Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log Please Help Diagnose


  • This topic is locked This topic is locked
12 replies to this topic

#1 CaESaRZN

CaESaRZN

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:South Africa
  • Local time:12:30 AM

Posted 08 October 2008 - 07:32 AM

I Have posted previosuly asking for assitance and have come across http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
SO I now decided to post the HJT Log of my pc....

My PC does not boot up sometimes and also sometimes just goes to Blue Screen Error
DRIVER_IRQL_NOT_LESS_OR_EQUAL
0x000000D1(0x000B0003,0x000000FF,0x00000000,0x000B0003)

Those are the only details I see on the Blue Screen of Death

I would really appreciate it if someone would be able to help me diagnose the log and try to find out why I have the following errors in event viewer:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 08/10/2008
Time: 02:43:21 AM
User: N/A
Computer: CAESARS-PC
Description:
The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 08/10/2008
Time: 02:43:21 AM
User: N/A
Computer: CAESARS-PC
Description:
Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 08/10/2008
Time: 02:43:21 AM
User: NT AUTHORITY\SYSTEM
Computer: CAESARS-PC
Description:
DCOM got error "The service did not respond to the start or control request in a timely fashion. " attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: BROWSER
Event Category: None
Event ID: 8021
Date: 08/10/2008
Time: 01:15:08 AM
User: N/A
Computer: CAESARS-PC
Description:
The browser was unable to retrieve a list of servers from the browser master \\OJS-PC on the network \Device\NetBT_Tcpip_{AAA456CE-1B22-4D99-A946-32DC3D9F213E}. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 35 00 00 00 5...

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 08/10/2008
Time: 01:00:16 AM
User: N/A
Computer: CAESARS-PC
Description:
The following boot-start or system-start driver(s) failed to load:
IntelIde
oreans32

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: BROWSER
Event Category: None
Event ID: 8021
Date: 08/10/2008
Time: 12:45:57 AM
User: N/A
Computer: CAESARS-PC
Description:
The browser was unable to retrieve a list of servers from the browser master \\AYESHA-LAPTOP on the network \Device\NwlnkNb. The data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 35 00 00 00 5...

BELOW THIS IS MY HJT LOG



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:09:36 PM, on 08/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iolo\Search and Recover 3\DiskImageService.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\All Users\Documents\REG CLEANERS\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [Search and Recover Disk Image Service] "C:\Program Files\iolo\Search and Recover 3\DiskImageService.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://diagnostic.amadeus.com
O15 - Trusted Zone: http://diagnostic.1a.amadeus.net
O15 - Trusted Zone: http://*.amadeuscruise.com
O15 - Trusted Zone: http://*.amadeusferry.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: http://*.amadeuscruise.com (HKLM)
O15 - Trusted Zone: http://*.amadeusferry.com (HKLM)
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://www.blueprintonline.co.za/public/BP...ing/ScriptX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.flatcast.com/de/download/NpFv412.dll
O16 - DPF: {469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA} (Amadeus DS Diagnostic Class) - http://diagnostic.amadeus.com/travelagenci..._Diagnostic.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E90EF4C9-1476-4C49-B926-97C7D9D30A06} (Certificates_Info Class) - http://certificates.amadeusvista.com/certi...CCCert_Info.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAA456CE-1B22-4D99-A946-32DC3D9F213E}: NameServer = 168.210.2.2,196.33.95.10
O18 - Protocol: bw+0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {697E7FAE-A2E9-4054-9663-49D71D95D38A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 26649 bytes



ANY HELP WOULD BE GREATLY REMEMBERED AND APPRECIATED.

THANKS FOR THE GREAT SITE THOUGH.ITS GREAT TO HAVE SOMEWHERE TO GO WHEN YOU NEED HELP!

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:30 PM

Posted 15 October 2008 - 11:02 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 CaESaRZN

CaESaRZN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:South Africa
  • Local time:12:30 AM

Posted 16 October 2008 - 11:02 AM

Thanks for geting back to me. As requested, here are the two logs from OTViewIT

I will post the kaspersky log as soon as the scan finihes.

OTViewIt logfile created on: 16/10/2008 02:07:59 PM - Run
OTViewIt by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\CaESaR\Desktop\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 159.71 Mb Available Physical Memory | 31.22% Memory free
1.22 Gb Paging File | 0.60 Gb Available in Paging File | 49.55% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.09 Gb Total Space | 17.86 Gb Free Space | 46.90% Space Free | Partition Type: NTFS
Drive D: | 38.09 Gb Total Space | 26.81 Gb Free Space | 70.40% Space Free | Partition Type: NTFS
Drive E: | 35.61 Gb Total Space | 9.99 Gb Free Space | 28.05% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAESARS-PC
Current User Name: CaESaR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/04 05:02:57 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/07/20 00:40:48 | 00,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2007/07/20 00:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2006/06/15 00:07:42 | 00,305,664 | ---- | M] (XIMETA, Inc.) -- C:\Program Files\NDAS\System\ndassvc.exe
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2007/12/19 20:07:44 | 00,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
[2008/07/03 20:40:04 | 01,155,072 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
[2005/08/04 05:02:57 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/09/11 17:08:45 | 01,261,568 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
[2008/04/14 02:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2002/04/11 20:47:52 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe
[2002/03/22 06:41:56 | 00,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/09/15 19:39:26 | 00,368,640 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
[2007/06/18 15:10:32 | 00,271,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[2007/07/25 16:02:54 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
[2007/07/25 16:06:30 | 02,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
[2007/06/15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
[2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2004/12/14 02:12:02 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[2006/02/20 16:24:08 | 00,282,112 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Search and Recover 3\DiskImageService.exe
[2006/06/15 00:07:50 | 00,220,672 | ---- | M] (XIMETA, Inc.) -- C:\Program Files\NDAS\System\ndasmgmt.exe
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/07/25 16:02:32 | 00,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
[2008/08/23 07:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/05/26 22:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe
[2008/05/26 22:17:56 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchfilterhost.exe
[2008/10/16 14:06:30 | 00,420,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CaESaR\Desktop\Downloads\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/04/10 01:30:01 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/04 05:02:57 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/08/05 21:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2008/07/03 20:40:04 | 01,155,072 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
[2007/07/20 00:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
[2007/07/20 00:40:48 | 00,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2007/07/20 00:42:30 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2005/08/20 17:18:35 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2006/06/15 00:07:42 | 00,305,664 | ---- | M] (XIMETA, Inc.) -- C:\Program Files\NDAS\System\ndassvc.exe -- (ndassvc [Auto | Running])
[2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Disabled | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/09/20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2002/05/24 14:46:13 | 00,077,824 | R--- | M] (HP) -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11 [Disabled | Stopped])
[2007/06/15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/09/11 17:08:45 | 01,261,568 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe -- (VSSERV [Auto | Running])
[2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])
[2007/12/19 20:07:44 | 00,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- (XCOMM [Auto | Running])

========== Driver Services ==========

[2004/10/08 03:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2005/11/21 07:48:21 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
[2005/08/04 05:10:16 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/07/03 20:39:58 | 00,086,792 | ---- | M] (BitDefender SRL) -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf [On_Demand | Running])
[2008/01/07 17:41:34 | 00,196,368 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
[2008/02/12 19:27:21 | 00,156,688 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
[2008/01/22 17:40:52 | 00,008,320 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
[2008/04/13 20:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008/04/13 20:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])
[2008/04/13 20:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008/06/13 13:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/13 20:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2008/07/30 09:04:24 | 00,023,808 | ---- | M] (iAnywhere Solutions) -- C:\WINDOWS\system32\drivers\btiausb.sys -- (BTIAUSB [On_Demand | Running])
[2008/08/02 10:22:12 | 00,453,120 | ---- | M] (iAnywhere Solutions) -- C:\WINDOWS\system32\drivers\btprot.sys -- (BTPROT [On_Demand | Running])
[2003/10/15 03:53:20 | 00,186,100 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k [On_Demand | Running])
[2003/09/19 03:47:22 | 00,496,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2001/08/17 14:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
[2003/08/28 10:24:08 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k [On_Demand | Running])
[2003/08/28 10:24:24 | 00,136,448 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k [On_Demand | Running])
[2004/08/22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [Boot | Running])
[2004/08/22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [Boot | Running])
[2002/05/24 14:46:13 | 00,050,896 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11 [On_Demand | Stopped])
[2002/05/24 14:46:13 | 00,016,112 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11 [On_Demand | Stopped])
[2002/05/24 14:46:13 | 00,050,276 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11 [On_Demand | Stopped])
[2002/05/24 14:46:13 | 00,018,928 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11 [On_Demand | Stopped])
[2005/01/27 03:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2003/08/28 10:24:36 | 00,145,504 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia [On_Demand | Running])
[2007/02/25 00:00:00 | 00,048,896 | ---- | M] (WinAbility® Software Corporation) -- C:\Program Files\Folder Guard Pro\FGUARD32.SYS -- (FGUARD32 [On_Demand | Stopped])
[2006/01/18 06:33:00 | 00,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk [System | Running])
[2007/05/11 17:31:48 | 00,022,560 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Running])
[2008/04/13 20:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2001/11/08 10:53:54 | 00,018,120 | R--- | M] ( ) -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x [On_Demand | Running])
[2003/08/28 10:22:04 | 00,823,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2003/08/28 10:22:20 | 00,135,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k [On_Demand | Stopped])
[2008/04/13 20:46:30 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys -- (HidBth [On_Demand | Stopped])
[2001/08/17 14:05:44 | 00,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5 [On_Demand | Stopped])
[2002/04/11 20:47:52 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter [On_Demand | Running])
[2008/04/13 20:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2008/03/22 23:37:20 | 00,113,896 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler [On_Demand | Running])
[2006/06/15 00:08:18 | 00,140,416 | ---- | M] (XIMETA, Inc.) -- C:\WINDOWS\system32\drivers\lfsfilt.sys -- (lfsfilt [Boot | Running])
[2006/06/15 00:07:30 | 00,044,288 | ---- | M] (XIMETA, Inc.) -- C:\WINDOWS\system32\drivers\lpx.sys -- (lpx [Boot | Running])
[2007/07/20 00:37:56 | 02,109,592 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap [On_Demand | Running])
[2007/07/20 00:39:50 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv [On_Demand | Running])
[2007/05/11 17:30:04 | 01,921,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt [On_Demand | Running])
[2007/07/18 17:42:42 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2005/12/09 15:37:42 | 00,016,768 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon [On_Demand | Stopped])
[2007/05/11 17:31:22 | 00,041,888 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2007/05/11 17:31:36 | 03,580,832 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Running])
[2002/02/26 12:34:40 | 00,029,076 | R--- | M] (Mobile Action Tech. Inc.) -- C:\WINDOWS\system32\drivers\MA-620.sys -- (MA-620 [On_Demand | Running])
[2007/09/05 01:46:34 | 00,092,544 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Stopped])
[2007/08/15 07:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\system32\drivers\n558.sys -- (n558 [On_Demand | Stopped])
[2001/08/18 08:00:00 | 00,098,176 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NBF.SYS -- (Nbf [Auto | Running])
[2006/06/15 00:07:30 | 00,061,952 | ---- | M] (XIMETA, Inc.) -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus [On_Demand | Running])
[2006/06/15 00:07:30 | 00,130,560 | ---- | M] (XIMETA, Inc.) -- C:\WINDOWS\system32\drivers\ndasscsi.sys -- (ndasscsi [On_Demand | Stopped])
[2007/02/22 10:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])
[2007/02/22 10:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])
[2007/02/22 10:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])
[2007/02/22 10:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])
[2008/04/13 20:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2001/10/05 02:15:34 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2001/10/05 02:15:34 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2003/08/28 10:24:06 | 00,113,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2003/03/05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT [Auto | Running])
[2007/07/12 00:32:44 | 00,012,800 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Stopped])
[2001/10/05 02:16:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/07/27 01:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/04/13 20:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2008/02/25 12:54:56 | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2006/08/28 14:22:46 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE26bus.sys -- (SE26bus [On_Demand | Stopped])
[2006/08/28 14:22:50 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE26mdfl.sys -- (SE26mdfl [On_Demand | Stopped])
[2006/08/28 14:22:52 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE26mdm.sys -- (SE26mdm [On_Demand | Stopped])
[2006/08/28 14:22:56 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE26mgmt.sys -- (SE26mgmt [On_Demand | Stopped])
[2006/08/28 14:22:58 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se26nd5.sys -- (se26nd5 [On_Demand | Stopped])
[2006/08/28 14:23:00 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE26obex.sys -- (SE26obex [On_Demand | Stopped])
[2006/08/28 14:23:06 | 00,090,768 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se26unic.sys -- (se26unic [On_Demand | Stopped])
[2007/11/13 12:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/09/27 17:00:53 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
[2007/07/10 07:00:42 | 00,036,736 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Stopped])
[2008/02/18 11:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2006/03/13 17:55:36 | 00,058,256 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w900bus.sys -- (w900bus [On_Demand | Stopped])
[2006/03/13 17:55:42 | 00,008,336 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w900mdfl.sys -- (w900mdfl [On_Demand | Stopped])
[2006/03/13 17:55:44 | 00,094,064 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w900mdm.sys -- (w900mdm [On_Demand | Stopped])
[2006/03/13 17:55:52 | 00,085,504 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w900mgmt.sys -- (w900mgmt [On_Demand | Stopped])
[2006/03/13 17:55:54 | 00,083,440 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w900obex.sys -- (w900obex [On_Demand | Stopped])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.msn.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=http://my.yahoo.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=
"SearchAssistant"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"SearchMigratedDefaultName"=Yahoo! Search
"SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
"Start Page"=http://my.yahoo.com/

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=
"SearchAssistant"=

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (265214 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 163ns.com
9212 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} (HKLM) -- C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}" (HKLM) -- C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" (BitDefender S.R.L.)
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" (BitDefender)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon (CANON INC.)
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" ()
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup ()
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup (Nokia)
"POINTER"=C:\Program Files\Microsoft Hardware\Mouse\point32.exe (Microsoft Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"UpdReg"=C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
"Search and Recover Disk Image Service"="C:\Program Files\iolo\Search and Recover 3\DiskImageService.exe" (iolo technologies, LLC)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
"Search and Recover Disk Image Service"="C:\Program Files\iolo\Search and Recover 3\DiskImageService.exe" (iolo technologies, LLC)
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========

[2008/09/03 11:27:30 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
[2006/06/15 00:07:50 | 00,220,672 | ---- | M] (XIMETA, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoSMConfigurePrograms"=1
"StartMenuLogOff"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoSMConfigurePrograms"=1
"StartMenuLogOff"=0

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Yahoo! Search: File not found
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&Yahoo! Search: File not found
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004/12/14 02:13:40 | 00,225,280 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Yahoo! &Dictionary: File not found
Yahoo! &Maps: File not found
Yahoo! &SMS: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2007/12/13 00:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{5C106A59-CC3C-4caa-81A4-6D909B5ACE23}: Menu: &KeyScrambler... -- %ProgramFiles%\KeyScrambler\KeyScramblerIE.dll [2008/04/17 11:02:37 | 00,755,688 | ---- | M] (QFX Software Corporation)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- File not found
{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}: Button: Add to VideoGet -- %ProgramFiles%\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll [2008/04/07 16:06:14 | 00,449,536 | ---- | M] (Nuclear Coffee Software)
{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}: Menu: Add to &VideoGet -- %ProgramFiles%\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll [2008/04/07 16:06:14 | 00,449,536 | ---- | M] (Nuclear Coffee Software)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{B863453A-26C3-4e1f-A54D-A2CD196348E9}: Button: ICQ Lite -- %ProgramFiles%\ICQLite\ICQLite.exe [2005/04/10 15:13:28 | 02,904,660 | ---- | M] (ICQ Ltd.)
{B863453A-26C3-4e1f-A54D-A2CD196348E9}: Menu: ICQ Lite -- %ProgramFiles%\ICQLite\ICQLite.exe [2005/04/10 15:13:28 | 02,904,660 | ---- | M] (ICQ Ltd.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/13 00:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{5C106A59-CC3C-4caa-81A4-6D909B5ACE23} [HKLM] -> %ProgramFiles%\KeyScrambler\KeyScramblerIE.dll [&KeyScrambler...] -> [2008/04/17 11:02:37 | 00,755,688 | ---- | M] (QFX Software Corporation)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Uninstall BitDefender Online Scanner v8] -> File not found
CmdMapping\\{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} [HKLM] -> %ProgramFiles%\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll [Add to VideoGet] -> [2008/04/07 16:06:14 | 00,449,536 | ---- | M] (Nuclear Coffee Software)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKLM] -> %ProgramFiles%\ICQLite\ICQLite.exe [ICQ Lite] -> [2005/04/10 15:13:28 | 02,904,660 | ---- | M] (ICQ Ltd.)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/13 00:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{5C106A59-CC3C-4caa-81A4-6D909B5ACE23} [HKLM] -> %ProgramFiles%\KeyScrambler\KeyScramblerIE.dll [&KeyScrambler...] -> [2008/04/17 11:02:37 | 00,755,688 | ---- | M] (QFX Software Corporation)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Uninstall BitDefender Online Scanner v8] -> File not found
CmdMapping\\{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} [HKLM] -> %ProgramFiles%\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll [Add to VideoGet] -> [2008/04/07 16:06:14 | 00,449,536 | ---- | M] (Nuclear Coffee Software)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKLM] -> %ProgramFiles%\ICQLite\ICQLite.exe [ICQ Lite] -> [2005/04/10 15:13:28 | 02,904,660 | ---- | M] (ICQ Ltd.)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
amadeuscruise.com\*: http in Computer
amadeusferry.com\*: http in Computer
amadeusproweb.com\*: http in Computer
amadeusvista.com\*: http in Computer
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
amadeus.com\diagnostic: http in My Computer
amadeus.net\diagnostic.1a: http in My Computer
amadeuscruise.com: https in Trusted sites
amadeuscruise.com\*: http in My Computer
amadeusferry.com\*: http in My Computer
amadeusproweb.com\*: http in My Computer
amadeusvista.com\*: http in My Computer
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
amadeus.com\diagnostic: http in My Computer
amadeus.net\diagnostic.1a: http in My Computer
amadeuscruise.com: https in Trusted sites
amadeuscruise.com\*: http in My Computer
amadeusferry.com\*: http in My Computer
amadeusproweb.com\*: http in My Computer
amadeusvista.com\*: http in My Computer
50 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://www.apple.com/qtactivex/qtplugin.cab -- QuickTime Object
{1663ed61-23eb-11d2-b92f-008048fdd814}: https://www.blueprintonline.co.za/public/BP...ing/ScriptX.cab -- MeadCo ScriptX
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/pub/shock...director/sw.cab -- Shockwave ActiveX Control
{233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{40BF816B-D862-41B9-9445-ECA36D5F67F9}: http://www.flatcast.com/de/download/NpFv412.dll -- Flatcast Viewer 4.12
{469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA}: http://diagnostic.amadeus.com/travelagenci..._Diagnostic.cab -- Amadeus DS Diagnostic Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{E90EF4C9-1476-4C49-B926-97C7D9D30A06}: http://certificates.amadeusvista.com/certi...CCCert_Info.CAB -- Certificates_Info Class

========== (O17) DNS Name Servers ==========

{0CBC78AB-E465-42B8-BC6D-0FB5E096E476} (Servers: | Description: )
{152F9555-3DC9-498C-A77F-AB5DE4BB0C11} (Servers: | Description: )
{26ABD3C5-6617-411B-9269-669F7567F7ED} (Servers: | Description: )
{4C4D0137-687B-477D-8E98-ACB17EB782A0} (Servers: | Description: )
{53DD6540-23C0-4B89-8967-0C888F4A6590} (Servers: | Description: )
{6FF6B7DB-CCE9-4997-AEBF-9F07B0BD27E1} (Servers: | Description: )
{8AD1DBF0-4AB0-4BFE-8CF7-EBF22A04E455} (Servers: | Description: )
{AAA456CE-1B22-4D99-A946-32DC3D9F213E} (Servers: 168.210.2.2,196.33.95.10 | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{CDFB8E2B-6C5F-4186-977B-D9E5A63FA006} (Servers: | Description: )
{F5FF3314-03FB-41C4-B789-15263BA8E95E} (Servers: | Description: )

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=sockspy.dll
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
WRNotifier: "DllName" = WRLogonNTF.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}" (HKLM) -- C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 0

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [pause | ]
[2007/12/19 19:24:06 | 00,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50e482ec-3dc2-11dc-828e-444553544200}\Shell\Auto\command]
""=RavMon.exe e

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50e482ec-3dc2-11dc-828e-444553544200}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50e482ec-3dc2-11dc-828e-444553544200}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/14 02:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5da694a4-21d1-11dd-8f25-00081b872b06}\Shell\Auto\command]
""=H:\driver.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5da694a4-21d1-11dd-8f25-00081b872b06}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5da694a4-21d1-11dd-8f25-00081b872b06}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/14 02:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdf27edb-dd86-11dc-8ebf-00081b872b06}\Shell\Auto\command]
""=Pictures.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdf27edb-dd86-11dc-8ebf-00081b872b06}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdf27edb-dd86-11dc-8ebf-00081b872b06}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/14 02:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2008/10/15 21:36:23 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 20:18:49 | 00,029,606 | ---- | C] () -- C:\Documents and Settings\CaESaR\My Documents\RNB IMEXPORT SUHAUS INK REFILL KIT an=2202944.pdf
[2008/10/15 19:55:21 | 00,016,878 | ---- | C] () -- C:\Documents and Settings\CaESaR\My Documents\SUDHAUS PRINTER REFILL AND RESET RECIEPT.pdf
[2008/10/15 19:36:55 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 19:34:52 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 19:34:51 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 19:34:50 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 19:34:49 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 19:32:11 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/11 14:16:19 | 02,189,864 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mbam-setup.exe
[2008/10/10 18:41:06 | 01,924,099 | ---- | C] () -- C:\Documents and Settings\CaESaR\Desktop\Achmed_the_terroist.wmv
[2008/10/10 14:09:40 | 00,018,120 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2008/10/10 14:09:39 | 00,196,608 | R--- | C] (Mustek Systems Inc.) -- C:\WINDOWS\System32\SBMiniDrv.dll
[2008/10/10 14:09:39 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\SBfw.usb
[2008/10/10 13:53:08 | 00,000,643 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2008/10/10 13:52:59 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCO40.DLL
[2008/10/10 13:52:59 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCO30.DLL
[2008/10/10 13:52:58 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC30.DLL
[2008/10/10 13:50:50 | 00,028,672 | ---- | C] (Ulead Systems, Inc.) -- C:\WINDOWS\Photo Express 3.scr
[2008/10/10 13:49:54 | 00,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2008/10/10 13:44:48 | 00,169,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\itircl.dll
[2008/10/10 13:44:48 | 00,124,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\itss.dll
[2008/10/10 13:44:47 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\hhctrl.ocx
[2008/10/10 13:44:09 | 00,081,946 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Vb5ko.dll
[2008/10/10 13:44:08 | 00,176,128 | ---- | C] (BearPaw) -- C:\WINDOWS\System32\PuzzSaver.scr
[2008/10/10 13:44:08 | 00,172,032 | ---- | C] (BearPaw) -- C:\WINDOWS\System32\SpotSaver.scr
[2008/10/10 13:44:07 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\ParaSaver.scr
[2008/10/10 13:44:02 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\System\Pcdlib32.dll
[2008/10/10 13:44:02 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System\Capi2032.dll
[2008/10/10 13:43:56 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System\LFFPX7.DLL
[2008/10/10 13:43:55 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System\LFKODAK.DLL
[2008/10/10 13:43:47 | 00,000,000 | ---D | C] -- C:\Program Files\Mustek 1200 UB Plus
[2008/10/08 17:45:24 | 03,708,566 | -H-- | C] () -- C:\Documents and Settings\CaESaR\Local Settings\Application Data\IconCache.db
[2008/10/08 14:16:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CaESaR\Application Data\Malwarebytes
[2008/10/08 14:16:02 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/08 14:16:01 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/08 14:15:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/08 14:15:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/08 00:38:23 | 00,332,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wgatray.exe.bak
[2008/10/08 00:38:23 | 00,332,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2008/10/08 00:38:23 | 00,200,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wgalogon.dll.bak
[2008/10/08 00:38:23 | 00,200,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll
[2008/10/06 12:50:56 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/06 12:50:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/06 12:50:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/03 14:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CaESaR\My Documents\LimeWire
[2008/10/03 14:00:05 | 00,001,588 | ---- | C] () -- C:\Documents and Settings\CaESaR\Desktop\LimeWire PRO 4.18.8.lnk
[2008/09/27 17:02:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CaESaR\Application Data\Samsung
[2008/09/27 17:01:46 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/09/27 16:32:38 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\framedyn.dll
[2008/09/27 16:31:15 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/27 16:30:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2008/09/27 16:30:23 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\Uninstall.ico
[2008/09/27 16:29:15 | 00,000,000 | ---D | C] -- C:\Program Files\Samsung
[2008/09/24 21:40:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CaESaR\Local Settings\Application Data\Windows Live Writer
[2008/09/24 21:40:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\CaESaR\Application Data\Windows Live Writer
[2008/09/19 00:21:14 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\CaESaR\My Documents\My Stationery
[2008/09/18 23:57:49 | 00,000,578 | ---- | C] () -- C:\Documents and Settings\CaESaR\My Documents\My Sharing Folders.lnk
[2008/09/18 23:50:09 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2008/09/18 23:49:43 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2008/09/18 23:49:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WLInstaller

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[19 C:\WINDOWS\*.tmp files]
[2008/10/16 14:07:51 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2008/10/16 14:00:00 | 00,000,268 | -H-- | M] () -- C:\WINDOWS\tasks\AE6A16D491E5888C.job
[2008/10/16 12:56:54 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/16 11:16:37 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/16 11:16:31 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2008/10/16 11:15:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/16 11:15:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/16 11:15:10 | 01,098,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 11:15:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2008/10/16 00:34:45 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/10/16 00:34:45 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/10/16 00:34:45 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000002-80661102}.dat
[2008/10/16 00:34:45 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000002-80661102}.dat
[2008/10/16 00:34:43 | 00,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx
[2008/10/16 00:34:42 | 00,029,004 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx
[2008/10/16 00:34:41 | 00,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx
[2008/10/16 00:34:40 | 00,017,456 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000002-80661102}.rfx
[2008/10/16 00:32:33 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2008/10/16 00:20:14 | 00,000,643 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2008/10/15 21:46:23 | 00,485,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/15 21:46:22 | 00,579,058 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/15 21:46:22 | 00,084,932 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/15 21:43:18 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 21:40:23 | 00,000,806 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/15 20:18:49 | 00,029,606 | ---- | M] () -- C:\Documents and Settings\CaESaR\My Documents\RNB IMEXPORT SUHAUS INK REFILL KIT an=2202944.pdf
[2008/10/15 19:55:21 | 00,016,878 | ---- | M] () -- C:\Documents and Settings\CaESaR\My Documents\SUDHAUS PRINTER REFILL AND RESET RECIEPT.pdf
[2008/10/15 17:44:10 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/10 18:36:17 | 01,924,099 | ---- | M] () -- C:\Documents and Settings\CaESaR\Desktop\Achmed_the_terroist.wmv
[2008/10/10 15:21:47 | 00,334,176 | ---- | M] () -- C:\Documents and Settings\CaESaR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/08 21:24:17 | 00,000,311 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/08 21:24:17 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/10/08 17:45:24 | 03,708,566 | -H-- | M] () -- C:\Documents and Settings\CaESaR\Local Settings\Application Data\IconCache.db
[2008/10/08 14:15:19 | 02,189,864 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Documents\mbam-setup.exe
[2008/10/08 03:51:40 | 00,265,214 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/08 02:36:10 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\CaESaR\Desktop\CCleaner.lnk
[2008/10/07 21:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/06 15:17:39 | 03,377,527 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000002-80661102}.CDF
[2008/10/06 13:08:54 | 00,219,140 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081008-035135.backup
[2008/10/06 12:53:23 | 00,272,625 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081006-125543.backup
[2008/10/06 12:50:51 | 00,007,447 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081006-125323.backup
[2008/10/04 01:02:50 | 00,000,206 | ---- | M] () -- C:\WINDOWS\System32\ebbceae_g.ocx
[2008/10/04 01:02:50 | 00,000,206 | ---- | M] () -- C:\WINDOWS\System32\aafdbabc2_g.dll
[2008/10/03 19:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 19:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/03 14:00:05 | 00,001,588 | ---- | M] () -- C:\Documents and Settings\CaESaR\Desktop\LimeWire PRO 4.18.8.lnk
[2008/09/29 01:01:35 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\CaESaR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 17:01:46 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/09/27 17:00:53 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/25 14:13:49 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\CaESaR\My Documents\ACE INTERNATIONAL INCOME EXPENSES.xls
[2008/09/18 23:57:50 | 00,000,578 | ---- | M] () -- C:\Documents and Settings\CaESaR\My Documents\My Sharing Folders.lnk
< End of report >

OTViewIt Extras logfile created on: 16/10/2008 02:07:59 PM - Run
OTViewIt by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\CaESaR\Desktop\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: dd/MM/yyyy

511.48 Mb Total Physical Memory | 159.71 Mb Available Physical Memory | 31.22% Memory free
1.22 Gb Paging File | 0.60 Gb Available in Paging File | 49.55% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.09 Gb Total Space | 17.86 Gb Free Space | 46.90% Space Free | Partition Type: NTFS
Drive D: | 38.09 Gb Total Space | 26.81 Gb Free Space | 70.40% Space Free | Partition Type: NTFS
Drive E: | 35.61 Gb Total Space | 9.99 Gb Free Space | 28.05% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAESARS-PC
Current User Name: CaESaR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 02:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/05 18:51:10 | 00,032,768 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 02:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\CaESaR-Script\CaESaR SCRIPT.exe:*:Enabled:mIRC
[2005/04/10 15:13:28 | 02,904,660 | ---- | M] (ICQ Ltd.) -- C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
[2007/01/01 23:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2008/09/18 21:01:52 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
File not found -- C:\Documents and Settings\CaESaR\Desktop\Downloads\utorrent.exe:*:Enabled:µTorrent
File not found -- C:\WINDOWS\system32\iexplore.exe:*:Enabled:123.exe
[2006/10/05 18:51:10 | 00,032,768 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2005/09/13 02:53:40 | 01,949,696 | ---- | M] (mIRC Co. Ltd.) -- C:\CaESaR-Script\mIRC.exe:*:Enabled:mIRC
[2007/12/13 08:17:08 | 00,383,416 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process
[2007/12/13 09:32:10 | 01,636,792 | ---- | M] (Nokia Corporation) -- C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/30 10:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
NameSpace_Catalog5\Catalog_Entries\000000000005 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw+0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw00s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw-0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw10s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw20s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw30s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw40s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw50s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw60s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw70s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw80s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bw90s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwa0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwb0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwc0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwd0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwe0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwf0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwg0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwh0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwi0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwj0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwk0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwl0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwm0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwn0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwo0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwp0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwq0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwr0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bws0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwt0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwu0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwv0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bww0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwx0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwy0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (bwz0s:{697e7fae-a2e9-4054-9663-49d71d95d38a} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/05 18:51:10 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (offline-8876480:{697E7FAE-A2E9-4054-9663-49D71D95D38A} (HKLM) [BackWeb Proactive Portal Pluggable Protocol])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}"=Nokia Connectivity Cable Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0E94871C-623C-464F-A117-B8474BFF84E1}"=Nokia MTP driver
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}"=KeyMail Decoder
"{172423F9-522A-483A-AD65-03600CE4CA4F}"=Microsoft Works 6-9 Converter
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=Multimedia Launcher
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}"=Microsoft IntelliPoint 4.1
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2F353D44-73BB-4971-B31D-F7642E9E9531}"=Macromedia Flash MX 2004
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{364EC092-93CF-4DDC-9D7A-7278452028E0}"=Logitech QuickCam
"{366FFC89-C800-4366-B903-B9C4314109A5}"=Garmin WebUpdater
"{3741689E-584D-40C9-B011-373A0371846D}"=Nokia Software Updater
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}"=DAEMON Tools
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}"=ATI HydraVision
"{41979C2F-34B8-4F92-8111-B13C5864682D}"=MediaFACE 4.01
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{47813E93-F2A0-484A-838E-47EC1B28D190}"=Adobe Stock Photos 1.0
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{4A11948E-8521-43B8-BBBD-5C24B804F0A3}"=Samsung PC Studio 3
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{51318D14-C882-48CB-B38A-14EDCDF5890C}"=Nokia NSeries Multimedia Player
"{5271157F-9566-4C24-BD7C-F9D17398AF78}"=Nokia NSeries System Utilities
"{535BFE53-9F57-46DD-9162-E5EC84360328}"=Nokia NSeries Application Installer
"{5510704C-FA32-4113-AF1C-17CDB5253206}"=Nokia NSeries One Touch Access
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{573518BD-DC9A-4399-9168-E657C98DCC46}"=Nokia NSeries Music Manager
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{5E8B06A6-D230-4849-8D26-1F2BE98CDC17}"=Nokia NSeries Content Copier
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}"=Nokia Nseries Skin for Microsoft Windows Media Player
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{82AF77BC-423D-42DA-BE5B-FFCA04752181}"=MediaFACE 4.01 Image Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}"=Sound Blaster Live!
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}"=RTLSetup
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}"=Google Earth
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}"=PC Connectivity Solution
"{9DE006A5-B384-4EDE-A760-0F217136B9EA}"=Microsoft IntelliType Pro 2.2
"{A023A2D1-8BD3-4B3D-8077-CD9DDA489CB5}"=HP Photo and Imaging 2.0 - Photosmart Cameras
"{A12A36EC-ACB7-11D9-8E75-000D614181EB}"=NDAS Software 3.11.1328
"{A335B6D2-1E02-4C1D-8B09-B0571235FB10}"=Nokia Software Launcher
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}"=Nokia PC Suite
"{AC76BA86-1033-0000-7760-000000000002}"=Adobe Acrobat 7.0 Professional
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B376402D-58EA-45EA-BD50-DD924EB67A70}"=HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer
"{B944FA21-81AF-4A77-8328-CE4F4CC51033}"=Nero 8 Demo
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}"=DVD Solution
"{BA330996-3F63-443F-A3C4-4B62D9A02950}"=MXit PC
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}"=Canon PhotoRecord
"{BC467935-A9A5-4D0F-BD89-94F36CDF0524}"=Adobe Stock Photos 1.0
"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio 3
"{C7D014BC-4331-4649-866A-A884AA63590D}"=BitDefender Internet Security 2008
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}"=Garmin POI Loader
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}"=LightScribe 1.4.124.1
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}"=Nokia Lifeblog 2.5
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}"=Sony Ericsson PC Suite
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}"=Disc2Phone
"0852D05415AB9A4F1EF451E342267F76C776ED2F"=Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25"=Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"24894EA20BE8E62AA4FC3DD3AA85785356B52BF5"=Windows Driver Package - Nokia Modem (08/08/2007 3.3)
"4077F884D1BB007055BDB83B621D87220A73F30F"=Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765"=Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"Adobe Acrobat 7.0 Professional"=Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"Advanced MP3 Converter_is1"=Advanced MP3 Converter 2.40
"All ATI Software"=ATI - Software Uninstall Utility
"AngelPotion Video Codec V1"=AngelPotion Video Codec V1
"Apex Video Converter Super_is1"=Apex Video Converter Super 5.88
"ATI Display Driver"=ATI Display Driver
"Azureus"=Azureus
"B726756F5B5A5AA9D798B399386FC6205A45F19E"=Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Canon Setup Utility 2.0"=Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL"=Canon iP4200
"CCleaner"=CCleaner (remove only)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7"=Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
"Dont Touch My Computer 2"=Dont Touch My Computer 2
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Region+CSS Free_is1"=DVD Region+CSS Free 5.9.8.5
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox"=Canon Utilities Easy-PrintToolBox
"Easy-WebPrint"=Easy-WebPrint
"Enable S3 for USB Device"=Enable S3 for USB Device
"FixTunes"=FixTunes (remove only)
"Folder Guard"=Folder Guard
"FrostWire"=FrostWire 4.13.5
"gsle4"=LRC Editor 4.0 (remove only)
"HijackThis"=HijackThis 2.0.2
"Home Media Server 4.0.0.0072"=Home Media Server 4.0.0.0072
"ICQLite"=ICQ 5
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}"=MediaFACE 4.01
"InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}"=MediaFACE 4.01 Image Library
"KB940157"=Windows Search 4.0
"KeyScrambler"=KeyScrambler
"LimeWire"=LimeWire PRO 4.18.8
"Magic ISO Maker v5.4 (build 0251)"=Magic ISO Maker v5.4 (build 0251)
"MagicDisc 2.5.79"=MagicDisc 2.5.79
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Matroska Pack"=Matroska Pack (remove only)
"Max Media Creator_is1"=Max Media Creator
"MaxDrive PS2"=MaxDrive PS2
"MediaNavigation.CDLabelPrint"=CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"mIRC"=mIRC
"Movkit Batch Video Converter_is1"=Movkit Batch Video Converter 2.5
"MP3 Remix for Winamp"=MP3 Remix for Winamp
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Mustek 1200 UB Plus v1.3"=Mustek 1200 UB Plus v1.3
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Nokia Maploader"=Nokia Maploader
"Nokia PC Suite"=Nokia PC Suite
"Oxygen Phone Manager for Symbian OS phones"=Oxygen Phone Manager for Symbian OS phones
"Oxygen Phone Manager II for Nokia phones"=Oxygen Phone Manager II for Nokia phones
"Oxygen Phone Manager II pictures pack"=Oxygen Phone Manager II pictures pack
"PhotoELF"=PhotoELF
"PS3 Video 9"=PS3 Video 9 2.25
"QcDrv"=Logitech® Camera Driver
"RealPlayer 6.0"=RealPlayer
"RegToy"=RegToy 0.7.2.1
"SAMSUNG Mobile Modem"=SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver"=Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"Search and Recover 3_is1"=iolo technologies' Search and Recover 3
"Shockwave"=Shockwave
"SysInfo"=Creative System Information
"Tunatic"=Tunatic
"TweakNow RegCleaner Standard_is1"=TweakNow RegCleaner Standard
"Ulead Photo Express 3.0 SE"=Ulead Photo Express 3.0 SE
"VideoGet_is1"=VideoGet
"Wakeup plugin_is1"=Plugin version 1.5
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA"=Windows Genuine Advantage Validation Tool
"WIC"=Windows Imaging Component
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01005"=Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"XviD"=XviD MPEG-4 Codec
"Xvid_is1"=Xvid 1.1.2 final uninstall
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Customizations"=Yahoo! Browser Services
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ANTE BIB BYTE"=Zone Media

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-861567501-606747145-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ANTE BIB BYTE"=Zone Media

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/10/2008 04:50:24 PM | Computer Name = CAESARS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CAESAR\RECENT\KURSEED MOHAMMED
ALLY.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 06/10/2008 04:50:24 PM | Computer Name = CAESARS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CAESAR\RECENT\AMOD HANIFF MOHAMMED
ALLY.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 06/10/2008 04:50:24 PM | Computer Name = CAESARS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CAESAR\RECENT\BARBARA KATHLEEN
MANSOOR.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 06/10/2008 04:50:24 PM | Computer Name = CAESARS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CAESAR\RECENT\ENRAHIM MAHOMED
MANSOOR.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 06/10/2008 04:50:25 PM | Computer Name = CAESARS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CAESAR\RECENT\AYESHA VADIA.LNK>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 06/10/2008 04:50:25 PM | Computer Name = CAESARS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CAESAR\RECENT\AYESHA VADIA.LNK>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 06/10/2008 04:50:26 PM | Computer Name = CAESARS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CAESAR\RECENT\AYESHA BIBI MOHAMED.LNK>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 06/10/2008 04:50:26 PM | Computer Name = CAESARS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CAESAR\RECENT\AMOD HANIFF MOHAMMED
ALLY.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 07/10/2008 07:49:39 PM | Computer Name = CAESARS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-861567501-606747145-682003330-1003}/CAESAR'S
FOLDERS($5C9FE07C)/X/INBOX/????????????????????????> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to the
system is not functioning. (0x8007001f)

Error - 07/10/2008 07:49:39 PM | Computer Name = CAESARS-PC | Source = Windows Search Service | ID = 3013
Description = The entry <MAPI://{S-1-5-21-861567501-606747145-682003330-1003}/CAESAR'S
FOLDERS($5C9FE07C)/X/INBOX/????????????????????????> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to the
system is not functioning. (0x8007001f)

[ System Events ]
Error - 07/10/2008 07:00:16 PM | Computer Name = CAESARS-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde oreans32

Error - 07/10/2008 08:43:21 PM | Computer Name = CAESARS-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 07/10/2008 08:43:21 PM | Computer Name = CAESARS-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 07/10/2008 08:43:21 PM | Computer Name = CAESARS-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 08/10/2008 11:53:19 AM | Computer Name = CAESARS-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
oreans32

Error - 08/10/2008 01:01:35 PM | Computer Name = CAESARS-PC | Source = Service Control Manager | ID = 7000
Description = The oreans32 service failed to start due to the following error: %%123

Error - 10/10/2008 08:10:34 AM | Computer Name = CAESARS-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 10/10/2008 03:24:32 PM | Computer Name = CAESARS-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ndassvc service.

Error - 11/10/2008 05:01:50 PM | Computer Name = CAESARS-PC | Source = Print | ID = 22
Description = Failed to ugrade printer settings for printer \\Ojs-pc\hp LaserJet
1160 PCL 5e,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL
error 5.

Error - 15/10/2008 11:44:40 AM | Computer Name = CAESARS-PC | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Canon iP4200 share name CANONIP4200.


< End of report >

#4 CaESaRZN

CaESaRZN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:South Africa
  • Local time:12:30 AM

Posted 16 October 2008 - 06:38 PM

I have run the aspersky Online Scanner as you requested and half way through, my pc swithced off on its own. When I tried to power it up again,it just came on and went off within less then a secon. this happend twice and then it came to the windows is loading screen and then didoit again. Imanaged to get it to start up by holding the ESC button down while it was booting. I held the ESC button down until it loaded right upto the desktop. I am now going to retry scanning my computer once more with laspersky online scanner. If this fails. please notify my of what other steps i may use.

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:30 PM

Posted 16 October 2008 - 07:28 PM

Hello, CaESaRZN.
Please try this one in place of Kaspersky :thumbsup:

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 CaESaRZN

CaESaRZN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:South Africa
  • Local time:12:30 AM

Posted 17 October 2008 - 05:07 AM

KASPESKY HAS JUST FINISHED.

HERE IS THE REPORT

I WILL NOW RUN NOD32

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, October 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 16, 2008 23:07:51
Records in database: 1317659
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 167861
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 05:03:46


File name / Threat name / Threats count
C:\CaESaR-Script\mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Documents and Settings\CaESaR\Desktop\My Files\Cool Stuff\Programs\fakeshutdown.exe Infected: Hoax.Win32.BadJoke.RJL.c 1
E:\System Volume Information\_restore{6A319BB2-8C77-4E42-9AC2-1C181C7A4506}\RP129\A0050383.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.601 1
E:\System Volume Information\_restore{6A319BB2-8C77-4E42-9AC2-1C181C7A4506}\RP129\A0050387.exe Infected: Exploit.Win32.Nuker.Click.22 1

The selected area was scanned.

#7 CaESaRZN

CaESaRZN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:South Africa
  • Local time:12:30 AM

Posted 17 October 2008 - 06:52 PM

NOD32 LOG FILE AS REQUESTED

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3532 (20081017)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=ce8003a628869a418df6943de040cd62
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-17 11:21:22
# local_time=2008-10-18 01:21:22 (+0200, South Africa Standard Time)
# country="South Africa"
# osver=5.1.2600 NT Service Pack 3
# scanned=726788
# found=0
# scan_time=15975

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:30 PM

Posted 17 October 2008 - 07:24 PM

Hello, CaESaRZN.
You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Limewire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Please Set Your System to Show Hidden Files
If you are using Windows XP or earlier:
  • Go to Start -> My Computer (Or click the My Computer icon on your desktop)
  • Go to the Tools Menu -> Folder Options.
  • Select the "View" tab.
  • Where you see Posted Image, click the Posted Image radio button.
  • Uncheck "Hide extensions for known file types"
  • Uncheck "Hide protected operating system files"
  • Click Ok.
  • Exit/Close My Computer.
If you are using Windows Vista:
  • Please go to Start -> Computer
  • Click on Posted Image
  • Click on Posted Image
  • Select the "View" tab.
  • Where you see Posted Image, click the Posted Image radio button.
  • Uncheck "Hide extensions for known file types"
  • Uncheck "Hide protected operating system files"
  • Click Ok.
  • Exit/Close My Computer.
We need to upload a file for further inspection
  • Please go to this page.
  • Where it asks for the "Link to where the file was requested" copy and paste in
    http://www.bleepingcomputer.com/forums/index.php?showtopic=173355&view=findpost&p=977076
  • Where it says "Browse to the file you want to submit", browse to
    C:\WINDOWS\system32\drivers\d347bus.sys
  • Press the Posted Image button.
Please repeat this file upload process, except in each of the following runs, repeat for these files:
C:\WINDOWS\system32\drivers\d347bus.sys
C:\WINDOWS\system32\drivers\d347prt.sys
C:\WINDOWS\system32\drivers\gt680x.sys
C:\WINDOWS\system32\drivers\n558.sys

We need to scan for rootkits with GMER
  • Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  • Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
In your next reply, please include the following:
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 CaESaRZN

CaESaRZN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:South Africa
  • Local time:12:30 AM

Posted 19 October 2008 - 08:26 AM

SYS FILES UPLOADED AS REQUESTED.

NOW GOING TO RUN GMER

#10 CaESaRZN

CaESaRZN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:South Africa
  • Local time:12:30 AM

Posted 19 October 2008 - 10:05 AM

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2008-10-19 17:02:23
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys ZwOpenProcess
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys ZwOpenThread
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\searchindexer.exe[1100] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 83781210
Device \FileSystem\Ntfs \Ntfs AcquireForModWrite [F8614498] lfsfilt.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ FF2C5190
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 83280008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 83280008
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 83656180
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 832E2818
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 832E2818
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_READ 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 832E2818
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 832E2818
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 83280008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 83280008
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ FF283190
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 836C9AD0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 836C9AD0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 836A6FB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 836B3FB0
Device \FileSystem\Fastfat \Fat IRP_MJ_READ FF2C5190
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 8369B550
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 8369B550
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 8369B550
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 8369B550
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 8369B550
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 836C05E0

---- Modules - GMER 1.0.12 ----

Module _________ F8792000

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19B1EE94-B10D-BFDD-A85B-8B52F9C83701}@abpnimdiakdpbcidmacjecppgblolbjmje 0x61 0x61 0x00 0x00
Reg \Registry\USER\S-1-5-21-861567501-606747145-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19B1EE94-B10D-BFDD-A85B-8B52F9C83701}@bbpnimdiakdpbcidmajibcgnfeicmikhbbag 0x61 0x61 0x00 0x00

---- Files - GMER 1.0.12 ----

ADS C:\CaESaR-Script\mIRC.exe:SummaryInformation
ADS C:\CaESaR-Script\mIRC.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
ADS C:\Documents and Settings\CaESaR\Desktop\Downloads\Photoshop Tutorials\Burnout_files\step1.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\CaESaR\Desktop\Downloads\Photoshop Tutorials\Burnout_files\step10.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\CaESaR\Desktop\Downloads\Photoshop Tutorials\Burnout_files\step11.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\CaESaR\Desktop\Downloads\Photoshop Tutorials\Burnout_files\step12.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\CaESaR\Desktop\Downloads\Photoshop Tutorials\Burnout_files\step13.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\CaESaR\Desktop\Downloads\Photoshop Tutorials\Burnout_files\step2.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\CaESaR\Desktop\Downloads\Photoshop Tutorials\Burnout_files\step3.jpg:Roxio EMC Stream
ADS ...

---- EOF - GMER 1.0.12 ----

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:30 PM

Posted 19 October 2008 - 12:09 PM

Hello, CaESaRZN.
Hello. That all looks clean. I think in this case we aren't dealing with a malware issue. I think the system is shutting down due to thermal overload.

In other words, I think the heatsinks for this machine are clogged with dust.

I would start a new topic over here: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

The XP guys know a lot more about hardware diagnosis than I do.

Good luck!

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 CaESaRZN

CaESaRZN
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Location:South Africa
  • Local time:12:30 AM

Posted 19 October 2008 - 02:40 PM

THANKS FOR ALL THE HELP BILLY. I WILL TRY AND POST THERE WHEN I GET SOME TIME.

IT SEEMS AS IF I HAVE A FAULTY MEMORY OR HARDWARE DEVICE THAT IS CAUSING THIS....IF IT WERE THE HEAT SINKS, MY PC WOULD RESTART BUT IN MY CASE, IT SHUTS DOWN. SO THAT RULES OUT THE HEAT SINK THEORY. I HAVE CHECKED THE PROCESSOR FAN AND HEAT SINK AND ALL SEEM DUST FREE THERE.

BUT AGAIN. I THANK YOU FOR ALL THE TIME AND EFFORT YOU HAVE TAKEN TO LOOK AT ALL MY LOGS AND CHECK FOR ANY PROBLEMS.

ITS GREAT TO KNOW THAT THERE ARE PEOPLE LIKE YOURSELF, WHO ARE WILLING TO HELP PEOPLE IN NEED OF ASSITANCE.

THIS THREAD CAN NOW BE CLOSED.

THANKS.

TILL WE MEET AGAIN MY FREIND.....

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:30 PM

Posted 19 October 2008 - 02:43 PM

Hello, CaESaRZN.
IF IT WERE THE HEAT SINKS, MY PC WOULD RESTART BUT IN MY CASE,

Not completely true. There are plenty of machines which simply shutdown after thermal problems. In fact, restarting would not make sense at all because restarting would not reduce the thermal problems on the machine. But either way, looks clean here ;)

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users