Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer downloads between 3k to 8k per second even when not on INTERNET.


  • This topic is locked This topic is locked
28 replies to this topic

#1 ubaman

ubaman

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 08 October 2008 - 10:21 PM

I have xp pro with mcafee security center.Lately security center pop up says i have Trojan,Malware... ect. Mcafee always removes or quarantined them except algg.exe and alg.exe\alg.exe so I manually removed them.Computer is slow at times and lose mouse pointer at times.Like I said in topic as soon as computer boots.I click on windows task manager and under networking it shows my comcast cable hsi connected to my 3 com card . Even without opening browser it will show 3k to 8k bytes per second or cycle unless i disconnect power Iknow i have auto updates and stuff but it downloads all the time.Maybe someone can help me . Do I have malware ? Where is download storing it?Please help me .Thank you David

Here is hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:41 PM, on 10/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] "C:\WINDOWS\system32\sstray.exe" /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.al7bar.tk
O15 - Trusted Zone: http://www.casinoroom.com
O15 - Trusted Zone: http://pvx-pv.ibroadcast.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.nintendo.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pokerroom.com
O15 - Trusted Zone: http://www.webkinz.com
O15 - Trusted Zone: *.windowsonecare.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202792004281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204255920000
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...0/installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11038 bytes

BC AdBot (Login to Remove)

 


m

#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:30 AM

Posted 16 October 2008 - 10:43 PM

Hi,

Welcome to BleepingComputer HijackThis Logs and Malware Removal, ubaman. :thumbsup:
My name is sundavis, I will be helping you to deal with your Malware problems today.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.
The log you presented had been a few days away. It may not show what it is. In the meantime, please refrain from making any changes to your computer. and please do in the following:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please post back

RSIT log.txt and info.txt.

#3 ubaman

ubaman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 17 October 2008 - 07:01 PM

First off THANK YOU .
i DOWNLOADED RSIT.exe then when I run I get:
Autolt Error
Line-1
Error:Subscript used with non-Array variable.
OK button
Then when I click ok it closes rsit
Dave

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:30 AM

Posted 18 October 2008 - 12:54 AM

OK!! Try this instead.
  • Please download OTViewIt by OldTimer and save it to your Desktop.
  • Close all applications and windows.
  • Double-click on the OTViewIt.exeto start OTViewIt.
  • Place a checkmark in the blue-colored "Scan All Users" checkbox.
  • Click the blue Run Scan button.
  • OTViewIt will now start its scan.
  • When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.
In your next reply, please post back:

1.OTViewIt.Txt and Extras.txt
2.New HJT log

Thanks.

#5 ubaman

ubaman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 18 October 2008 - 08:01 AM

OK here they are...
OTViewit:
OTViewIt logfile created on: 10/18/2008 6:41:45 AM - Run
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 603.33 Mb Available Physical Memory | 58.95% Memory free
2.41 Gb Paging File | 2.03 Gb Available in Paging File | 84.19% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.54 Gb Total Space | 25.79 Gb Free Space | 34.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.04 Gb Total Space | 49.37 Gb Free Space | 33.13% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID-999KME91K
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/23 20:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/09/23 20:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/07 20:47:09 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/05/01 00:26:29 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2007/05/28 10:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
[2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/05/01 00:26:29 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2005/07/10 07:53:32 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2007/06/27 19:03:40 | 00,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2004/01/08 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
[2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
[2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2007/06/27 19:04:00 | 01,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
[2008/04/13 18:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/10/18 06:39:01 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/07 20:47:09 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
File not found -- -- (AOLService [Disabled | Stopped])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/09/23 20:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/09/23 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
File not found -- -- (Automatic LiveUpdate Scheduler [On_Demand | Stopped])
[2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (EPSONStatusAgent2 [Disabled | Stopped])
[2008/02/07 22:35:48 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/10/09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/05/24 21:46:14 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/05/20 11:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
[2004/10/16 06:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
[2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/05/01 00:26:29 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2007/06/29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2007/10/11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [On_Demand | Stopped])
[2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
[2008/02/17 17:56:30 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
[2007/05/28 10:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
File not found -- -- (SysEnforce [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/13 12:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[1997/04/22 11:16:00 | 00,006,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75 [Auto | Running])
[2008/09/23 21:09:07 | 03,331,072 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/05/30 16:58:52 | 00,028,160 | ---- | M] (W1zzard) -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool [System | Stopped])
[2003/10/28 16:17:52 | 00,005,273 | ---- | M] (Arrowkey) -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC [Auto | Running])
[2006/08/11 15:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2006/08/11 15:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2005/11/10 18:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2006/08/11 15:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2006/08/11 15:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2002/08/13 21:27:22 | 00,074,338 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90Xbc [On_Demand | Running])
[2006/08/11 15:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2007/09/07 14:55:04 | 00,027,672 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH [On_Demand | Stopped])
[2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2005/10/19 20:03:28 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [On_Demand | Stopped])
[2006/08/11 15:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2006/08/11 15:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Stopped])
[2006/08/11 15:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k [On_Demand | Stopped])
[2001/08/17 13:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
[2007/01/19 12:46:10 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2007/01/19 12:46:10 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2007/01/19 12:46:12 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2003/12/17 09:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])
[2003/12/17 10:50:00 | 00,037,887 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb [On_Demand | Stopped])
[2003/12/17 09:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
[2007/05/05 21:11:35 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])
[2001/08/23 12:00:00 | 00,009,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntapm.sys -- (NtApm [On_Demand | Stopped])
[2004/06/03 10:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2002/12/05 12:01:00 | 00,013,056 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Stopped])
[2004/01/29 01:45:50 | 00,093,764 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET [On_Demand | Running])
[2002/12/05 12:01:00 | 00,241,664 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Stopped])
[2005/12/01 02:35:00 | 00,003,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\NVStrap.sys -- (NVStrap [Boot | Stopped])
[2002/09/06 11:24:00 | 00,013,568 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [Boot | Running])
[2006/08/11 15:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2007/01/06 09:12:34 | 00,034,528 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
[2003/03/21 13:34:08 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Stopped])
[2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/08/19 04:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2007/08/29 03:04:04 | 00,116,264 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r [Boot | Running])
[2007/08/29 03:04:04 | 00,019,240 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [Boot | Running])
[2008/01/24 20:09:44 | 00,715,248 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2006/11/10 07:08:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\drivers\SysTool.sys -- (SysTool [System | Stopped])
[2006/11/11 14:26:19 | 00,076,560 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/04/13 12:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2006/11/05 10:49:44 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2008/04/13 12:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
[2002/09/09 11:04:36 | 00,007,312 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\system32\drivers\WBHWDOCT.sys -- (WBHWDOCT [On_Demand | Stopped])
[2001/08/23 12:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://www.google.com/
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
""=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://www.comcast.net/toolbar2.0/search/

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\w]
""=http://windowsisearch.com/search?q=%s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://www.google.com/
"Start Page"=http://www6.comcast.net/a/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://www.google.com/
"Start Page"=http://www6.comcast.net/a/

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (265205 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9212 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D7F30B62-8269-41AF-9539-B2697FA7D77E}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D7F30B62-8269-41AF-9539-B2697FA7D77E}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" (HP)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"Logitech Utility"=Logi_MwX.Exe (Logitech Inc.)
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
"nForce Tray Options"="C:\WINDOWS\system32\sstray.exe" /r (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (Creative Technology Ltd)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (Creative Technology Ltd)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk =

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoSplash"=0

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"Connwiz Admin Lock"=0
"Colors"=0

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\policies\microsoft\internet explorer\Control Panel]
"Connwiz Admin Lock"=0
"Colors"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
""=
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
Refresh Pa&ge with Full Quality: Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
Refresh Pa&ge with Full Quality: Reg Error: Value does not exist or could not be read. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
al7bar.tk\www: http in My Computer
aol.com\objects: * is out of zone range (0)
casinoroom.com\www: http in My Computer
comcast.net\sso: https in My Computer
ibroadcast.com\pvx-pv: http in My Computer
internet: about in Trusted sites
mcafee.com: http in Trusted sites
mcafee.com: https in Trusted sites
nintendo.com\www: http in My Computer
pandasoftware.com\www: http in My Computer
pokerroom.com\www: http in My Computer
webkinz.com\www: http in My Computer
windowsonecare.com: * in Trusted sites
100 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
91 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
91 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
5 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
al7bar.tk\www: http in My Computer
aol.com\objects: * is out of zone range (0)
casinoroom.com\www: http in My Computer
comcast.net\sso: https in My Computer
ibroadcast.com\pvx-pv: http in My Computer
internet: about in Trusted sites
mcafee.com: http in Trusted sites
mcafee.com: https in Trusted sites
nintendo.com\www: http in My Computer
pandasoftware.com\www: http in My Computer
pokerroom.com\www: http in My Computer
webkinz.com\www: http in My Computer
windowsonecare.com: * in Trusted sites
100 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01012101-5E80-11D8-9E86-0007E96C65AE}: http://www.comcastsupport.com/oneclickfix/tgctlsr.cab -- SupportSoft Script Runner Class
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{54BE6B6F-3056-470B-97E1-BB92E051B6C4}: http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab -- DeviceEnum Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1202792004281 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1204255920000 -- MUWebControl Class
{74DBCB52-F298-4110-951D-AD2FF67BC8AB}: http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab -- NVIDIA Smart Scan
{77E32299-629F-43C6-AB77-6A1E6D7663F6}: http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}: https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx -- Get_ActiveX Control
{C02226EB-A5D7-4B1F-BD7E-635E46C2288D}: http://a.download.toontown.com/sv1.0.31.5/ttinst.cab -- Toontown Installer ActiveX Control
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}: http://a532.g.akamai.net/f/532/6712/5m/vir...0/installer.exe -- Virtools WebPlayer Class
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}: http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe -- Virtools WebPlayer Class

========== (O17) DNS Name Servers ==========

{2535F2D1-474E-417F-B919-FAB3B61E0EF4} (Servers: | Description: 1394 Net Adapter)
{292A6C05-3128-4711-ADB9-258955DCD313} (Servers: | Description: 3Com 3C920B-EMB Integrated Fast Ethernet Controller)
{5F81FBBE-3944-4F58-9CA2-2512A76683C5} (Servers: | Description: 1394 Net Adapter)
{7DCBD929-0EC1-4FAC-A6D9-2160A82D18AF} (Servers: | Description: )
{A626F7B5-FC1D-4CE6-B818-E396850476E6} (Servers: | Description: )
{D2343096-E3EE-441E-BCA8-FBE1B3A8A4F3} (Servers: | Description: )
{FEEFF1B6-ABB4-40D6-B188-2E0B2CCD74AB} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/05/25 22:24:13 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autoexec.nt.txt [@echo off | lh %SYSTEMROOT%\system32\mscdexnt.exe | lh %SYSTEMROOT%\system32\redir | lh %SYSTEMROOT%\system32\dosx | SET BLASTER=A220 I5 D1 P330 T3 | ]
[2004/12/29 11:47:11 | 00,000,159 | ---- | M] () -- C:\Autoexec.nt.txt -- [ NTFS ]

AUTOEXEC.BAT []
[2007/01/26 11:57:27 | 00,000,000 | ---- | M] () -- G:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e3c9f24-9c65-11dc-be73-00265410348e}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e3c9f24-9c65-11dc-be73-00265410348e}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d25aa4a-f56b-11da-9a42-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d25aa4a-f56b-11da-9a42-806d6172696f}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76b708f2-9da2-11db-89ff-da06da7f5b75}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76b708f2-9da2-11db-89ff-da06da7f5b75}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a966e827-a996-11db-afee-f3c8db749974}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a966e827-a996-11db-afee-f3c8db749974}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeba30ff-d3fc-11db-87f0-806d6172696f}\Shell\play\Command]
""=C:\Program Files\Windows Media Player\wmplayer.exe -- [2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa673a1e-ab08-11db-ab3b-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa673a1e-ab08-11db-ab3b-806d6172696f}\Shell\AutoRun]
""=Auto&Play

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/10/18 06:38:57 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTViewIt.exe
[2008/10/17 17:49:46 | 00,000,000 | ---D | C] -- C:\rsit
[2008/10/17 17:49:09 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\David\Desktop\RSIT.exe
[2008/10/16 20:13:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\David\My Documents\AudioDrv
[2008/10/16 20:13:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\David\My Documents\AudioUtl
[2008/10/15 22:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/10/15 22:22:00 | 00,001,276 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft FREE trial.lnk
[2008/10/15 22:21:41 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2008/10/15 22:19:57 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/10/15 19:37:26 | 00,000,963 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Spybot - Search & Destroy.lnk
[2008/10/15 18:45:57 | 00,105,254 | ---- | C] () -- C:\Documents and Settings\David\Desktop\1224117915val_garden.jpg
[2008/10/15 17:55:56 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 17:51:08 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 17:50:13 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 17:50:12 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 17:50:11 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 17:50:10 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 17:50:09 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/14 20:56:07 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\David\Desktop\CCleaner.lnk
[2008/10/14 20:56:07 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/10/14 20:49:03 | 02,934,168 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\David\Desktop\ccsetup212.exe
[2008/10/14 20:35:02 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2008/10/13 21:06:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\uTorrent
[2008/10/13 21:05:44 | 00,270,128 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\David\Desktop\utorrent.exe
[2008/10/13 20:56:09 | 00,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2008/10/13 20:55:18 | 00,003,856 | ---- | C] () -- C:\Documents and Settings\David\Desktop\[G-A]_SATELLITE_TV_for_PC_T_2008_ELITE_EDITION_[mininova].torrent
[2008/10/12 16:48:27 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/12 16:48:27 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/10 20:09:19 | 00,197,976 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2008/10/10 20:09:17 | 00,197,976 | ---- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2008/10/10 20:09:12 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons
[2008/10/08 21:32:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/10/08 00:08:11 | 00,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2008/10/07 23:41:33 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\David\My Documents\stinger.opt
[2008/10/07 23:23:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/07 22:57:18 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\David\My Documents\stinger.exe
[2008/10/07 22:52:25 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/10/07 21:53:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/07 20:55:00 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\David\My Documents\spybotsd160.exe
[2008/10/07 20:46:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/07 20:46:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/07 20:46:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/07 20:45:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/07 20:32:43 | 19,153,264 | ---- | C] () -- C:\Documents and Settings\David\My Documents\aaw2008.exe
[2008/10/06 22:55:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\fport
[2008/10/06 22:55:25 | 00,057,843 | ---- | C] () -- C:\Documents and Settings\David\Desktop\fport.zip
[2008/10/06 22:48:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\TcpView
[2008/10/06 22:48:38 | 00,170,702 | ---- | C] () -- C:\Documents and Settings\David\Desktop\TcpView.zip
[2008/10/06 21:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\ProcessExplorer
[2008/10/06 21:17:19 | 01,602,877 | ---- | C] () -- C:\Documents and Settings\David\Desktop\ProcessExplorer.zip
[2008/10/06 21:16:04 | 01,044,574 | ---- | C] (Mister Group ) -- C:\Documents and Settings\David\Desktop\SystemExplorerSetup.exe
[2008/10/05 21:36:25 | 00,018,910 | ---- | C] () -- C:\Documents and Settings\David\My Documents\2nd.3dr
[2008/10/05 21:18:06 | 00,018,910 | ---- | C] () -- C:\Documents and Settings\David\My Documents\stock.3dr
[2008/10/04 21:53:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\TGTC_XP_4.2
[2008/10/04 21:47:55 | 01,977,163 | ---- | C] () -- C:\Documents and Settings\David\My Documents\TGTC_XP_4.2.zip
[2008/10/04 16:29:51 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/10/04 16:27:47 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2625.exe
[2008/10/04 16:27:27 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2560.exe
[2008/10/04 16:27:27 | 00,000,000 | ---D | C] -- C:\ComboFix.exe
[2008/10/04 16:26:38 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2400.exe
[2008/10/04 16:26:10 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2308.exe
[2008/10/04 16:24:40 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2014.exe
[2008/10/04 16:23:25 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF1766.exe
[2008/10/04 16:03:03 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/10/04 14:44:10 | 00,000,210 | ---- | C] () -- C:\Boot.bak
[2008/10/04 14:44:01 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/04 14:43:55 | 00,000,000 | ---D | C] -- C:\cmdcons
[2008/10/04 14:43:05 | 00,000,000 | ---D | C] -- C:\ComboFix.exe1
[2008/10/04 12:43:53 | 00,899,260 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Windows.Genuine.Advantage.Validation.v1.8.31.9.CRACKED.rar
[2008/10/04 12:43:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Windows.Genuine.Advantage.Validation.v1.8.31.9.CRACKED
[2008/10/04 10:45:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/10/04 10:45:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/10/04 10:33:02 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Windows_WGA_Patcher_Permanent_Kit.3557054.TPB.torrent
[2008/10/04 09:37:42 | 00,000,000 | ---D | C] -- C:\ComboFix(2)
[2008/10/04 09:11:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2008/10/02 16:27:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2008/10/02 10:22:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\nf2v116_wxp
[2008/09/30 18:01:29 | 00,000,000 | ---D | C] -- C:\Games
[2008/09/30 00:32:54 | 07,484,924 | ---- | C] () -- C:\Documents and Settings\David\My Documents\document.pdf
[2008/09/29 23:55:47 | 02,487,573 | ---- | C] () -- C:\Documents and Settings\David\My Documents\27pt81s_dfu_aen.pdf
[2008/09/29 23:27:46 | 00,000,000 | ---D | C] -- C:\MECC
[2008/09/29 20:04:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\flt-cnc3
[2008/09/29 01:21:15 | 01,358,624 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\David\My Documents\windows-live-toolbar.exe
[2008/09/29 01:16:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2008/09/29 01:09:01 | 00,000,392 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC810610-E3B9-43C9-9938-4B3F0DE34D6B}.job
[2008/09/29 01:05:06 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2008/09/29 01:05:05 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2008/09/29 00:46:54 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\David\My Documents\IE7-WindowsXP-x86-enu.exe
[2008/09/29 00:28:25 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ieResetIcons.exe
[2008/09/28 22:14:21 | 00,003,876 | ---- | C] () -- C:\Documents and Settings\David\My Documents\flt-cnc3.nfo
[2008/09/28 22:13:39 | 07,843,797 | ---- | C] () -- C:\Documents and Settings\David\My Documents\flt-cnc3-crack.rar
[2008/09/28 22:13:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\flt-cnc3-crack
[2008/09/28 22:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\flt-cnc3-crack
[2008/09/28 17:45:30 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/28 17:45:29 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/28 17:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/25 02:04:19 | 04,267,744 | ---- | C] (Logitech ) -- C:\Documents and Settings\David\My Documents\mw9791enu.exe
[2008/09/25 01:58:36 | 00,016,896 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE32.DLL
[2008/09/25 01:58:36 | 00,003,568 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE16.DLL
[2008/09/25 01:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2008/09/25 01:58:33 | 00,025,505 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHIDFLT2.SYS
[2008/09/25 01:08:10 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2008/09/24 05:42:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/24 05:10:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\New Folder
[2008/09/23 20:07:05 | 00,188,416 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2008/09/23 20:06:53 | 00,143,360 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2008/09/23 20:06:44 | 00,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2008/09/23 20:06:36 | 00,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2008/09/23 19:38:02 | 03,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/09/23 18:22:50 | 00,000,164 | ---- | C] () -- C:\install.dat
[2008/09/21 19:14:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Malwarebytes
[2008/09/21 19:14:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/21 19:12:52 | 02,189,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David\My Documents\mbam-setup.exe
[2008/09/21 10:57:54 | 00,618,040 | ---- | C] (Prevx) -- C:\Documents and Settings\David\My Documents\PREVXCSIFREE.EXE
[2008/09/20 02:26:53 | 00,004,571 | ---- | C] () -- C:\Documents and Settings\David\My Documents\RCMAN.CFG
[2008/09/20 01:27:37 | 00,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2008/09/18 16:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\ProtoWall1.42build5300
[2008/09/18 16:37:23 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin

========== Files - Modified Within 30 Days ==========

[39 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/18 06:40:08 | 00,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC810610-E3B9-43C9-9938-4B3F0DE34D6B}.job
[2008/10/18 06:39:01 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTViewIt.exe
[2008/10/18 06:35:53 | 00,033,800 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/18 06:35:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/18 06:35:04 | 00,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2008/10/18 06:35:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/18 02:27:54 | 00,029,976 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000004-00511102}.rfx
[2008/10/18 02:27:54 | 00,029,976 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-0000000A-00001102-00000004-00511102}.rfx
[2008/10/18 02:27:54 | 00,026,592 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-0000000A-00001102-00000004-00511102}.rfx
[2008/10/18 02:27:54 | 00,026,592 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000004-00511102}.rfx
[2008/10/18 02:27:54 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-0000000A-00001102-00000004-00511102}.rfx
[2008/10/18 02:27:54 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/10/18 02:27:54 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/10/17 18:29:44 | 00,001,683 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Disney's Toontown Online.lnk
[2008/10/17 17:52:10 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\David\Desktop\RSIT.exe
[2008/10/16 21:29:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/15 22:22:00 | 00,001,276 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft FREE trial.lnk
[2008/10/15 22:12:54 | 00,000,845 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/15 19:47:09 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Spybot - Search & Destroy.lnk
[2008/10/15 18:45:58 | 00,105,254 | ---- | M] () -- C:\Documents and Settings\David\Desktop\1224117915val_garden.jpg
[2008/10/15 18:06:16 | 00,001,167 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/15 18:01:50 | 01,450,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 17:56:53 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 09:40:19 | 00,196,608 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/15 01:29:58 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/10/14 20:56:07 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\David\Desktop\CCleaner.lnk
[2008/10/14 20:49:07 | 02,934,168 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\David\Desktop\ccsetup212.exe
[2008/10/13 21:05:48 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\David\Desktop\utorrent.exe
[2008/10/13 20:55:21 | 00,003,856 | ---- | M] () -- C:\Documents and Settings\David\Desktop\[G-A]_SATELLITE_TV_for_PC_T_2008_ELITE_EDITION_[mininova].torrent
[2008/10/12 20:08:56 | 03,292,402 | -H-- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\IconCache.db
[2008/10/12 16:48:27 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/12 16:48:27 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/10 20:09:19 | 00,197,976 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2008/10/10 20:09:17 | 00,197,976 | ---- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2008/10/08 21:01:21 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\David\My Documents\stinger.opt
[2008/10/07 22:57:23 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\David\My Documents\stinger.exe
[2008/10/07 22:11:03 | 00,265,205 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/07 20:55:00 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\David\My Documents\spybotsd160.exe
[2008/10/07 20:46:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/07 20:46:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/07 20:32:43 | 19,153,264 | ---- | M] () -- C:\Documents and Settings\David\My Documents\aaw2008.exe
[2008/10/07 13:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/07 04:04:11 | 00,555,034 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/07 04:04:11 | 00,465,932 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/07 04:04:11 | 00,078,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/06 22:55:27 | 00,057,843 | ---- | M] () -- C:\Documents and Settings\David\Desktop\fport.zip
[2008/10/06 22:48:39 | 00,170,702 | ---- | M] () -- C:\Documents and Settings\David\Desktop\TcpView.zip
[2008/10/06 21:59:28 | 00,034,280 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/06 21:17:23 | 01,602,877 | ---- | M] () -- C:\Documents and Settings\David\Desktop\ProcessExplorer.zip
[2008/10/06 21:16:15 | 01,044,574 | ---- | M] (Mister Group ) -- C:\Documents and Settings\David\Desktop\SystemExplorerSetup.exe
[2008/10/05 21:44:50 | 00,189,553 | ---- | M] () -- C:\Documents and Settings\David\My Documents\startuplist.zip
[2008/10/05 21:44:18 | 00,774,703 | ---- | M] () -- C:\Documents and Settings\David\My Documents\ch editor and lists.zip
[2008/10/05 21:43:29 | 00,632,542 | ---- | M] () -- C:\Documents and Settings\David\My Documents\PowerStrip_v3.50_build_451_Crack_by_TSRH.zip
[2008/10/05 21:43:19 | 00,808,684 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Blacklist_API240_package.zip
[2008/10/05 21:36:27 | 00,018,910 | ---- | M] () -- C:\Documents and Settings\David\My Documents\2nd.3dr
[2008/10/05 21:18:08 | 00,018,910 | ---- | M] () -- C:\Documents and Settings\David\My Documents\stock.3dr
[2008/10/04 21:48:02 | 01,977,163 | ---- | M] () -- C:\Documents and Settings\David\My Documents\TGTC_XP_4.2.zip
[2008/10/04 16:27:44 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2625.exe
[2008/10/04 16:27:23 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2560.exe
[2008/10/04 16:26:35 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2400.exe
[2008/10/04 16:26:06 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2308.exe
[2008/10/04 16:24:37 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2014.exe
[2008/10/04 16:23:21 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF1766.exe
[2008/10/04 14:50:42 | 00,000,220 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/04 14:50:26 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081007-221103.backup
[2008/10/04 14:44:10 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/10/04 11:28:04 | 00,899,260 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Windows.Genuine.Advantage.Validation.v1.8.31.9.CRACKED.rar
[2008/10/04 10:33:02 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Windows_WGA_Patcher_Permanent_Kit.3557054.TPB.torrent
[2008/10/04 09:21:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts1.bak
[2008/10/03 11:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 11:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/02 18:43:06 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/10/02 15:41:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/01 20:37:23 | 00,005,110 | ---- | M] () -- C:\WINDOWS\7thlevel.ini
[2008/10/01 01:00:40 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/09/30 19:01:02 | 00,000,120 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2008/09/30 00:33:33 | 07,484,924 | ---- | M] () -- C:\Documents and Settings\David\My Documents\document.pdf
[2008/09/29 23:55:47 | 02,487,573 | ---- | M] () -- C:\Documents and Settings\David\My Documents\27pt81s_dfu_aen.pdf
[2008/09/29 01:21:22 | 01,358,624 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David\My Documents\windows-live-toolbar.exe
[2008/09/29 01:08:59 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\David\My Documents\desktop.ini
[2008/09/29 00:47:12 | 15,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David\My Documents\IE7-WindowsXP-x86-enu.exe
[2008/09/25 01:58:08 | 04,267,744 | ---- | M] (Logitech ) -- C:\Documents and Settings\David\My Documents\mw9791enu.exe
[2008/09/23 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/09/23 20:07:05 | 00,188,416 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2008/09/23 20:06:53 | 00,143,360 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2008/09/23 20:06:44 | 00,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2008/09/23 20:06:36 | 00,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2008/09/23 19:38:02 | 03,107,788 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/09/23 18:22:51 | 00,000,164 | ---- | M] () -- C:\install.dat
[2008/09/21 19:12:55 | 02,189,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David\My Documents\mbam-setup.exe
[2008/09/21 10:58:12 | 00,618,040 | ---- | M] (Prevx) -- C:\Documents and Settings\David\My Documents\PREVXCSIFREE.EXE
[2008/09/20 16:49:51 | 00,004,571 | ---- | M] () -- C:\Documents and Settings\David\My Documents\RCMAN.CFG
[2008/09/20 16:48:24 | 03,162,278 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-0000000A-00001102-00000004-00511102}.CDF
[2008/09/18 16:37:23 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
< End of report >
No
Now Extra.txt

OTViewIt Extras logfile created on: 10/18/2008 6:41:45 AM - Run
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 603.33 Mb Available Physical Memory | 58.95% Memory free
2.41 Gb Paging File | 2.03 Gb Available in Paging File | 84.19% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.54 Gb Total Space | 25.79 Gb Free Space | 34.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.04 Gb Total Space | 49.37 Gb Free Space | 33.13% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID-999KME91K
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2006/10/11 02:04:59 | 07,604,331 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
[2008/04/13 18:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console
[2005/10/31 09:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
File not found Reg Error: Value does not exist or could not be read. (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}"=MSN Encarta Plus Support Files
"{02034A48-25C6-4BB4-8186-54917E5D49DA}"=SpongeBob SquarePants - Lights, Camera, Pants!
"{02EBDBB9-4600-41D3-B566-40CB861511D2}"=World of Warcraft FREE Trial
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0FDF5371-C060-4766-9969-DA63E185BCF7}"=Minigolf Wild West
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}"=FW LiveUpdate
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}"=HP Driver Diagnostics
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{22DE01B8-1DB3-4204-A5BE-80B2A6D894A0}"=SpongeBob SquarePants - Battle for Bikini Bottom
"{22F358CE-610B-A033-0D36-4FADA6E8F67A}"=Skins
"{2405665A-16C9-4D3A-B70E-F006220E1472}"=Overland
"{255F566C-3F57-15AD-2CA5-E7EA41F9904F}"=Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{28142407-ACAD-4ECD-A6B6-9FA8471F6062}"=Scarface: The World is Yours
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{30BA35E4-2B14-440B-9C1C-FDAAAD1C4D6D}"=Bratz - 4 Real
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}"=HP Photosmart, Officejet and Deskjet 7.0.A
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
"{3E908702-AF35-4611-9518-955DA24B7E07}"=Microsoft XML Parser and SDK
"{4287A29F-EA4C-24E4-4AAE-3E6CDC9C965A}"=CCC Help English
"{4F1CECBC-670F-4daa-81D6-944B12450917}"=DIGReqEx
"{4FEEDAA3-0D0C-7584-63F2-0F216D3426C9}"=ccc-core-preinstall
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}"=MSSoap
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}"=Apple Software Update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{56C632F1-E684-4033-8390-1C39A1719B01}"=Pajama Sam Life is Rough When You Lose Your Stuff
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=Logitech MouseWare 9.79.1
"{5C2F32AB-4D59-48AF-9AB1-1684FCC427C5}"=Lets Ride Silver Buckle Stables
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}"=Adobe ExtendScript Toolkit 2
"{7BFDB82D-ABF2-410F-96C7-0E8BAB3A797E}"=My Little Pony
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{80AE66E6-E9FA-0CAC-C9F1-4E5A144886F0}"=Catalyst Control Center Graphics Full New
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112115137}"=Mission Paintball Powered Up
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112125267}"=Timmy Roach Rampage
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113457170}"=Littlest Pet Shop My Teeniest Town
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}"=DocProc
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}"=Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8D6EC7D6-E71D-8743-1396-591F4195F347}"=Catalyst Control Center Graphics Light
"{8E57D2C6-C0A7-11D6-93E6-0050224003EF}"=Nickelodeon™ Party Blast
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}"=ccc-core-static
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word Viewer 2003
"{92B94569-6683-4617-8C54-EB27A1B51B30}"=GTAIII
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C92937F-7E79-4A32-AB80-BD7637146308}"=BRATZ - Rock Angelz
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9D3DCE45-E419-4DC6-B9A6-C6A37335DAE8}"=Barbie™ Diaries High School Mystery
"{9E38979C-FA65-476D-80C7-72F4EADE726C}"=Nancy Drew: The Curse of Blackmoor Manor
"{9F7FC79B-3059-4264-9450-39EB368E3220}"=Microsoft Picture It! Library 9
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A34CCD1C-7738-47B9-863D-8E0C478FB8F7}"=Dora the Explorer: Animal Adventures
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{AD298C10-EED0-4075-A9F1-4C8C93ACBD08}"=Dora Fairytale Adventure
"{B38C3184-F573-CDC2-9452-FA9C576AB010}"=ccc-utility
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4CF72FF-4A3F-44A7-BFF2-31A8E1CC70B6}"=Application Compatibility Toolkit
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B94C6815-7BCC-4124-AC39-9208A06FFFA7}"=Disney-Pixar Ratatouille
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C3AC8DD1-A754-46D6-A777-6155D627D196}"=My Fantasy Wedding
"{C769B501-2BE8-46ed-9E69-118F008A0917}"=DIGOpt
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2353A80-C650-4B5E-BA05-E5828730E623}"=Shrek 2 Activity Center
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}"=RssReader
"{DB4C031D-B2F8-47F1-A274-59A8F3B61033}"=Nero 7 Ultra Edition
"{DB6901C6-E8B7-F5F0-F0C6-9028AFCD5A74}"=Catalyst Control Center Graphics Previews Common
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}"=Microsoft Picture It! Express 9
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E068CD0F-E631-17E7-9A01-05C2B2B54C84}"=Catalyst Control Center Core Implementation
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{F1595B36-1AC3-4909-92CD-9571E2DA2629}"=Paws and Claws Pet Vet
"{F3760724-B29D-465B-BC53-E5D72095BCC4}"=Scan
"{F91E1833-2D7C-4725-B98A-C779FEC41946}"=EarthLink MDAC
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"{FC98FBE9-E931-494C-8717-497185371033}"=Nero 7 Ultra Edition
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
"{FF35F637-72B9-43BE-A281-06EB2854393A}"=3DMark03
"ActiveXControlPad"=Microsoft ActiveX Control Pad
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
"All ATI Software"=ATI - Software Uninstall Utility
"ArcadeAmerica"=Arcade America
"ASUS Features"=ASUS Features
"ASUS Probe V2.18.04"=ASUS Probe V2.18.04
"AsusUpdate"=AsusUpdate
"ATI Display Driver"=ATI Display Driver
"audcle"=Plus! MP3 Audio Converter LE
"Backyardigans Mission to Mars_is1"=Backyardigans Mission to Mars
"Barbie Magic Hair Styler"=Barbie Magic Hair Styler
"Barbie® Digital Makeover™"=Barbie® Digital Makeover™
"Blues Room"=Blues Room (remove only)
"Bratz Babyz"=Bratz Babyz
"Bubblefish Bob"=Bubblefish Bob (remove only)
"Caillou® Magic Playhouse™"=Caillou® Magic Playhouse™
"Call of Duty Game of the Year Edition"=Call of Duty Game of the Year Edition
"CareBearsDKey"=CareBears
"Catz"=Catz (remove only)
"CCleaner"=CCleaner (remove only)
"ComcastToolbar"=Comcast Toolbar
"DECCHECK"=Microsoft Windows XP Video Decoder Checkup Utility
"Diegos Rescue Adventure"=Diegos Rescue Adventure (remove only)
"Disney's Toontown Online"=Disney's Toontown Online
"Dogz"=Dogz (remove only)
"Dollhouse"=Cinderella's Dollhouse
"Dora the Explorer 3D Pyramid Adventure"=Dora the Explorer 3D Pyramid Adventure (remove only)
"Doras 3D Soccer"=Doras 3D Soccer (remove only)
"DRM7Tool"=Personal License Update Wizard for Windows Media Player
"drmtool.inf"=Personal License Update Wizard for Windows Media Player
"DVD X Rescue"=DVD X Rescue
"DVDXCopyPlatinum"=DVD X Copy Platinum 4.0.3
"Fairly Odd Parents Information Stupor Highway"=Fairly Odd Parents Information Stupor Highway (remove only)
"Fetch"=Fetch
"GameSpotDownloadManager"=GameSpot Download Manager
"Google Updater"=Google Updater
"HDTVPump"=DVBPortal HDTVPump Filter and Plugin
"Hey Arnold Runaway Bus 3D Game"=Hey Arnold Runaway Bus 3D Game (remove only)
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{0FDF5371-C060-4766-9969-DA63E185BCF7}"=Minigolf Wild West
"InstallShield_{28142407-ACAD-4ECD-A6B6-9FA8471F6062}"=Scarface: The World is Yours
"InstallShield_{56C632F1-E684-4033-8390-1C39A1719B01}"=Pajama Sam Life is Rough When You Lose Your Stuff
"Jimmy Neutron Invention Revenge"=Jimmy Neutron Invention Revenge (remove only)
"JungleGames"=Jungle Games
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"La Casa De Dora"=La Casa De Dora (remove only)
"Little Bear Rainy Day Activities"=Little Bear Rainy Day Activities
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"McDonald's Dragons "=McDonald's Dragons
"McDonald's Fairies "=McDonald's Fairies
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"mIRC"=mIRC
"Miss Spider"=Miss Spider
"mmmusic"=Movie Maker Background Music Files
"mmsounds"=Movie Maker Sound Effects
"mmtitle"=Movie Maker Title Images
"Mozilla Firefox (2.0)"=Mozilla Firefox (2.0)
"mplibwiz.inf"=Media Library Management Wizard
"mpxlswiz.inf"=Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf"=Windows Media Player Tray Control
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"My Disney Kitchen"=My Disney Kitchen
"My Scene™ CD-ROM"=My Scene™ CD-ROM
"NetJet"=NetJet 2.0
"Nick Blockade"=Nick Blockade (remove only)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"NVIDIAnForce"=NVIDIA Windows 2000/XP nForce Drivers
"PictureIt_POD_v9"=Microsoft Picture It! Library 9
"PictureIt_v9"=Microsoft Picture It! Express 9
"Playhouse Disney's Rolie Polie Olie"=Playhouse Disney Rolie Polie Olie
"PokerRoom.com"=PokerRoom.com (remove only)
"PRSCHOOL_1.4"=JumpStart PreSchool v1.4
"QuickTime"=QuickTime
"RegCure"=RegCure 1.4.0.4
"RRTW32.EXE"=Reader Rabbit's Toddler
"SpellForce"=SpellForce
"SpongeBob pinball"=SpongeBob pinball
"SpongeBob SquarePants Employee of the Month"=SpongeBob SquarePants Employee of the Month
"SpongeBob SquarePants Jellyfish Shuffleboard"=SpongeBob SquarePants Jellyfish Shuffleboard (remove only)
"SpongeBob SquarePants Movie 3D Game"=SpongeBob SquarePants Movie 3D Game (remove only)
"SpongeBob SquarePants Obstacle Odyssey"=SpongeBob SquarePants Obstacle Odyssey (remove only)
"SSUtils"=NVIDIA nForce Utilities
"Strawberry Shortcake - Amazing Cookie Party"=Strawberry Shortcake - Amazing Cookie Party
"StreetPlugin"=Learn2 Player (Uninstall Only)
"Tarzan"=Tarzan
"Tigger Too"=Disney's Tigger Too
"Tweak UI 2.10"=Tweak UI
"wa2wmp"=Windows Media Player Skin Importer
"WIC"=Windows Imaging Component
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WMV9_VCM"=Microsoft Windows Media Video 9 VCM
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2008 2:51:31 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 2:51:31 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 3:48:32 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 3:48:32 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 8:35:16 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 8:35:16 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 8:35:16 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 8:35:16 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 8:35:43 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 10/18/2008 8:35:46 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

[ System Events ]
Error - 10/18/2008 8:35:44 AM | Computer Name = DAVID-999KME91K | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 10/18/2008 8:35:47 AM | Computer Name = DAVID-999KME91K | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 10/18/2008 8:35:52 AM | Computer Name = DAVID-999KME91K | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%0

Error - 10/18/2008 8:36:42 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Access Limits security descriptor is
invalid. The security descriptor is defined as an invalid Security Descriptor Definitions
Language (SDDL) string. The requested action was therefore not performed. Please
contact your administrator to get the security descriptor corrected in the Group
Policy settings.

Error - 10/18/2008 8:36:42 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Access Limits security descriptor is
invalid. The security descriptor is defined as an invalid Security Descriptor Definitions
Language (SDDL) string. The requested action was therefore not performed. Please
contact your administrator to get the security descriptor corrected in the Group
Policy settings.

Error - 10/18/2008 8:36:42 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.

Error - 10/18/2008 8:38:03 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Access Limits security descriptor is
invalid. The security descriptor is defined as an invalid Security Descriptor Definitions
Language (SDDL) string. The requested action was therefore not performed. Please
contact your administrator to get the security descriptor corrected in the Group
Policy settings.

Error - 10/18/2008 8:38:03 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.

Error - 10/18/2008 8:38:43 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Access Limits security descriptor is
invalid. The security descriptor is defined as an invalid Security Descriptor Definitions
Language (SDDL) string. The requested action was therefore not performed. Please
contact your administrator to get the security descriptor corrected in the Group
Policy settings.

Error - 10/18/2008 8:38:43 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.


< End of report >

now hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:52 AM, on 10/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] "C:\WINDOWS\system32\sstray.exe" /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.al7bar.tk
O15 - Trusted Zone: http://www.casinoroom.com
O15 - Trusted Zone: http://pvx-pv.ibroadcast.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.nintendo.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pokerroom.com
O15 - Trusted Zone: http://www.webkinz.com
O15 - Trusted Zone: *.windowsonecare.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202792004281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204255920000
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...0/installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10216 bytes

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:30 AM

Posted 18 October 2008 - 12:20 PM

Hi ubaman,


I notice there is sign of one P2P (Person to Person) File Sharing Programs on your computer. Even if you are using a "safe" P2P program, it is only the program that is safe.
You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. Even you have PeerGuardian2 to safeguard your privacy on P2P.
You are well advised to remove it via Control Panel > Add/Remove Programs or delete the file on your desktop listed below.

C:\Documents and Settings\David\Desktop\utorrent.exe

I also notice you have used some paticular programs to crack Windows Genuine Advantage Validation and Command And Conquer 3 Tiberium Wars. It's really not a good idea though.
The crack thingy was proved to be bundled with some malware and virus executable files to get your machine infected. The Bleeping Forum policy indicated we will not be able to assist someone with whom has crack programs until the crack files were deleted. Please kindly deleted those files in the following. Thanks.

C:\Documents and Settings\David\My Documents\Windows.Genuine.Advantage.Validation.v1.8.31.9.CRACKED.rar
C:\Documents and Settings\David\My Documents\flt-cnc3-crack.rar
C:\Documents and Settings\David\My Documents\flt-cnc3-crack
C:\Documents and Settings\David\Desktop\flt-cnc3-crack


In the meantime, You have nortorn antivirus leftovers. Download and save Norton Removal Tool to your desktop. Run it to remove Norton. Please restart your computer. After that, please do in the following:


Step1

Please go toJotti's Scan or Virus Total for scanning some suspicious files.
Copy /paste the below files path into the text box next to the Browse button at the top of the page

C:\WINDOWS\System32\CF2625.exe
C:\WINDOWS\System32\CF2560.exe
C:\WINDOWS\System32\CF2400.exe
C:\WINDOWS\System32\CF2308.exe
C:\WINDOWS\System32\CF2014.exe
C:\WINDOWS\System32\CF1766.exe

Click the Submit or Send File button and copy "Scanner results", and paste the contents into your next reply.


Step2

Please disable Spybot S&Dís protection,or it will interfere.

You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


Step3

Please download Deldomains.
  • Save it to your desktop.
  • Right-click DelDomains.inf and select: Install (no need to restart)
  • You may not see any noticeable changes or prompts; this is normal.
Note: The DelDomains.inf file will remove ALL entries in the Trusted, Restricted, and Enhanced Security Configuration Zones. Any entries that you had will need to be entered again. You will have to reimmunize with SpywareBlaster, and/or Spybot after doing this, and reinstall IESpyads if you use any of these programs.


Step4


Download to the desktop: Dr.Web CureIt

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Posted Image
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Step5

Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

Please go to C:\WINDOWS\system32\Microsoft and check if there are backup.ftp and backup.tftp in there. Please specify that info in your next reply. Thanks



Please post back the logs in your next reply

1.OTViewIt.Txt and Extras.txt
2.DrWeb.csv

Tell me how things are running now.

#7 ubaman

ubaman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 18 October 2008 - 10:29 PM

Ok once again Thank You very much.Did not have time to tell if computer is running better.When I uploaded cut and paste like you said.It looked like it was only checking the first entry so I ran it 4 times with differnt results each time .
JOTTI 1:


Scan taken on 18 Oct 2008 18:59:19 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by HotelScraper.com.
--------------------------------------------------------------------------------


Statistics
Last file scanned at least one scanner reported something about: SCONSS11.scheisse (MD5: c7339a7eb2da719f15125e805371bbe6, size: 74219 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Dldr.Zlob.Gen
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus Trojan-Dropper:W32/Agent.FDA
G DATA X
Ikarus X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 Win32.Trojan-Downloader


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Last file scanned at least one scanner reported something about: SCONSS11.scheisse (MD5: c7339a7eb2da719f15125e805371bbe6, size: 74219 bytes), detected by:




JOTTI2:
Scanner results
Scan taken on 18 Oct 2008 19:14:45 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by HotelScraper.com.
--------------------------------------------------------------------------------


Statistics
Last file scanned at least one scanner reported something about: ZoneAlarm.Pro.8.0.keygen-SND.zip (MD5: e314f9c6d1ae93b58713e1cf97253b87, size: 230936 bytes), detected by:

Scanner Malware name
A-Squared Virus.Win32.Neptunia.AFA!IK
AntiVir X
ArcaVir X
Avast Win32:Neptunia-AFA
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure Generic.W32
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
G DATA X
Ikarus Virus.Win32.Neptunia.AFA
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control W32/Packed_FSG.D
Panda Antivirus X
Sophos Antivirus Mal/Packer
VirusBuster X
VBA32 X


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.





Frequently asked questions - Feedback - Privacy policy



Page generated by JTPL

© 2004-2008 Jotti <jotti@jotti.org>


JOTTI 3:

Scanner results
Scan taken on 18 Oct 2008 19:19:18 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by HotelScraper.com.
--------------------------------------------------------------------------------


Statistics
Last file scanned at least one scanner reported something about: Server.exe (MD5: bb6deb2429199cfdae65e89b9e95d022, size: 32701 bytes), detected by:

Scanner Malware name
A-Squared Virus.Win32.Bifrose.DRT!IK
AntiVir BDS/Bifrose.ZXE
ArcaVir Trojan.Downloader.Small.Eo
Avast Win32:Bifrose-DRT
AVG Antivirus BackDoor.Bifrose.DJ
BitDefender Backdoor.Generic.96815
ClamAV Trojan.Agent-49896
CPsecure Troj.W32.Midgare.gra
Dr.Web Trojan.Inject.3851
F-Prot Antivirus W32/Backdoor2.CTZF
F-Secure Anti-Virus X
G DATA X
Ikarus Virus.Win32.Bifrose.DRT
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control W32/Smalldoor.CMJO
Panda Antivirus Bck/Bifrose.BFX
Sophos Antivirus Mal/EncPk-FH
VirusBuster X
VBA32 Backdoor.Win32.Bifrose.abjq


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.





Frequently asked questions - Feedback - Privacy policy



Page generated by JTPL

JOTTI 4:

Scan taken on 18 Oct 2008 19:23:27 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by

Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by HotelScraper.com.
--------------------------------------------------------------------------------


Statistics
Last file scanned at least one scanner reported something about: 4306.doc_.exe (MD5: ab712491064753cd9f94c309002a6225, size: 155903 bytes), detected by:

Scanner Malware name
A-Squared Worm.Win32.Mabezat.b!IK
AntiVir WORM/Mabezat.C
ArcaVir Heur.W32
Avast Win32:Mabezat
AVG Antivirus Win32/Mabezat.C
BitDefender Win32.Worm.Mabezat.J
ClamAV W32.Mabezat-2
CPsecure W32.W.Mabezat.B
Dr.Web Win32.HLLW.Tazebama
F-Prot Antivirus W32/Mabezat.A
F-Secure Anti-Virus Worm.Win32.Mabezat.b
G DATA Win32.Worm.Mabezat.J
Ikarus Worm.Win32.Mabezat.b
Kaspersky Anti-Virus Worm.Win32.Mabezat.b
NOD32 Win32/Mabezat.A
Norman Virus Control Mabezat.B
Panda Antivirus W32/Mabezat.C.worm
Sophos Antivirus W32/Mabezat-B
VirusBuster Worm.Mabezat.A
VBA32 X


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.





Frequently asked questions - Feedback - Privacy policy

OTViewit.txt:

OTViewIt logfile created on: 10/18/2008 6:41:45 AM - Run
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 603.33 Mb Available Physical Memory | 58.95% Memory free
2.41 Gb Paging File | 2.03 Gb Available in Paging File | 84.19% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.54 Gb Total Space | 25.79 Gb Free Space | 34.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.04 Gb Total Space | 49.37 Gb Free Space | 33.13% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID-999KME91K
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/23 20:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/09/23 20:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/07 20:47:09 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/05/01 00:26:29 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2007/05/28 10:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
[2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/05/01 00:26:29 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2005/07/10 07:53:32 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2007/06/27 19:03:40 | 00,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2004/01/08 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
[2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
[2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2007/06/27 19:04:00 | 01,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
[2008/04/13 18:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/10/18 06:39:01 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/07 20:47:09 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
File not found -- -- (AOLService [Disabled | Stopped])
[2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/09/23 20:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/09/23 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
File not found -- -- (Automatic LiveUpdate Scheduler [On_Demand | Stopped])
[2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (EPSONStatusAgent2 [Disabled | Stopped])
[2008/02/07 22:35:48 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/10/09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/05/24 21:46:14 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/05/20 11:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
[2004/10/16 06:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
[2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/05/01 00:26:29 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 15:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2007/06/29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2007/10/11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [On_Demand | Stopped])
[2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/03/03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
[2008/02/17 17:56:30 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
[2007/05/28 10:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
File not found -- -- (SysEnforce [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/13 12:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[1997/04/22 11:16:00 | 00,006,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75 [Auto | Running])
[2008/09/23 21:09:07 | 03,331,072 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/05/30 16:58:52 | 00,028,160 | ---- | M] (W1zzard) -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool [System | Stopped])
[2003/10/28 16:17:52 | 00,005,273 | ---- | M] (Arrowkey) -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC [Auto | Running])
[2006/08/11 15:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2006/08/11 15:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2005/11/10 18:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2006/08/11 15:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2006/08/11 15:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2002/08/13 21:27:22 | 00,074,338 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90Xbc [On_Demand | Running])
[2006/08/11 15:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2007/09/07 14:55:04 | 00,027,672 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH [On_Demand | Stopped])
[2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2005/10/19 20:03:28 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [On_Demand | Stopped])
[2006/08/11 15:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2006/08/11 15:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Stopped])
[2006/08/11 15:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k [On_Demand | Stopped])
[2001/08/17 13:28:02 | 00,907,456 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT [On_Demand | Stopped])
[2007/01/19 12:46:10 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])
[2007/01/19 12:46:10 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
[2007/01/19 12:46:12 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])
[2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2003/12/17 09:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])
[2003/12/17 10:50:00 | 00,037,887 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb [On_Demand | Stopped])
[2003/12/17 09:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
[2007/05/05 21:11:35 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Stopped])
[2001/08/23 12:00:00 | 00,009,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntapm.sys -- (NtApm [On_Demand | Stopped])
[2004/06/03 10:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2002/12/05 12:01:00 | 00,013,056 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Stopped])
[2004/01/29 01:45:50 | 00,093,764 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET [On_Demand | Running])
[2002/12/05 12:01:00 | 00,241,664 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Stopped])
[2005/12/01 02:35:00 | 00,003,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\NVStrap.sys -- (NVStrap [Boot | Stopped])
[2002/09/06 11:24:00 | 00,013,568 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [Boot | Running])
[2006/08/11 15:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2007/01/06 09:12:34 | 00,034,528 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
[2003/03/21 13:34:08 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Stopped])
[2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/08/19 04:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2007/08/29 03:04:04 | 00,116,264 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r [Boot | Running])
[2007/08/29 03:04:04 | 00,019,240 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter [Boot | Running])
[2008/01/24 20:09:44 | 00,715,248 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2006/11/10 07:08:50 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\drivers\SysTool.sys -- (SysTool [System | Stopped])
[2006/11/11 14:26:19 | 00,076,560 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/04/13 12:56:01 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2006/11/05 10:49:44 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2008/04/13 12:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
[2002/09/09 11:04:36 | 00,007,312 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\system32\drivers\WBHWDOCT.sys -- (WBHWDOCT [On_Demand | Stopped])
[2001/08/23 12:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://www.google.com/
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
""=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://www.comcast.net/toolbar2.0/search/

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\w]
""=http://windowsisearch.com/search?q=%s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://www.google.com/
"Start Page"=http://www6.comcast.net/a/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://www.google.com/
"Start Page"=http://www6.comcast.net/a/

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (265205 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9212 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D7F30B62-8269-41AF-9539-B2697FA7D77E}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" (HKLM) -- C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D7F30B62-8269-41AF-9539-B2697FA7D77E}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" (HP)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"Logitech Utility"=Logi_MwX.Exe (Logitech Inc.)
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
"nForce Tray Options"="C:\WINDOWS\system32\sstray.exe" /r (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (Creative Technology Ltd)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (Creative Technology Ltd)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk =

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoSplash"=0

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"Connwiz Admin Lock"=0
"Colors"=0

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\policies\microsoft\internet explorer\Control Panel]
"Connwiz Admin Lock"=0
"Colors"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
""=
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
Refresh Pa&ge with Full Quality: Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found
Refresh Pa&ge with Full Quality: Reg Error: Value does not exist or could not be read. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
al7bar.tk\www: http in My Computer
aol.com\objects: * is out of zone range (0)
casinoroom.com\www: http in My Computer
comcast.net\sso: https in My Computer
ibroadcast.com\pvx-pv: http in My Computer
internet: about in Trusted sites
mcafee.com: http in Trusted sites
mcafee.com: https in Trusted sites
nintendo.com\www: http in My Computer
pandasoftware.com\www: http in My Computer
pokerroom.com\www: http in My Computer
webkinz.com\www: http in My Computer
windowsonecare.com: * in Trusted sites
100 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
91 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
91 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
5 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2052111302-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
al7bar.tk\www: http in My Computer
aol.com\objects: * is out of zone range (0)
casinoroom.com\www: http in My Computer
comcast.net\sso: https in My Computer
ibroadcast.com\pvx-pv: http in My Computer
internet: about in Trusted sites
mcafee.com: http in Trusted sites
mcafee.com: https in Trusted sites
nintendo.com\www: http in My Computer
pandasoftware.com\www: http in My Computer
pokerroom.com\www: http in My Computer
webkinz.com\www: http in My Computer
windowsonecare.com: * in Trusted sites
100 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01012101-5E80-11D8-9E86-0007E96C65AE}: http://www.comcastsupport.com/oneclickfix/tgctlsr.cab -- SupportSoft Script Runner Class
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{54BE6B6F-3056-470B-97E1-BB92E051B6C4}: http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab -- DeviceEnum Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1202792004281 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1204255920000 -- MUWebControl Class
{74DBCB52-F298-4110-951D-AD2FF67BC8AB}: http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab -- NVIDIA Smart Scan
{77E32299-629F-43C6-AB77-6A1E6D7663F6}: http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09}: https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx -- Get_ActiveX Control
{C02226EB-A5D7-4B1F-BD7E-635E46C2288D}: http://a.download.toontown.com/sv1.0.31.5/ttinst.cab -- Toontown Installer ActiveX Control
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}: http://a532.g.akamai.net/f/532/6712/5m/vir...0/installer.exe -- Virtools WebPlayer Class
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}: http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe -- Virtools WebPlayer Class

========== (O17) DNS Name Servers ==========

{2535F2D1-474E-417F-B919-FAB3B61E0EF4} (Servers: | Description: 1394 Net Adapter)
{292A6C05-3128-4711-ADB9-258955DCD313} (Servers: | Description: 3Com 3C920B-EMB Integrated Fast Ethernet Controller)
{5F81FBBE-3944-4F58-9CA2-2512A76683C5} (Servers: | Description: 1394 Net Adapter)
{7DCBD929-0EC1-4FAC-A6D9-2160A82D18AF} (Servers: | Description: )
{A626F7B5-FC1D-4CE6-B818-E396850476E6} (Servers: | Description: )
{D2343096-E3EE-441E-BCA8-FBE1B3A8A4F3} (Servers: | Description: )
{FEEFF1B6-ABB4-40D6-B188-2E0B2CCD74AB} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/05/25 22:24:13 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autoexec.nt.txt [@echo off | lh %SYSTEMROOT%\system32\mscdexnt.exe | lh %SYSTEMROOT%\system32\redir | lh %SYSTEMROOT%\system32\dosx | SET BLASTER=A220 I5 D1 P330 T3 | ]
[2004/12/29 11:47:11 | 00,000,159 | ---- | M] () -- C:\Autoexec.nt.txt -- [ NTFS ]

AUTOEXEC.BAT []
[2007/01/26 11:57:27 | 00,000,000 | ---- | M] () -- G:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e3c9f24-9c65-11dc-be73-00265410348e}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e3c9f24-9c65-11dc-be73-00265410348e}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d25aa4a-f56b-11da-9a42-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d25aa4a-f56b-11da-9a42-806d6172696f}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76b708f2-9da2-11db-89ff-da06da7f5b75}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76b708f2-9da2-11db-89ff-da06da7f5b75}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a966e827-a996-11db-afee-f3c8db749974}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a966e827-a996-11db-afee-f3c8db749974}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeba30ff-d3fc-11db-87f0-806d6172696f}\Shell\play\Command]
""=C:\Program Files\Windows Media Player\wmplayer.exe -- [2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa673a1e-ab08-11db-ab3b-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa673a1e-ab08-11db-ab3b-806d6172696f}\Shell\AutoRun]
""=Auto&Play

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/10/18 06:38:57 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTViewIt.exe
[2008/10/17 17:49:46 | 00,000,000 | ---D | C] -- C:\rsit
[2008/10/17 17:49:09 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\David\Desktop\RSIT.exe
[2008/10/16 20:13:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\David\My Documents\AudioDrv
[2008/10/16 20:13:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\David\My Documents\AudioUtl
[2008/10/15 22:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/10/15 22:22:00 | 00,001,276 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft FREE trial.lnk
[2008/10/15 22:21:41 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2008/10/15 22:19:57 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/10/15 19:37:26 | 00,000,963 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Spybot - Search & Destroy.lnk
[2008/10/15 18:45:57 | 00,105,254 | ---- | C] () -- C:\Documents and Settings\David\Desktop\1224117915val_garden.jpg
[2008/10/15 17:55:56 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 17:51:08 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 17:50:13 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 17:50:12 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 17:50:11 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 17:50:10 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 17:50:09 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/14 20:56:07 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\David\Desktop\CCleaner.lnk
[2008/10/14 20:56:07 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/10/14 20:49:03 | 02,934,168 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\David\Desktop\ccsetup212.exe
[2008/10/14 20:35:02 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2008/10/13 21:06:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\uTorrent
[2008/10/13 21:05:44 | 00,270,128 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\David\Desktop\utorrent.exe
[2008/10/13 20:56:09 | 00,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2008/10/13 20:55:18 | 00,003,856 | ---- | C] () -- C:\Documents and Settings\David\Desktop\[G-A]_SATELLITE_TV_for_PC_T_2008_ELITE_EDITION_[mininova].torrent
[2008/10/12 16:48:27 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/12 16:48:27 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/10 20:09:19 | 00,197,976 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2008/10/10 20:09:17 | 00,197,976 | ---- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2008/10/10 20:09:12 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons
[2008/10/08 21:32:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/10/08 00:08:11 | 00,000,000 | ---D | C] -- C:\Program Files\ieSpell
[2008/10/07 23:41:33 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\David\My Documents\stinger.opt
[2008/10/07 23:23:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/07 22:57:18 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\David\My Documents\stinger.exe
[2008/10/07 22:52:25 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/10/07 21:53:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/07 20:55:00 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\David\My Documents\spybotsd160.exe
[2008/10/07 20:46:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/07 20:46:39 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/07 20:46:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/07 20:45:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/07 20:32:43 | 19,153,264 | ---- | C] () -- C:\Documents and Settings\David\My Documents\aaw2008.exe
[2008/10/06 22:55:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\fport
[2008/10/06 22:55:25 | 00,057,843 | ---- | C] () -- C:\Documents and Settings\David\Desktop\fport.zip
[2008/10/06 22:48:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\TcpView
[2008/10/06 22:48:38 | 00,170,702 | ---- | C] () -- C:\Documents and Settings\David\Desktop\TcpView.zip
[2008/10/06 21:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\ProcessExplorer
[2008/10/06 21:17:19 | 01,602,877 | ---- | C] () -- C:\Documents and Settings\David\Desktop\ProcessExplorer.zip
[2008/10/06 21:16:04 | 01,044,574 | ---- | C] (Mister Group ) -- C:\Documents and Settings\David\Desktop\SystemExplorerSetup.exe
[2008/10/05 21:36:25 | 00,018,910 | ---- | C] () -- C:\Documents and Settings\David\My Documents\2nd.3dr
[2008/10/05 21:18:06 | 00,018,910 | ---- | C] () -- C:\Documents and Settings\David\My Documents\stock.3dr
[2008/10/04 21:53:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\TGTC_XP_4.2
[2008/10/04 21:47:55 | 01,977,163 | ---- | C] () -- C:\Documents and Settings\David\My Documents\TGTC_XP_4.2.zip
[2008/10/04 16:29:51 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/10/04 16:27:47 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2625.exe
[2008/10/04 16:27:27 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2560.exe
[2008/10/04 16:27:27 | 00,000,000 | ---D | C] -- C:\ComboFix.exe
[2008/10/04 16:26:38 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2400.exe
[2008/10/04 16:26:10 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2308.exe
[2008/10/04 16:24:40 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2014.exe
[2008/10/04 16:23:25 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF1766.exe
[2008/10/04 16:03:03 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/10/04 14:44:10 | 00,000,210 | ---- | C] () -- C:\Boot.bak
[2008/10/04 14:44:01 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/04 14:43:55 | 00,000,000 | ---D | C] -- C:\cmdcons
[2008/10/04 14:43:05 | 00,000,000 | ---D | C] -- C:\ComboFix.exe1
[2008/10/04 12:43:53 | 00,899,260 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Windows.Genuine.Advantage.Validation.v1.8.31.9.CRACKED.rar
[2008/10/04 12:43:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Windows.Genuine.Advantage.Validation.v1.8.31.9.CRACKED
[2008/10/04 10:45:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/10/04 10:45:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/10/04 10:33:02 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Windows_WGA_Patcher_Permanent_Kit.3557054.TPB.torrent
[2008/10/04 09:37:42 | 00,000,000 | ---D | C] -- C:\ComboFix(2)
[2008/10/04 09:11:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2008/10/02 16:27:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2008/10/02 10:22:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\nf2v116_wxp
[2008/09/30 18:01:29 | 00,000,000 | ---D | C] -- C:\Games
[2008/09/30 00:32:54 | 07,484,924 | ---- | C] () -- C:\Documents and Settings\David\My Documents\document.pdf
[2008/09/29 23:55:47 | 02,487,573 | ---- | C] () -- C:\Documents and Settings\David\My Documents\27pt81s_dfu_aen.pdf
[2008/09/29 23:27:46 | 00,000,000 | ---D | C] -- C:\MECC
[2008/09/29 20:04:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\flt-cnc3
[2008/09/29 01:21:15 | 01,358,624 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\David\My Documents\windows-live-toolbar.exe
[2008/09/29 01:16:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2008/09/29 01:09:01 | 00,000,392 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC810610-E3B9-43C9-9938-4B3F0DE34D6B}.job
[2008/09/29 01:05:06 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2008/09/29 01:05:05 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2008/09/29 00:46:54 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\David\My Documents\IE7-WindowsXP-x86-enu.exe
[2008/09/29 00:28:25 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ieResetIcons.exe
[2008/09/28 22:14:21 | 00,003,876 | ---- | C] () -- C:\Documents and Settings\David\My Documents\flt-cnc3.nfo
[2008/09/28 22:13:39 | 07,843,797 | ---- | C] () -- C:\Documents and Settings\David\My Documents\flt-cnc3-crack.rar
[2008/09/28 22:13:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\flt-cnc3-crack
[2008/09/28 22:11:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\flt-cnc3-crack
[2008/09/28 17:45:30 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/28 17:45:29 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/28 17:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/25 02:04:19 | 04,267,744 | ---- | C] (Logitech ) -- C:\Documents and Settings\David\My Documents\mw9791enu.exe
[2008/09/25 01:58:36 | 00,016,896 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE32.DLL
[2008/09/25 01:58:36 | 00,003,568 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\LMOUSE16.DLL
[2008/09/25 01:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2008/09/25 01:58:33 | 00,025,505 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHIDFLT2.SYS
[2008/09/25 01:08:10 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2008/09/24 05:42:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/24 05:10:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\New Folder
[2008/09/23 20:07:05 | 00,188,416 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2008/09/23 20:06:53 | 00,143,360 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2008/09/23 20:06:44 | 00,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2008/09/23 20:06:36 | 00,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2008/09/23 19:38:02 | 03,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/09/23 18:22:50 | 00,000,164 | ---- | C] () -- C:\install.dat
[2008/09/21 19:14:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Malwarebytes
[2008/09/21 19:14:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/21 19:12:52 | 02,189,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David\My Documents\mbam-setup.exe
[2008/09/21 10:57:54 | 00,618,040 | ---- | C] (Prevx) -- C:\Documents and Settings\David\My Documents\PREVXCSIFREE.EXE
[2008/09/20 02:26:53 | 00,004,571 | ---- | C] () -- C:\Documents and Settings\David\My Documents\RCMAN.CFG
[2008/09/20 01:27:37 | 00,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2008/09/18 16:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\ProtoWall1.42build5300
[2008/09/18 16:37:23 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin

========== Files - Modified Within 30 Days ==========

[39 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/10/18 06:40:08 | 00,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC810610-E3B9-43C9-9938-4B3F0DE34D6B}.job
[2008/10/18 06:39:01 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTViewIt.exe
[2008/10/18 06:35:53 | 00,033,800 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/18 06:35:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/18 06:35:04 | 00,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2008/10/18 06:35:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/18 02:27:54 | 00,029,976 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000004-00511102}.rfx
[2008/10/18 02:27:54 | 00,029,976 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-0000000A-00001102-00000004-00511102}.rfx
[2008/10/18 02:27:54 | 00,026,592 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-0000000A-00001102-00000004-00511102}.rfx
[2008/10/18 02:27:54 | 00,026,592 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000004-00511102}.rfx
[2008/10/18 02:27:54 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-0000000A-00001102-00000004-00511102}.rfx
[2008/10/18 02:27:54 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/10/18 02:27:54 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/10/17 18:29:44 | 00,001,683 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Disney's Toontown Online.lnk
[2008/10/17 17:52:10 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\David\Desktop\RSIT.exe
[2008/10/16 21:29:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/15 22:22:00 | 00,001,276 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft FREE trial.lnk
[2008/10/15 22:12:54 | 00,000,845 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/15 19:47:09 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Spybot - Search & Destroy.lnk
[2008/10/15 18:45:58 | 00,105,254 | ---- | M] () -- C:\Documents and Settings\David\Desktop\1224117915val_garden.jpg
[2008/10/15 18:06:16 | 00,001,167 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/15 18:01:50 | 01,450,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 17:56:53 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 09:40:19 | 00,196,608 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/15 01:29:58 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2008/10/14 20:56:07 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\David\Desktop\CCleaner.lnk
[2008/10/14 20:49:07 | 02,934,168 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\David\Desktop\ccsetup212.exe
[2008/10/13 21:05:48 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\David\Desktop\utorrent.exe
[2008/10/13 20:55:21 | 00,003,856 | ---- | M] () -- C:\Documents and Settings\David\Desktop\[G-A]_SATELLITE_TV_for_PC_T_2008_ELITE_EDITION_[mininova].torrent
[2008/10/12 20:08:56 | 03,292,402 | -H-- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\IconCache.db
[2008/10/12 16:48:27 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/12 16:48:27 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/10 20:09:19 | 00,197,976 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2008/10/10 20:09:17 | 00,197,976 | ---- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2008/10/08 21:01:21 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\David\My Documents\stinger.opt
[2008/10/07 22:57:23 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\David\My Documents\stinger.exe
[2008/10/07 22:11:03 | 00,265,205 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/07 20:55:00 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\David\My Documents\spybotsd160.exe
[2008/10/07 20:46:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/07 20:46:39 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/07 20:32:43 | 19,153,264 | ---- | M] () -- C:\Documents and Settings\David\My Documents\aaw2008.exe
[2008/10/07 13:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/07 04:04:11 | 00,555,034 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/07 04:04:11 | 00,465,932 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/07 04:04:11 | 00,078,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/06 22:55:27 | 00,057,843 | ---- | M] () -- C:\Documents and Settings\David\Desktop\fport.zip
[2008/10/06 22:48:39 | 00,170,702 | ---- | M] () -- C:\Documents and Settings\David\Desktop\TcpView.zip
[2008/10/06 21:59:28 | 00,034,280 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/06 21:17:23 | 01,602,877 | ---- | M] () -- C:\Documents and Settings\David\Desktop\ProcessExplorer.zip
[2008/10/06 21:16:15 | 01,044,574 | ---- | M] (Mister Group ) -- C:\Documents and Settings\David\Desktop\SystemExplorerSetup.exe
[2008/10/05 21:44:50 | 00,189,553 | ---- | M] () -- C:\Documents and Settings\David\My Documents\startuplist.zip
[2008/10/05 21:44:18 | 00,774,703 | ---- | M] () -- C:\Documents and Settings\David\My Documents\ch editor and lists.zip
[2008/10/05 21:43:29 | 00,632,542 | ---- | M] () -- C:\Documents and Settings\David\My Documents\PowerStrip_v3.50_build_451_Crack_by_TSRH.zip
[2008/10/05 21:43:19 | 00,808,684 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Blacklist_API240_package.zip
[2008/10/05 21:36:27 | 00,018,910 | ---- | M] () -- C:\Documents and Settings\David\My Documents\2nd.3dr
[2008/10/05 21:18:08 | 00,018,910 | ---- | M] () -- C:\Documents and Settings\David\My Documents\stock.3dr
[2008/10/04 21:48:02 | 01,977,163 | ---- | M] () -- C:\Documents and Settings\David\My Documents\TGTC_XP_4.2.zip
[2008/10/04 16:27:44 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2625.exe
[2008/10/04 16:27:23 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2560.exe
[2008/10/04 16:26:35 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2400.exe
[2008/10/04 16:26:06 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2308.exe
[2008/10/04 16:24:37 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2014.exe
[2008/10/04 16:23:21 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF1766.exe
[2008/10/04 14:50:42 | 00,000,220 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/04 14:50:26 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081007-221103.backup
[2008/10/04 14:44:10 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/10/04 11:28:04 | 00,899,260 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Windows.Genuine.Advantage.Validation.v1.8.31.9.CRACKED.rar
[2008/10/04 10:33:02 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Windows_WGA_Patcher_Permanent_Kit.3557054.TPB.torrent
[2008/10/04 09:21:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts1.bak
[2008/10/03 11:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 11:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/02 18:43:06 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/10/02 15:41:30 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/01 20:37:23 | 00,005,110 | ---- | M] () -- C:\WINDOWS\7thlevel.ini
[2008/10/01 01:00:40 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/09/30 19:01:02 | 00,000,120 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2008/09/30 00:33:33 | 07,484,924 | ---- | M] () -- C:\Documents and Settings\David\My Documents\document.pdf
[2008/09/29 23:55:47 | 02,487,573 | ---- | M] () -- C:\Documents and Settings\David\My Documents\27pt81s_dfu_aen.pdf
[2008/09/29 01:21:22 | 01,358,624 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David\My Documents\windows-live-toolbar.exe
[2008/09/29 01:08:59 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\David\My Documents\desktop.ini
[2008/09/29 00:47:12 | 15,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David\My Documents\IE7-WindowsXP-x86-enu.exe
[2008/09/25 01:58:08 | 04,267,744 | ---- | M] (Logitech ) -- C:\Documents and Settings\David\My Documents\mw9791enu.exe
[2008/09/23 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/09/23 20:07:05 | 00,188,416 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2008/09/23 20:06:53 | 00,143,360 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2008/09/23 20:06:44 | 00,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2008/09/23 20:06:36 | 00,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2008/09/23 19:38:02 | 03,107,788 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/09/23 18:22:51 | 00,000,164 | ---- | M] () -- C:\install.dat
[2008/09/21 19:12:55 | 02,189,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David\My Documents\mbam-setup.exe
[2008/09/21 10:58:12 | 00,618,040 | ---- | M] (Prevx) -- C:\Documents and Settings\David\My Documents\PREVXCSIFREE.EXE
[2008/09/20 16:49:51 | 00,004,571 | ---- | M] () -- C:\Documents and Settings\David\My Documents\RCMAN.CFG
[2008/09/20 16:48:24 | 03,162,278 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-0000000A-00001102-00000004-00511102}.CDF
[2008/09/18 16:37:23 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
< End of report >

Fxtra.txt:
OTViewIt Extras logfile created on: 10/18/2008 6:41:45 AM - Run
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 603.33 Mb Available Physical Memory | 58.95% Memory free
2.41 Gb Paging File | 2.03 Gb Available in Paging File | 84.19% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.54 Gb Total Space | 25.79 Gb Free Space | 34.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.04 Gb Total Space | 49.37 Gb Free Space | 33.13% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID-999KME91K
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2006/10/11 02:04:59 | 07,604,331 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
[2008/04/13 18:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console
[2005/10/31 09:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
File not found Reg Error: Value does not exist or could not be read. (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}"=MSN Encarta Plus Support Files
"{02034A48-25C6-4BB4-8186-54917E5D49DA}"=SpongeBob SquarePants - Lights, Camera, Pants!
"{02EBDBB9-4600-41D3-B566-40CB861511D2}"=World of Warcraft FREE Trial
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0FDF5371-C060-4766-9969-DA63E185BCF7}"=Minigolf Wild West
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}"=FW LiveUpdate
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}"=HP Driver Diagnostics
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{22DE01B8-1DB3-4204-A5BE-80B2A6D894A0}"=SpongeBob SquarePants - Battle for Bikini Bottom
"{22F358CE-610B-A033-0D36-4FADA6E8F67A}"=Skins
"{2405665A-16C9-4D3A-B70E-F006220E1472}"=Overland
"{255F566C-3F57-15AD-2CA5-E7EA41F9904F}"=Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{28142407-ACAD-4ECD-A6B6-9FA8471F6062}"=Scarface: The World is Yours
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{30BA35E4-2B14-440B-9C1C-FDAAAD1C4D6D}"=Bratz - 4 Real
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}"=HP Photosmart, Officejet and Deskjet 7.0.A
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3
"{3E908702-AF35-4611-9518-955DA24B7E07}"=Microsoft XML Parser and SDK
"{4287A29F-EA4C-24E4-4AAE-3E6CDC9C965A}"=CCC Help English
"{4F1CECBC-670F-4daa-81D6-944B12450917}"=DIGReqEx
"{4FEEDAA3-0D0C-7584-63F2-0F216D3426C9}"=ccc-core-preinstall
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}"=MSSoap
"{55FA89BD-21D3-42F7-9249-C94C0094A83C}"=Apple Software Update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{56C632F1-E684-4033-8390-1C39A1719B01}"=Pajama Sam Life is Rough When You Lose Your Stuff
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=Logitech MouseWare 9.79.1
"{5C2F32AB-4D59-48AF-9AB1-1684FCC427C5}"=Lets Ride Silver Buckle Stables
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}"=Adobe ExtendScript Toolkit 2
"{7BFDB82D-ABF2-410F-96C7-0E8BAB3A797E}"=My Little Pony
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{80AE66E6-E9FA-0CAC-C9F1-4E5A144886F0}"=Catalyst Control Center Graphics Full New
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112115137}"=Mission Paintball Powered Up
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112125267}"=Timmy Roach Rampage
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113457170}"=Littlest Pet Shop My Teeniest Town
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}"=DocProc
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}"=Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8D6EC7D6-E71D-8743-1396-591F4195F347}"=Catalyst Control Center Graphics Light
"{8E57D2C6-C0A7-11D6-93E6-0050224003EF}"=Nickelodeon™ Party Blast
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}"=ccc-core-static
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word Viewer 2003
"{92B94569-6683-4617-8C54-EB27A1B51B30}"=GTAIII
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C92937F-7E79-4A32-AB80-BD7637146308}"=BRATZ - Rock Angelz
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9D3DCE45-E419-4DC6-B9A6-C6A37335DAE8}"=Barbie™ Diaries High School Mystery
"{9E38979C-FA65-476D-80C7-72F4EADE726C}"=Nancy Drew: The Curse of Blackmoor Manor
"{9F7FC79B-3059-4264-9450-39EB368E3220}"=Microsoft Picture It! Library 9
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A34CCD1C-7738-47B9-863D-8E0C478FB8F7}"=Dora the Explorer: Animal Adventures
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{AD298C10-EED0-4075-A9F1-4C8C93ACBD08}"=Dora Fairytale Adventure
"{B38C3184-F573-CDC2-9452-FA9C576AB010}"=ccc-utility
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4CF72FF-4A3F-44A7-BFF2-31A8E1CC70B6}"=Application Compatibility Toolkit
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B94C6815-7BCC-4124-AC39-9208A06FFFA7}"=Disney-Pixar Ratatouille
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C3AC8DD1-A754-46D6-A777-6155D627D196}"=My Fantasy Wedding
"{C769B501-2BE8-46ed-9E69-118F008A0917}"=DIGOpt
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2353A80-C650-4B5E-BA05-E5828730E623}"=Shrek 2 Activity Center
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}"=RssReader
"{DB4C031D-B2F8-47F1-A274-59A8F3B61033}"=Nero 7 Ultra Edition
"{DB6901C6-E8B7-F5F0-F0C6-9028AFCD5A74}"=Catalyst Control Center Graphics Previews Common
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}"=Microsoft Picture It! Express 9
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E068CD0F-E631-17E7-9A01-05C2B2B54C84}"=Catalyst Control Center Core Implementation
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{F1595B36-1AC3-4909-92CD-9571E2DA2629}"=Paws and Claws Pet Vet
"{F3760724-B29D-465B-BC53-E5D72095BCC4}"=Scan
"{F91E1833-2D7C-4725-B98A-C779FEC41946}"=EarthLink MDAC
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"{FC98FBE9-E931-494C-8717-497185371033}"=Nero 7 Ultra Edition
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup
"{FF35F637-72B9-43BE-A281-06EB2854393A}"=3DMark03
"ActiveXControlPad"=Microsoft ActiveX Control Pad
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3
"All ATI Software"=ATI - Software Uninstall Utility
"ArcadeAmerica"=Arcade America
"ASUS Features"=ASUS Features
"ASUS Probe V2.18.04"=ASUS Probe V2.18.04
"AsusUpdate"=AsusUpdate
"ATI Display Driver"=ATI Display Driver
"audcle"=Plus! MP3 Audio Converter LE
"Backyardigans Mission to Mars_is1"=Backyardigans Mission to Mars
"Barbie Magic Hair Styler"=Barbie Magic Hair Styler
"Barbie® Digital Makeover™"=Barbie® Digital Makeover™
"Blues Room"=Blues Room (remove only)
"Bratz Babyz"=Bratz Babyz
"Bubblefish Bob"=Bubblefish Bob (remove only)
"Caillou® Magic Playhouse™"=Caillou® Magic Playhouse™
"Call of Duty Game of the Year Edition"=Call of Duty Game of the Year Edition
"CareBearsDKey"=CareBears
"Catz"=Catz (remove only)
"CCleaner"=CCleaner (remove only)
"ComcastToolbar"=Comcast Toolbar
"DECCHECK"=Microsoft Windows XP Video Decoder Checkup Utility
"Diegos Rescue Adventure"=Diegos Rescue Adventure (remove only)
"Disney's Toontown Online"=Disney's Toontown Online
"Dogz"=Dogz (remove only)
"Dollhouse"=Cinderella's Dollhouse
"Dora the Explorer 3D Pyramid Adventure"=Dora the Explorer 3D Pyramid Adventure (remove only)
"Doras 3D Soccer"=Doras 3D Soccer (remove only)
"DRM7Tool"=Personal License Update Wizard for Windows Media Player
"drmtool.inf"=Personal License Update Wizard for Windows Media Player
"DVD X Rescue"=DVD X Rescue
"DVDXCopyPlatinum"=DVD X Copy Platinum 4.0.3
"Fairly Odd Parents Information Stupor Highway"=Fairly Odd Parents Information Stupor Highway (remove only)
"Fetch"=Fetch
"GameSpotDownloadManager"=GameSpot Download Manager
"Google Updater"=Google Updater
"HDTVPump"=DVBPortal HDTVPump Filter and Plugin
"Hey Arnold Runaway Bus 3D Game"=Hey Arnold Runaway Bus 3D Game (remove only)
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{0FDF5371-C060-4766-9969-DA63E185BCF7}"=Minigolf Wild West
"InstallShield_{28142407-ACAD-4ECD-A6B6-9FA8471F6062}"=Scarface: The World is Yours
"InstallShield_{56C632F1-E684-4033-8390-1C39A1719B01}"=Pajama Sam Life is Rough When You Lose Your Stuff
"Jimmy Neutron Invention Revenge"=Jimmy Neutron Invention Revenge (remove only)
"JungleGames"=Jungle Games
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"La Casa De Dora"=La Casa De Dora (remove only)
"Little Bear Rainy Day Activities"=Little Bear Rainy Day Activities
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"McDonald's Dragons "=McDonald's Dragons
"McDonald's Fairies "=McDonald's Fairies
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"mIRC"=mIRC
"Miss Spider"=Miss Spider
"mmmusic"=Movie Maker Background Music Files
"mmsounds"=Movie Maker Sound Effects
"mmtitle"=Movie Maker Title Images
"Mozilla Firefox (2.0)"=Mozilla Firefox (2.0)
"mplibwiz.inf"=Media Library Management Wizard
"mpxlswiz.inf"=Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf"=Windows Media Player Tray Control
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"My Disney Kitchen"=My Disney Kitchen
"My Scene™ CD-ROM"=My Scene™ CD-ROM
"NetJet"=NetJet 2.0
"Nick Blockade"=Nick Blockade (remove only)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"NVIDIAnForce"=NVIDIA Windows 2000/XP nForce Drivers
"PictureIt_POD_v9"=Microsoft Picture It! Library 9
"PictureIt_v9"=Microsoft Picture It! Express 9
"Playhouse Disney's Rolie Polie Olie"=Playhouse Disney Rolie Polie Olie
"PokerRoom.com"=PokerRoom.com (remove only)
"PRSCHOOL_1.4"=JumpStart PreSchool v1.4
"QuickTime"=QuickTime
"RegCure"=RegCure 1.4.0.4
"RRTW32.EXE"=Reader Rabbit's Toddler
"SpellForce"=SpellForce
"SpongeBob pinball"=SpongeBob pinball
"SpongeBob SquarePants Employee of the Month"=SpongeBob SquarePants Employee of the Month
"SpongeBob SquarePants Jellyfish Shuffleboard"=SpongeBob SquarePants Jellyfish Shuffleboard (remove only)
"SpongeBob SquarePants Movie 3D Game"=SpongeBob SquarePants Movie 3D Game (remove only)
"SpongeBob SquarePants Obstacle Odyssey"=SpongeBob SquarePants Obstacle Odyssey (remove only)
"SSUtils"=NVIDIA nForce Utilities
"Strawberry Shortcake - Amazing Cookie Party"=Strawberry Shortcake - Amazing Cookie Party
"StreetPlugin"=Learn2 Player (Uninstall Only)
"Tarzan"=Tarzan
"Tigger Too"=Disney's Tigger Too
"Tweak UI 2.10"=Tweak UI
"wa2wmp"=Windows Media Player Skin Importer
"WIC"=Windows Imaging Component
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WMV9_VCM"=Microsoft Windows Media Video 9 VCM
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2008 2:51:31 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 2:51:31 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 3:48:32 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 3:48:32 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 8:35:16 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 8:35:16 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 8:35:16 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 8:35:16 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/18/2008 8:35:43 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

Error - 10/18/2008 8:35:46 AM | Computer Name = DAVID-999KME91K | Source = Userenv | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, or that your network is functioning correctly.
If this problem persists, contact your network administrator. DETAIL - Incorrect
function.

[ System Events ]
Error - 10/18/2008 8:35:44 AM | Computer Name = DAVID-999KME91K | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 10/18/2008 8:35:47 AM | Computer Name = DAVID-999KME91K | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%1

Error - 10/18/2008 8:35:52 AM | Computer Name = DAVID-999KME91K | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%0

Error - 10/18/2008 8:36:42 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Access Limits security descriptor is
invalid. The security descriptor is defined as an invalid Security Descriptor Definitions
Language (SDDL) string. The requested action was therefore not performed. Please
contact your administrator to get the security descriptor corrected in the Group
Policy settings.

Error - 10/18/2008 8:36:42 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Access Limits security descriptor is
invalid. The security descriptor is defined as an invalid Security Descriptor Definitions
Language (SDDL) string. The requested action was therefore not performed. Please
contact your administrator to get the security descriptor corrected in the Group
Policy settings.

Error - 10/18/2008 8:36:42 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.

Error - 10/18/2008 8:38:03 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Access Limits security descriptor is
invalid. The security descriptor is defined as an invalid Security Descriptor Definitions
Language (SDDL) string. The requested action was therefore not performed. Please
contact your administrator to get the security descriptor corrected in the Group
Policy settings.

Error - 10/18/2008 8:38:03 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.

Error - 10/18/2008 8:38:43 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Access Limits security descriptor is
invalid. The security descriptor is defined as an invalid Security Descriptor Definitions
Language (SDDL) string. The requested action was therefore not performed. Please
contact your administrator to get the security descriptor corrected in the Group
Policy settings.

Error - 10/18/2008 8:38:43 AM | Computer Name = DAVID-999KME91K | Source = DCOM | ID = 10024
Description = The machine wide group policy Launch and Activation Limits security
descriptor is invalid. The security descriptor is defined as an invalid Security
Descriptor Definitions Language (SDDL) string. The requested action was therefore
not performed. Please contact your administrator to get the security descriptor
corrected in the Group Policy settings.


< End of report >
Drweb.csv:


RegUBP2b-David.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
couponprinter.exe\data012;C:\Documents and Settings\David\Desktop\couponprinter.exe;Adware.Coupons;;
couponprinter.exe;C:\Documents and Settings\David\Desktop;Archive contains infected objects;Moved.;
Fport.exe;C:\Documents and Settings\David\Desktop\fport\Fport-2.0;Program.FPort.20;Moved.;
ar.exe;C:\Program Files\JoWooD\SpellForce;BackDoor.IRC.Sdbot.3107;Deleted.;
A0236544.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP801\A0236544.exe;Program.PsExec.171;;
A0236544.exe;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP801;Archive contains infected objects;Moved.;
A0237979.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP805;Trojan.StartPage.1505;Deleted.;
A0238046.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP805;Trojan.StartPage.1505;Deleted.;
A0238120.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP806;Trojan.StartPage.1505;Deleted.;
A0238193.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP806;Trojan.StartPage.1505;Deleted.;
A0238250.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP806;Trojan.StartPage.1505;Deleted.;
A0238324.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP807;Trojan.StartPage.1505;Deleted.;
A0238388.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP807;Trojan.StartPage.1505;Deleted.;
A0238448.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP808;Trojan.StartPage.1505;Deleted.;
A0238521.dll;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP808;Adware.Coupons.34;Moved.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.616;Moved.;
A0238522.ocx;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP808;Adware.Coupons.34;Moved.;
A0240070.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP815;Trojan.StartPage.1505;Deleted.;
A0240272.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP816;Trojan.StartPage.1505;Deleted.;
A0240333.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP816;Trojan.StartPage.1505;Deleted.;
A0240375.reg;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP816;Trojan.StartPage.1505;Deleted.;
A0240376.exe\data012;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP816\A0240376.exe;Adware.Coupons;;
A0240376.exe;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP816;Archive contains infected objects;Moved.;
A0240383.exe;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP816;BackDoor.IRC.Sdbot.3107;Deleted.;
A0240392.exe\data065;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP816\A0240392.exe;Tool.ShutDown.10;;
A0240392.exe;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP816;Archive contains infected objects;Moved.;
A0240414.exe\data065;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP816\A0240414.exe;Tool.ShutDown.10;;
A0240414.exe;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP816;Archive contains infected objects;Moved.;
A0240442.exe;C:\System Volume Information\_restore{E05D2CC0-8887-4CD1-97D3-4B44F96D0826}\RP816;Program.FPort.20;Moved.;

And finally highjackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:58 PM, on 10/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\David\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] "C:\WINDOWS\system32\sstray.exe" /r
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/oneclickfix/tgctlsr.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202792004281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204255920000
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.31.5/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...0/installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9787 bytes

So computer is still downloading bytes, and still have those CF*****.exe files.

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:30 AM

Posted 19 October 2008 - 06:03 AM

Hi ubaman,


The Drweb.csv shows that the game of SpellForce was infected by IRC.Sdbot. I think it's better to uninstall this program via Add/Remove Programs in this moment.
and i notice there are some stuff including p2p prgram and crack thingy should be removed. After the end of clean process, we can say loudly to you "You are all clean".
That means no more suspect files or programs in your system. and you are good to go. Will it be cheerful for you? If so, then please do in the following.


Step1

1.Please run HijackThis! and click "Do a system scan only." Place check next to the following entry:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

If you, the administrator or your anti spyware programs (such as Spybot - Search and Destroy) did not enable Internet Explorer restriction,

You should Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Step2


Download OTMoveIt3.exe by OldTimer and save it to your desktop.

  • Double click on OTMoveIt3.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
  • Note: Do not type it out to minimize the risk of typo error
    :Processes 
    explorer.exe
    
    :Files
    C:\Documents and Settings\David\My Documents\PowerStrip_v3.50_build_451_Crack_by_TSRH.zip
    C:\Documents and Settings\David\My Documents\Windows.Genuine.Advantage.Validation.v1.8.31.9.CRACKED.rar
    C:\Documents and Settings\David\Desktop\Windows_WGA_Patcher_Permanent_Kit.3557054.TPB.torrent
    C:\WINDOWS\System32\CF2625.exe
    C:\WINDOWS\System32\CF2560.exe
    C:\WINDOWS\System32\CF2400.exe
    C:\WINDOWS\System32\CF2308.exe
    C:\WINDOWS\System32\CF2014.exe
    C:\WINDOWS\System32\CF1766.exe
    
    :Commands
    [EmptyTemp]
    [start explorer]
    [Reboot]
  • Click on MoveIt!
  • When done, click on Exit
  • Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
  • A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.
You can refer to this thread for your reference.



Step3

Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
You can refer to this thread for your reference.


Step4


Please go to Here and Download System Repair Engine by smallfrogs

  • Extract it to Desktop & double click SREng.exe to run it
  • Select 'Smart Scan' & tick "Verify Digital Signatures"
  • Click on the Scan button
  • Before scanning the computer, Close all browsers and other programs except SREng.
  • When finished, click on the Save Reports button & save the log to Desktop
You can refer to this thread for your reference.


In your next reply, Please post back:

1.OTMoveIT log
2.Kas scanner. log
3.SREng.log

Have you ever checked backup.ftp and backup.tftp in C:\WINDOWS\system32\Microsoft as described in my last post?

How is your pc running now?

#9 ubaman

ubaman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 19 October 2008 - 09:17 AM

OK tried to remove spellforce and get "Wise Uninstall could not open INSTALL.LOG file". I did already did Step 1 and stopped there. What now?
Thanks Again

#10 ubaman

ubaman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 19 October 2008 - 09:18 AM

OK tried to remove spellforce and get "Wise Uninstall could not open INSTALL.LOG file". I did already did Step 1 and stopped there. What now?
Thanks Again


OK tried to remove spellforce and get "Wise Uninstall could not open INSTALL.LOG file". I did already did Step 1 and stopped there. What now?
Thanks Again

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:30 AM

Posted 19 October 2008 - 09:49 AM

Please proceed the rest, and we will take care of spellforce later. :thumbsup:

#12 ubaman

ubaman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 20 October 2008 - 04:33 PM

I can not run Kaspersky tried 5 times it freezes at 13%. The rest of computer works just page with
Kaspersky freezes.When I hit stop scan the button turns red but then nothing.Also task manger says application is running,then hit veiw scan report and nothing happens .It also takes about 2 hours to get to that point .
Thanks Dave

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:30 AM

Posted 20 October 2008 - 10:20 PM

OK!! You can try this instead:
  • Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page.
  • You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
  • Click on Accept to accept the License Agreement.
  • Click on Custom Scan.
  • Under Virus Scan Options, select the Scan whole system option.
  • Under Other Scan Options, select these options:
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Scan inside archives
  • Use advanced heuristics
[*]Click Start.
[*]It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
[*]Click on I want decide item by item.
[*]Under Actions, select None for all infections found.
[*]Click Next.
[*]Click on Show Report.
[*]Please copy and paste this report in your next reply.
[*]Click Finish.
[/list]Note:
You also can find F-Secure report from C:\Documents and Settings\<user name>\Application Data\Local\Temp\OnlineScanner\ols_report.html

Have you ever checked there are backup.ftp and backup.tftp in C:\WINDOWS\system32\Microsoft as described in my last post?---This is important.

#14 ubaman

ubaman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 21 October 2008 - 01:19 AM

ok thanks again. I did check for backup.ftp and other one and no I don't have.Been running f-secure for 4 hours now going to let it run and post in morning.Computer is slow but could be because scanning.

#15 ubaman

ubaman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 22 October 2008 - 07:37 AM

I Have been leaving computer hooked up to internet for 3 days. Trying to get a scan done. Same thing happens with F-Securer. It freezes up and gives me ie need to cose message.My computer is still downloading trillions on bytes to my computer.please help .
Thank you Dave




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users