.

    You can update by going to start > All Programs > Windows update > click on Custom button.
  • Install Javacools© SpywareBlaster -
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link here.

Do you have any question?

#10 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 10 October 2008 - 05:01 PM

I'm going thru the instructions but nothing happens when I click clean up in OTViewIt.

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:59 PM

Posted 10 October 2008 - 11:20 PM

You may remove it from the desktop.

#12 Darkumas

Darkumas
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 11 October 2008 - 07:50 AM

I have done everything you suggested. Thank you.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:59 PM

Posted 11 October 2008 - 08:40 AM

Glad I could help.

This thread will now be closed.
If you need this topic reopened, please send me a PM and I will reopen it for you.
Include the address of this thread in your request.

If you should have a new issue, please start a new topic.

This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users