Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo.H


  • This topic is locked This topic is locked
11 replies to this topic

#1 J-1303

J-1303

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 16 October 2008 - 04:27 PM

Hey, I wonder if you can help?

I came across your forum when i was searching for removal of this trojan.

I have followed a few steps in getting the hijack this log (posted below), i have tried a manner of things to the best of my abilities, yet still seem to have the infection :thumbsup:

I have currently installed and are running AVG anti-virus, Computer Associates (antivirus), Spybot Search & Destroy, and also the latest addition is MalwareBytes' Anti-malware. MalwareBytes' seems to be the most useful so far as picks up the infection each time it is run, the last scan found only two registry key infections.

Any help will be grately appreciated!

thanks in advance,

James.

HiJack This Log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:52, on 16/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {C5D82AAC-C3EA-46FA-9A23-1C11ECF988E8} - (no file)
O2 - BHO: {a2d6cd4a-0c05-1ca8-3114-a9b2c92c41bf} - {fb14c29c-2b9a-4113-8ac1-50c0a4dc6d2a} - C:\WINDOWS\system32\nojyus.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LiveUpdate] "C:\Program Files\Samsung\Samsung PC Studio 3\\Update\Copyer.exe" -R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097053507402
O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} (Promap Control) - https://www.promapserver.co.uk/controls/latest/promap.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://server01.simpsonhilder.co.uk/Remote/msrdp.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll nojyus.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15232 bytes

BC AdBot (Login to Remove)

 


m

#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 22 October 2008 - 03:25 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 J-1303

J-1303
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 22 October 2008 - 04:39 PM

Hey Panda,

Listed below are the logs from OtviewIt as requested.

OTViewIt logfile created on: 22/10/2008 22:08:44 - Run
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\James Thompson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.61% Memory free
3.85 Gb Paging File | 3.04 Gb Available in Paging File | 78.98% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 125.46 Gb Total Space | 51.85 Gb Free Space | 41.33% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 25.08 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
Drive E: | 9.76 Gb Total Space | 5.57 Gb Free Space | 57.04% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES
Current User Name: James Thompson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/10/16 19:36:13 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
[2008/08/29 21:00:32 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2004/10/12 17:54:10 | 00,106,496 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
[2008/04/14 01:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2004/07/21 02:18:54 | 00,090,112 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2004/02/24 22:05:58 | 00,508,416 | ---- | M] (Chicony) -- C:\WINDOWS\mHotkey.exe
[2004/02/04 01:15:54 | 05,794,816 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe
[2004/02/20 15:00:28 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
[2004/10/29 20:34:36 | 00,081,920 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
[2004/10/06 14:03:35 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2006/06/07 18:00:00 | 00,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0250Mon.exe
[2006/10/09 14:49:06 | 00,020,480 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
[2008/01/11 19:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[2008/09/29 18:54:09 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/08/30 15:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
[2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/10/13 19:36:42 | 00,247,024 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
[2008/08/30 15:14:36 | 00,234,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/08/05 00:32:02 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2006/05/31 17:00:54 | 00,143,360 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[2008/05/06 09:42:14 | 00,202,088 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
[2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/07/07 09:42:06 | 02,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2004/10/06 16:56:28 | 00,483,412 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
[2002/09/19 19:29:30 | 00,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
[2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
[2004/09/20 23:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/07/04 19:21:12 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/08/30 15:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/08/29 21:00:35 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2001/11/12 21:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
[2008/04/23 21:31:14 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/13 19:36:42 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
[2008/08/23 06:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 11:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/10/22 22:07:59 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Thompson\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/16 19:36:13 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
[2008/08/29 21:00:35 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/08/29 21:00:32 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2004/10/12 17:54:10 | 00,106,496 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/10/13 19:36:42 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Running])
[2008/08/30 15:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe [Auto | Running])
[2002/09/19 19:27:06 | 00,077,824 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT [On_Demand | Stopped])
[2002/09/19 19:41:02 | 00,077,824 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/04/23 21:31:14 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/08/01 19:25:57 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2002/09/19 19:29:30 | 00,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch [Auto | Running])
[2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32 [Auto | Running])
[2006/12/14 03:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2004/09/20 23:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/12/14 02:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2007/02/05 11:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service [On_Demand | Stopped])
[2006/12/14 03:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2007/02/05 11:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2008/08/30 15:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT [Auto | Running])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2001/11/12 21:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [On_Demand | Running])

========== Driver Services ==========

[2004/10/06 14:10:46 | 00,945,152 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid [On_Demand | Running])
[2004/10/06 18:36:11 | 00,015,939 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2004/02/20 15:00:44 | 01,265,388 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2004/10/15 10:41:24 | 00,285,216 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\drivers\wg11tnd5.sys -- (AR5523 [On_Demand | Stopped])
[2004/10/14 18:24:00 | 00,043,392 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL [On_Demand | Stopped])
[2008/08/29 21:00:29 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/04 19:21:11 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/07/04 19:21:50 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2004/09/21 18:18:36 | 00,019,712 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
[2004/09/21 18:15:34 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT [On_Demand | Stopped])
[2004/10/12 16:08:12 | 00,023,896 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb [On_Demand | Running])
[2004/09/21 18:18:02 | 00,011,604 | ---- | M] () -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum [On_Demand | Running])
[2004/10/12 17:03:02 | 00,028,687 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
[2008/10/22 19:00:43 | 00,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter [On_Demand | Stopped])
[2004/10/01 13:58:10 | 01,272,000 | ---- | M] (C-Media Inc.) -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax [On_Demand | Running])
[2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5 [On_Demand | Stopped])
[2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
[2003/01/15 15:05:54 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/03/18 00:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/04/13 17:42:16 | 00,068,096 | ---- | M] (EZB Systems, Inc.) -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive [System | Running])
[2008/04/13 19:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/07/29 17:00:33 | 00,015,890 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2001/08/17 04:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008/04/13 19:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])
[2004/10/07 01:38:30 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
[2004/09/21 18:18:36 | 00,013,299 | ---- | M] () -- C:\WINDOWS\system32\drivers\packet.sys -- (NPF [On_Demand | Stopped])
[2002/09/12 16:29:42 | 00,006,016 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM [On_Demand | Stopped])
[2004/09/20 23:09:00 | 02,738,592 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2007/09/09 14:49:51 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2003/12/05 17:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/10/18 03:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2004/08/14 00:38:18 | 00,140,544 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB [On_Demand | Stopped])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/08/30 02:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2005/08/30 02:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
[2005/08/30 02:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
[2005/08/30 18:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
[2005/08/30 18:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
[2005/08/30 18:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
[2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
[2003/12/19 17:13:30 | 00,011,672 | ---- | M] (Chicony) -- C:\WINDOWS\system32\drivers\UKBFLT.sys -- (UKBFLT [On_Demand | Running])
[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/06/27 04:25:26 | 00,185,504 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\V0250Dev.sys -- (V0250Dev [On_Demand | Running])
[2006/03/24 09:24:32 | 00,006,272 | R--- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\drivers\V0250Vfx.sys -- (V0250Vfx [On_Demand | Running])
[2004/09/21 18:18:52 | 00,061,048 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm [On_Demand | Running])
[2004/09/22 18:08:46 | 00,081,548 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
[2008/08/30 15:14:36 | 00,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
[2008/08/30 15:14:34 | 00,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC [System | Running])
[2008/10/13 19:36:41 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
[2008/10/13 19:36:41 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE [System | Running])
[2008/08/30 15:14:28 | 00,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
[2008/08/30 15:14:34 | 00,032,240 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])
[2002/04/24 20:07:56 | 00,019,928 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\system32\drivers\wbscr.sys -- (wbscr [On_Demand | Running])
[2004/01/16 21:02:58 | 00,017,408 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.facebook.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.com

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.com

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.facebook.com/

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{C5D82AAC-C3EA-46FA-9A23-1C11ECF988E8} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{fb14c29c-2b9a-4113-8ac1-50c0a4dc6d2a} (HKLM) -- C:\WINDOWS\system32\nojyus.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/04/23 22:13:04 | 00,000,000 | ---D | M]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4982D40A-C53B-4615-B15B-B5B5E98D167C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AGRSMMSG"=AGRSMMSG.exe (Agere Systems)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AVFX Engine"=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
"CHotkey"=mHotkey.exe (Chicony)
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
"Dit"=Dit.exe (ICSI Technology Ltd.)
"High Definition Audio Property Page Shortcut"=HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"ledpointer"=CNYHKey.exe (Chicony)
"LiveUpdate"="C:\Program Files\Samsung\Samsung PC Studio 3\\Update\Copyer.exe" -R (TODO: <회사 이름>)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"nwiz"=nwiz.exe /install (NVIDIA Corporation)
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" (CyberLink Corp.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"V0250Mon.exe"=C:\WINDOWS\V0250Mon.exe (Creative Technology Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" (Creative Technology Ltd.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" (Creative Technology Ltd.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

========== (O4) Startup Folders ==========

[2005/03/05 14:18:22 | 00,010,872 | ---- | M] (Autodesk, Inc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
[2004/10/15 11:20:54 | 01,024,000 | ---- | M] (IVT Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
[2004/10/06 16:56:28 | 00,483,412 | ---- | M] (NETGEAR) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc.cab -- Office Update Installation Engine
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://v5.windowsupdate.microsoft.com/v5co...b?1097053507402 -- WUWebControl Class
{644F656A-013E-4198-BE03-1D7A4F6AB550}: https://www.promapserver.co.uk/controls/latest/promap.cab -- Promap Control
{7584C670-2274-4EFB-B00B-D6AABA6D3850}: https://server01.simpsonhilder.co.uk/Remote/msrdp.cab -- Microsoft RDP Client Control (redist)
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{A90A5822-F108-45AD-8482-9BC8B12DD539}: http://www.crucial.com/controls/cpcScanner.cab -- Crucial cpcScan
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{026D9304-8605-46E9-8092-30CC4852AAC9} (Servers: | Description: NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter)
{1096E44D-25F4-4BD3-AE79-FA1B68C1A345} (Servers: | Description: )
{2753968A-58CE-481D-BE84-FCDDFD620F4D} (Servers: | Description: 1394 Net Adapter)
{8FA2D41F-A01E-4125-AC42-C67DF4809D4B} (Servers: | Description: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX))
{94913FD9-6D35-4FE5-B126-E85957D1345A} (Servers: | Description: )
{A99B5B70-E44A-4BE9-B2C0-FE6CFAA5199D} (Servers: | Description: RT2500 USB Wireless LAN Card)
{FFCF40D6-3897-4FDF-B9C3-EBBAF23E3180} (Servers: | Description: VIA VT6105 Rhine III Fast Ethernet Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll nojyus.dll
>[2008/07/04 19:21:12 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll
>[2008/10/13 19:52:45 | 00,109,568 | ---- | M] () -- C:\WINDOWS\system32\nojyus.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [@echo off | cls | echo. start flashing BIOS MS7091? | pause | AWFL859G.exe W7091MLN.314 /Py /Sn /Cd /Cp /Cc /E /R | ]
[2005/05/25 13:58:36 | 00,000,111 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ]
[2007/07/29 18:37:16 | 00,000,090 | ---- | M] () -- D:\AUTORUN.INF -- [ NTFS ]

AUTOEXEC.BAT [@echo off | cls | echo. start flashing BIOS MS7091? | pause | AWFL859G.exe W7091MLN.314 /Py /Sn /Cd /Cp /Cc /E /R | ]
[2005/05/25 13:58:36 | 00,000,111 | ---- | M] () -- E:\AUTOEXEC.BAT -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d62a728c-b4ae-11dc-a857-000fb59ba5c8}\Shell\AutoRun\command]
""=K:\InstallTomTomHOME.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2008/10/22 22:07:35 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James Thompson\Desktop\OTViewIt.exe
[2008/10/21 20:59:24 | 11,057,8288 | ---- | C] (CA, Inc. ) -- C:\Documents and Settings\James Thompson\My Documents\issdm_en_32.exe
[2008/10/21 20:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Thompson\Application Data\GetRightToGo
[2008/10/18 17:37:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Thompson\Local Settings\Application Data\Identities
[2008/10/16 19:52:54 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/16 19:05:11 | 21,470,12608 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/15 00:18:38 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 00:16:16 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 00:15:56 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 00:15:54 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 00:15:46 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 00:15:43 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/14 23:15:36 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/10/14 23:09:09 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/10/14 17:59:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Thompson\Application Data\Malwarebytes
[2008/10/14 17:59:08 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 17:59:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/14 17:59:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/14 17:59:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/14 17:58:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/13 19:52:50 | 00,109,568 | ---- | C] () -- C:\WINDOWS\System32\nojyus.dll
[2008/10/13 19:52:44 | 00,109,568 | ---- | C] () -- C:\WINDOWS\System32\wxvthtla.dll
[2008/10/13 19:51:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\CAVTemp
[2008/10/13 19:34:44 | 00,032,240 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
[2008/10/13 19:34:44 | 00,021,488 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2008/10/13 19:34:44 | 00,021,104 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2008/10/13 19:34:43 | 00,880,560 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2008/10/13 19:34:43 | 00,108,368 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2008/10/13 19:34:43 | 00,099,568 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
[2008/10/13 19:34:43 | 00,091,376 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
[2008/10/13 19:34:43 | 00,083,256 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll
[2008/10/13 19:34:43 | 00,026,352 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
[2008/10/13 19:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/10/13 19:23:51 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/13 19:23:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/12 18:56:42 | 01,071,448 | -HS- | C] () -- C:\WINDOWS\System32\ttqhwhgi.ini
[2008/10/05 18:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Thompson\My Documents\University
[2008/10/05 14:44:53 | 00,962,936 | ---- | C] () -- C:\Documents and Settings\James Thompson\My Documents\trada catalogue.pdf
[2008/10/05 00:56:14 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/05 00:55:41 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/05 00:55:39 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/10/05 00:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/30 21:51:43 | 00,250,910 | ---- | C] () -- C:\Documents and Settings\James Thompson\Desktop\me for nus.jpg

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/22 22:07:59 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Thompson\Desktop\OTViewIt.exe
[2008/10/22 19:05:19 | 00,000,581 | ---- | M] () -- C:\Documents and Settings\James Thompson\My Documents\My Sharing Folders.lnk
[2008/10/22 19:03:48 | 29,152,882 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/22 19:00:43 | 00,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2008/10/22 19:00:41 | 00,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/22 19:00:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/22 19:00:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/22 19:00:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/22 19:00:14 | 21,470,12608 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/21 21:02:08 | 11,057,8288 | ---- | M] (CA, Inc. ) -- C:\Documents and Settings\James Thompson\My Documents\issdm_en_32.exe
[2008/10/21 20:31:57 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/20 19:26:52 | 00,060,769 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/16 20:25:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/15 19:59:58 | 04,262,276 | -H-- | M] () -- C:\Documents and Settings\James Thompson\Local Settings\Application Data\IconCache.db
[2008/10/15 08:39:13 | 01,647,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 08:34:56 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 08:20:38 | 00,114,512 | ---- | M] () -- C:\Documents and Settings\James Thompson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/14 17:59:08 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/13 19:52:45 | 00,109,568 | ---- | M] () -- C:\WINDOWS\System32\wxvthtla.dll
[2008/10/13 19:52:45 | 00,109,568 | ---- | M] () -- C:\WINDOWS\System32\nojyus.dll
[2008/10/13 19:36:41 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2008/10/13 19:36:41 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2008/10/12 18:57:57 | 01,071,448 | -HS- | M] () -- C:\WINDOWS\System32\ttqhwhgi.ini
[2008/10/10 00:33:54 | 00,016,332 | ---- | M] () -- C:\Documents and Settings\James Thompson\Application Data\wklnhst.dat
[2008/10/09 21:58:20 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/05 14:44:53 | 00,962,936 | ---- | M] () -- C:\Documents and Settings\James Thompson\My Documents\trada catalogue.pdf
[2008/10/04 17:34:03 | 00,068,608 | ---- | M] () -- C:\Documents and Settings\James Thompson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/30 21:51:46 | 00,250,910 | ---- | M] () -- C:\Documents and Settings\James Thompson\Desktop\me for nus.jpg
[2008/09/30 20:47:34 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/26 22:26:55 | 00,358,400 | -HS- | M] () -- C:\Documents and Settings\James Thompson\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\James Thompson\My Documents\Thumbs.db:encryptable
< End of report >


OTViewIt Extras logfile created on: 22/10/2008 22:08:44 - Run
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\James Thompson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.61% Memory free
3.85 Gb Paging File | 3.04 Gb Available in Paging File | 78.98% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 125.46 Gb Total Space | 51.85 Gb Free Space | 41.33% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 25.08 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
Drive E: | 9.76 Gb Total Space | 5.57 Gb Free Space | 57.04% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES
Current User Name: James Thompson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- %ProgramFiles%\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
File not found -- %ProgramFiles%\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0
File not found -- %CommonProgramFiles%\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)
File not found -- %CommonProgramFiles%\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)
[2008/04/14 01:12:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console
File not found -- %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner
File not found -- %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor
File not found -- %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server
[2004/10/15 11:20:54 | 01,024,000 | ---- | M] (IVT Corporation) -- %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:enabled:BlueSoleil
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- %ProgramFiles%\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
File not found -- %ProgramFiles%\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0
File not found -- %CommonProgramFiles%\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)
File not found -- %CommonProgramFiles%\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)
[2008/04/14 01:12:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console
File not found -- %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner
File not found -- %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor
File not found -- %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server
[2004/10/15 11:20:54 | 01,024,000 | ---- | M] (IVT Corporation) -- %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:enabled:BlueSoleil
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/12/23 21:23:40 | 00,087,552 | ---- | M] () -- C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2007/11/09 19:47:40 | 03,643,192 | ---- | M] (SightSpeed Inc.) -- C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
[2008/02/20 15:26:00 | 00,425,984 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor
[2008/02/20 15:26:00 | 00,532,480 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager
[2008/02/20 15:26:00 | 00,110,592 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server
[2008/03/10 01:22:52 | 07,299,072 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit
[2008/08/29 20:59:42 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/08/29 21:00:35 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 18:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 15:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/04 19:21:33 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 15:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 15:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 17:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 13:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}"=Adobe Soundbooth CS3 Codecs
"{055A0044-64A6-4248-A026-9745C1E9E159}"=Microsoft Encarta Encyclopedia Standard 2005
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0AB149EB-2AE0-466C-9BA4-3A718CF06432}"=Informations about your PC
"{0B56244C-7B61-0409-A739-3E29DDE4DC3C}"=Bluerock Technologies Flight Studio 3ds Max 2009 32-bit
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}"=Google SketchUp Pro 6
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}"=Adobe Version Cue CS3 Server
"{1E02403C-C469-4937-9B94-7DF9F78888FA}"=Smart Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{261D0486-9127-4071-BA1D-FE784310752E}"=videon
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=PowerCinema 3.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2AB45FAF-2D92-0409-8D33-E2FE6172280E}"=Autodesk 3ds Max 2009 32-bit ProMaterials™ Library
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{305D5417-E687-0409-AA09-53DE06E059F8}"=Autodesk 3ds Max 2009 32-bit Movies
"{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200}"=CA Licensing
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3D347E6D-5A03-4342-B5BA-6A771885F379}"=Autodesk Backburner 2008.1
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}"=Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}"=Microsoft Photo Premium 10
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer
"{4458C442-7376-4CF9-AF58-E8CEA6722363}"=Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}"=Adobe Premiere Pro CS3 Third Party Content
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}"=Adobe Premiere Pro CS3 Functional Content
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}"=NETGEAR WG111T Smart Wizard Wireless Utility
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}"=RT2500 USB Wireless LAN Card
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}"=Adobe Encore CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}"=VBA (2627.01)
"{5783F2D7-4001-0409-0002-0060B0CE6BBA}"=AutoCAD 2006 - English
"{5783F2D7-6004-0409-0002-0060B0CE6BBA}"=AutoCAD Architecture 2008
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}"=Adobe Premiere Pro CS3
"{58F8C6D9-5B55-486A-A322-4E8D87670031}"=Canon MP Drivers
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}"=Microsoft AutoRoute 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B103F43-069C-11D6-9EA2-0050BAE317E1}"=Home Cinema
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142050}"=Java 2 Runtime Environment, SE v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}"=Adobe Color EU Recommended Settings
"{744A5C19-AA4C-0409-BC07-9F4C73C8B247}"=Autodesk 3ds Max 2009 32-bit Vault 2009 Plug-In
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}"=Windows Backup Utility
"{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}"=Turbo Squid Tentacles 3ds Max 2009 32-bit
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Pro
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}"=Adobe Fireworks CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}"=Adobe Creative Suite 3 Master Collection
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}"=Adobe Flash Player 9 Plugin
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}"=Musicmatchฎ Jukebox
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{911B0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Word 2002
"{9176251A-4CC1-4DDB-B343-B487195EB397}"=Windows Live Writer
"{93FB8309-1DDB-4C96-BEAC-E8DC7394B1B2}"=Samsung PC Studio 3
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}"=Google SketchUp 6
"{9A346205-EA92-4406-B1AB-50379DA3F057}"=Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 4.3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}"=Adobe Soundbooth CS3
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}"=Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}"=BlueSoleil
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1"=ConvertXtoDVD 2.2.3.258
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}"=Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}"=Google SketchUp LayOut 6
"{C251E4E6-89BA-0409-9B42-1B3D01D34783}"=Autodesk 3ds Max 2009 32-bit Architectural Materials Library
"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio 3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}"=PC Inspector smart recovery
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}"=PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}"=Microsoft Works Suite Add-in for Microsoft Word
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"{CD815603-AB71-4CFB-B3AC-522298037ACC}"=W83L518D
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1955A3A-EA24-4682-8641-43B5B688B09A}"=USB Wireless Keyboard Driver
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}"=PhotoNow! 1.0
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{D5A9B7C0-8751-11D8-9D75-000129760D75}"=MediaShow 3.0
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}"=Works Upgrade
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}"=Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}"=Generic USB CardReader 2.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EABE2A27-9452-472E-9389-EFF410E956E1}"=DeviceControl
"{EB0202F7-016A-410C-ADE4-40F848CCC661}"=Adobe After Effects CS3
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}"=Google SketchUp 6 Exporters
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}"=Samsung PC Studio 3 USB Driver Installer
"{EFCBBB01-F876-0409-B91F-7B6132E8BB64}"=Autodesk 3ds Max 2009 32-bit Vault 2008 Plug-In
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F681200C-0446-0409-ABE4-EA9105E40EE4}"=Autodesk 3ds Max 2009 32-bit Additional Maps and Material Libraries
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}"=Adobe Contribute CS3
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}"=Autodesk 3ds Max 2009 32-bit
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}"=Adobe Color NA Extra Settings
"Adobe Acrobat 8 Professional"=Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236"=Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Advanced Video FX Engine"=Advanced Video FX Engine
"AutoCAD Architecture 2008"=AutoCAD Architecture 2008
"AVG8Uninstall"=AVG Free 8.0
"BitTornado"=BitTornado 0.3.18
"cciss_av"=CA Anti-Virus
"C-Media Audio Driver"=C-Media High Definition Audio Driver
"Creative Live! Cam Center"=Creative Live! Cam Center
"Creative Live! Cam Manager"=Creative Live! Cam Manager
"Creative Live! Cam Notebook Pro User's Guide English"=Creative Live! Cam Notebook Pro User's Guide (English)
"Creative Photo Calendar"=Creative Photo Calendar
"Creative Photo Manager"=Creative Photo Manager
"Creative Software AutoUpdate"=Creative Software AutoUpdate
"Creative VF0250"=Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
"Creatix V.92 Data Fax Modem"=Creatix V.92 Data Fax Modem
"CutePDF Writer Installation"=CutePDF Writer 2.7
"DVDFab Platinum_is1"=DVDFab Platinum 3.0.5.5 Ghosthunter release
"FBX Plugin 2009.0 for Max 2009"=FBX Plugin 2009.0 for Max 2009
"GrabIt_is1"=GrabIt 1.7.1 Beta (build 960)
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}"=OpenMG Secure Module 4.7.00
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Messenger Plus! Live"=Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MKV TO AVI CONVERTER_is1"=MKV TO AVI CONVERTER version 3.1
"Money2005b"=Microsoft Money
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01"=OpenMG Limited Patch 4.7-07-14-05-01
"PFConfig"=PFConfig 1.0.220
"PictureItPrem_v10"=Microsoft Photo Premium 10
"Power Data Recovery_is1"=Power Data Recovery 4.1.2
"QuickPar"=QuickPar 0.9
"RealPlayer 6.0"=RealPlayer
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device"=SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver"=Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave"=Shockwave
"SightSpeed"=SightSpeed (remove only)
"StreetPlugin"=Learn2 Player (Uninstall Only)
"StuffPlug3"=StuffPlug 3
"SysInfo"=Creative System Information
"TomTom HOME"=TomTom HOME
"UltraISO_is1"=UltraISO Premium V8.63
"VETWIN32Vp5"=CA Anti-Virus
"ViewpointMediaPlayer"=Viewpoint Media Player
"VLC media player"=VideoLAN VLC media player 0.8.6c
"VSO DivxToDVD_is1"=DivxToDVD 0.5.1
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Works2005Setup"=Microsoft Works 2005 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware"=X10 Hardware™
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2008 19:30:01 | Computer Name = JAMES | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2008 19:36:26 | Computer Name = JAMES | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2008 19:36:45 | Computer Name = JAMES | Source = Application Error | ID = 1000
Description = Faulting application bluesoleil.exe, version 1.4.0.1, faulting module
mfc42.dll, version 6.2.4131.0, fault address 0x000011c7.

Error - 12/10/2008 19:40:56 | Computer Name = JAMES | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2008 19:40:57 | Computer Name = JAMES | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/10/2008 14:16:33 | Computer Name = JAMES | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/10/2008 14:33:38 | Computer Name = JAMES | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 13/10/2008 14:33:41 | Computer Name = JAMES | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 14/10/2008 13:03:12 | Computer Name = JAMES | Source = Application Hang | ID = 1002
Description = Hanging application MSWorks.exe, version 8.4.629.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15/10/2008 14:58:54 | Computer Name = JAMES | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 15/10/2008 18:57:28 | Computer Name = JAMES | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/10/2008 03:14:26 | Computer Name = JAMES | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 16/10/2008 03:14:26 | Computer Name = JAMES | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 16/10/2008 03:14:26 | Computer Name = JAMES | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 16/10/2008 03:14:26 | Computer Name = JAMES | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 16/10/2008 03:14:26 | Computer Name = JAMES | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 16/10/2008 03:14:26 | Computer Name = JAMES | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 16/10/2008 03:14:26 | Computer Name = JAMES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss StarOpen Tcpip VET-FILT
VET-REC
VETEFILE
VETMONNT

Error - 16/10/2008 03:27:51 | Computer Name = JAMES | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/10/2008 14:03:17 | Computer Name = JAMES | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 22 October 2008 - 04:57 PM

Hello J-1303.

You do indeed have a Vundo infection.

I see that you have The Avenger on your computer. Please do not use it unless directed as it can be very dangerous if used improperly. Thanks.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run.

To disable AVG:
  • Please navigate to the system tray on the bottom right hand corner and look for this Posted Image sign.
  • Right click it-> select Quit Control Center.
  • A warning will pop up, click Yes
To disable SpyBot's TeaTimer:
  • Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select Advanced Mode.
  • On the left hand side, Click on Tools.
  • Click on the Resident icon in the list.
  • Uncheck Resident TeaTimer and OK any prompts.
  • Download ResetTeaTimer.bat and run it to remove entries set by TeaTimer. The file should take only a second to finish. Delete this file after use.
Restart your computer for the changes to take affect.

Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb14c29c-2b9a-4113-8ac1-50c0a4dc6d2a}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D82AAC-C3EA-46FA-9A23-1C11ECF988E8}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"=-
    [HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"="avgrsstx.dll"
    :processes
    explorer.exe
    :files
    C:\WINDOWS\system32\nojyus.dll
     C:\WINDOWS\System32\wxvthtla.dll
    :commands
    [Reboot]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Update Java to Version 6 Update 10
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please then install the latest Java, JDK 6 Update 10 from this page. Follow the prompts and select the appropriate settings for your machine (most likely "Windows"). Click on the "Required File" jdk-6u10-windows-i586-p.exe to download the installer. Double click the installer to run. Delete the installer after use.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Please post back with:
-the OTMoveIt log
-the Kaspersky log
-a new OTViewIt log (just OTViewIt.txt)

With Regards,
The Panda

Edited by PropagandaPanda, 22 October 2008 - 04:58 PM.


#5 J-1303

J-1303
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 25 October 2008 - 08:15 AM

Thank you for your help so far Panda, Below are the OTMoveIt log, the Kaspersky log & the new OTViewIt log as requested.

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb14c29c-2b9a-4113-8ac1-50c0a4dc6d2a}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D82AAC-C3EA-46FA-9A23-1C11ECF988E8}\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"avgrsstx.dll":processesexplorer.exe:filesC:\WINDOWS\system32\nojyus.dllC:\WINDOWS\System32\wxvthtla.dll:commands /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10232008_194317


KASPERSKY ONLINE SCANNER 7 REPORT
Friday, October 24, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, October 24, 2008 06:46:52
Records in database: 1341581



Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
L:\

Scan statistics
Files scanned 208956
Threat name 2
Infected objects 3
Suspicious objects 0
Duration of the scan 14:18:45

File name Threat name Threats count
C:\Documents and Settings\James Thompson\Local Settings\Temporary Internet Files\Content.IE5\3CDN2PT7\_freescan[1].htm Infected: Trojan-Downloader.JS.Agent.cuu 1

C:\WINDOWS\system32\nojyus.dll Infected: Trojan.Win32.Agent.ajla 1

C:\WINDOWS\system32\wxvthtla.dll Infected: Trojan.Win32.Agent.ajla 1

The selected area was scanned.


OTViewIt logfile created on: 25/10/2008 10:17:09 - Run 4
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\James Thompson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.68% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.65% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 125.46 Gb Total Space | 51.79 Gb Free Space | 41.28% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 25.08 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
Drive E: | 9.76 Gb Total Space | 5.57 Gb Free Space | 57.04% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES
Current User Name: James Thompson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/04/14 01:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2004/07/21 02:18:54 | 00,090,112 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
[2004/02/24 22:05:58 | 00,508,416 | ---- | M] (Chicony) -- C:\WINDOWS\mHotkey.exe
[2004/02/04 01:15:54 | 05,794,816 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe
[2004/02/20 15:00:28 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
[2004/10/29 20:34:36 | 00,081,920 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
[2004/10/06 14:03:35 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2006/06/07 18:00:00 | 00,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0250Mon.exe
[2006/10/09 14:49:06 | 00,020,480 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
[2008/01/11 19:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[2008/09/29 18:54:09 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/10/13 19:36:42 | 00,247,024 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
[2007/10/16 19:36:13 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
[2008/08/29 21:00:32 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/30 15:14:36 | 00,234,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
[2008/10/23 20:06:09 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/08/05 00:32:02 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2004/10/12 17:54:10 | 00,106,496 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2006/05/31 17:00:54 | 00,143,360 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/05/06 09:42:14 | 00,202,088 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
[2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/08/30 15:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
[2004/10/15 11:20:54 | 01,024,000 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
[2004/10/06 16:56:28 | 00,483,412 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
[2008/10/23 20:06:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2002/09/19 19:29:30 | 00,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
[2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
[2004/09/20 23:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/08/30 15:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
[2008/07/04 19:21:12 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/08/29 21:00:35 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2001/11/12 21:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
[2008/04/23 21:31:14 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/10/13 19:36:42 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/22 22:07:59 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Thompson\Desktop\OTViewIt.exe
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe

========== (O23) Win32 Services ==========

[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/16 19:36:13 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
[2008/08/29 21:00:35 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/08/29 21:00:32 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2004/10/12 17:54:10 | 00,106,496 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/10/13 19:36:42 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Running])
[2008/08/30 15:14:36 | 00,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe [Auto | Running])
[2002/09/19 19:27:06 | 00,077,824 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT [On_Demand | Stopped])
[2002/09/19 19:41:02 | 00,077,824 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/04/23 21:31:14 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/08/01 19:25:57 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/10/23 20:06:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2002/09/19 19:29:30 | 00,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch [Auto | Running])
[2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32 [Auto | Running])
[2006/12/14 03:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2004/09/20 23:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/12/14 02:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2007/02/05 11:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service [On_Demand | Stopped])
[2006/12/14 03:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2007/02/05 11:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2008/08/30 15:14:38 | 00,255,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT [Auto | Running])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2001/11/12 21:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [On_Demand | Running])

========== Driver Services ==========

[2004/10/06 14:10:46 | 00,945,152 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid [On_Demand | Running])
[2004/10/06 18:36:11 | 00,015,939 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2004/02/20 15:00:44 | 01,265,388 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2004/10/15 10:41:24 | 00,285,216 | ---- | M] (NETGEAR, Inc.) -- C:\WINDOWS\system32\drivers\wg11tnd5.sys -- (AR5523 [On_Demand | Stopped])
[2004/10/14 18:24:00 | 00,043,392 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL [On_Demand | Stopped])
[2008/08/29 21:00:29 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/04 19:21:11 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/07/04 19:21:50 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2004/09/21 18:18:36 | 00,019,712 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
[2004/09/21 18:15:34 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT [On_Demand | Stopped])
[2004/10/12 16:08:12 | 00,023,896 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb [On_Demand | Running])
[2004/09/21 18:18:02 | 00,011,604 | ---- | M] () -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum [On_Demand | Running])
[2004/10/12 17:03:02 | 00,028,687 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
[2008/10/25 09:55:57 | 00,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter [On_Demand | Stopped])
[2004/10/01 13:58:10 | 01,272,000 | ---- | M] (C-Media Inc.) -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax [On_Demand | Running])
[2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5 [On_Demand | Stopped])
[2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
[2003/01/15 15:05:54 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/03/18 00:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/04/13 17:42:16 | 00,068,096 | ---- | M] (EZB Systems, Inc.) -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive [System | Running])
[2008/04/13 19:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/07/29 17:00:33 | 00,015,890 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2001/08/17 04:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2008/04/13 19:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])
[2004/10/07 01:38:30 | 00,028,352 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Running])
[2004/09/21 18:18:36 | 00,013,299 | ---- | M] () -- C:\WINDOWS\system32\drivers\packet.sys -- (NPF [On_Demand | Stopped])
[2002/09/12 16:29:42 | 00,006,016 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM [On_Demand | Stopped])
[2004/09/20 23:09:00 | 02,738,592 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2007/09/09 14:49:51 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2003/12/05 17:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/10/18 03:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2004/08/14 00:38:18 | 00,140,544 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB [On_Demand | Stopped])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/08/30 02:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2005/08/30 02:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
[2005/08/30 02:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
[2005/08/30 18:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
[2005/08/30 18:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
[2005/08/30 18:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
[2006/07/24 17:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
[2003/12/19 17:13:30 | 00,011,672 | ---- | M] (Chicony) -- C:\WINDOWS\system32\drivers\UKBFLT.sys -- (UKBFLT [On_Demand | Running])
[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/06/27 04:25:26 | 00,185,504 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\V0250Dev.sys -- (V0250Dev [On_Demand | Running])
[2006/03/24 09:24:32 | 00,006,272 | R--- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\drivers\V0250Vfx.sys -- (V0250Vfx [On_Demand | Running])
[2004/09/21 18:18:52 | 00,061,048 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm [On_Demand | Running])
[2004/09/22 18:08:46 | 00,081,548 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
[2008/08/30 15:14:36 | 00,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT [System | Running])
[2008/08/30 15:14:34 | 00,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC [System | Running])
[2008/10/13 19:36:41 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT [On_Demand | Running])
[2008/10/13 19:36:41 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE [System | Running])
[2008/08/30 15:14:28 | 00,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT [System | Running])
[2008/08/30 15:14:34 | 00,032,240 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])
[2002/04/24 20:07:56 | 00,019,928 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\system32\drivers\wbscr.sys -- (wbscr [On_Demand | Running])
[2004/01/16 21:02:58 | 00,017,408 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.facebook.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.com

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.aldi.com

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.facebook.com/

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/04/23 22:13:04 | 00,000,000 | ---D | M]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AGRSMMSG"=AGRSMMSG.exe (Agere Systems)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AVFX Engine"=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
"CHotkey"=mHotkey.exe (Chicony)
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
"Dit"=Dit.exe (ICSI Technology Ltd.)
"High Definition Audio Property Page Shortcut"=HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"ledpointer"=CNYHKey.exe (Chicony)
"LiveUpdate"="C:\Program Files\Samsung\Samsung PC Studio 3\\Update\Copyer.exe" -R (TODO: <회사 이름>)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"nwiz"=nwiz.exe /install (NVIDIA Corporation)
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" (CyberLink Corp.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"V0250Mon.exe"=C:\WINDOWS\V0250Mon.exe (Creative Technology Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" (Creative Technology Ltd.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" (Creative Technology Ltd.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/03/05 14:18:22 | 00,010,872 | ---- | M] (Autodesk, Inc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
[2004/10/15 11:20:54 | 01,024,000 | ---- | M] (IVT Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
[2004/10/06 16:56:28 | 00,483,412 | ---- | M] (NETGEAR) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar search: C:\Program Files\AOL Toolbar\toolbar.dll File not found
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 19:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-526243455-2078149131-2728897694-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc.cab -- Office Update Installation Engine
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://v5.windowsupdate.microsoft.com/v5co...b?1097053507402 -- WUWebControl Class
{644F656A-013E-4198-BE03-1D7A4F6AB550}: https://www.promapserver.co.uk/controls/latest/promap.cab -- Promap Control
{7584C670-2274-4EFB-B00B-D6AABA6D3850}: https://server01.simpsonhilder.co.uk/Remote/msrdp.cab -- Microsoft RDP Client Control (redist)
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{A90A5822-F108-45AD-8482-9BC8B12DD539}: http://www.crucial.com/controls/cpcScanner.cab -- Crucial cpcScan
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{026D9304-8605-46E9-8092-30CC4852AAC9} (Servers: | Description: NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter)
{1096E44D-25F4-4BD3-AE79-FA1B68C1A345} (Servers: | Description: )
{2753968A-58CE-481D-BE84-FCDDFD620F4D} (Servers: | Description: 1394 Net Adapter)
{8FA2D41F-A01E-4125-AC42-C67DF4809D4B} (Servers: | Description: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX))
{94913FD9-6D35-4FE5-B126-E85957D1345A} (Servers: | Description: )
{A99B5B70-E44A-4BE9-B2C0-FE6CFAA5199D} (Servers: | Description: RT2500 USB Wireless LAN Card)
{FFCF40D6-3897-4FDF-B9C3-EBBAF23E3180} (Servers: | Description: VIA VT6105 Rhine III Fast Ethernet Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll":processesexplorer.exe:filesC:\WINDOWS\system32\nojyus.dllC:\WINDOWS\System32\wxvthtla.dll:command
>[2008/07/04 19:21:12 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [@echo off | cls | echo. start flashing BIOS MS7091? | pause | AWFL859G.exe W7091MLN.314 /Py /Sn /Cd /Cp /Cc /E /R | ]
[2005/05/25 13:58:36 | 00,000,111 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ]
[2007/07/29 18:37:16 | 00,000,090 | ---- | M] () -- D:\AUTORUN.INF -- [ NTFS ]

AUTOEXEC.BAT [@echo off | cls | echo. start flashing BIOS MS7091? | pause | AWFL859G.exe W7091MLN.314 /Py /Sn /Cd /Cp /Cc /E /R | ]
[2005/05/25 13:58:36 | 00,000,111 | ---- | M] () -- E:\AUTOEXEC.BAT -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d62a728c-b4ae-11dc-a857-000fb59ba5c8}\Shell\AutoRun\command]
""=K:\InstallTomTomHOME.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2008/10/24 23:52:28 | 00,005,635 | ---- | C] () -- C:\Documents and Settings\James Thompson\Desktop\online scanner log.rtf
[2008/10/24 23:39:43 | 00,003,404 | ---- | C] () -- C:\Documents and Settings\James Thompson\Desktop\kaspersky log.html
[2008/10/23 19:43:58 | 00,001,600 | ---- | C] () -- C:\Documents and Settings\James Thompson\Desktop\Document.rtf
[2008/10/23 19:43:17 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/23 19:25:01 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James Thompson\Desktop\OTMoveIt3.exe
[2008/10/23 19:12:40 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/22 22:07:35 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James Thompson\Desktop\OTViewIt.exe
[2008/10/21 20:59:24 | 11,057,8288 | ---- | C] (CA, Inc. ) -- C:\Documents and Settings\James Thompson\My Documents\issdm_en_32.exe
[2008/10/21 20:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Thompson\Application Data\GetRightToGo
[2008/10/18 17:37:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Thompson\Local Settings\Application Data\Identities
[2008/10/16 19:52:54 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/16 19:05:11 | 21,470,12608 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/15 00:18:38 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/15 00:16:16 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 00:15:56 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 00:15:54 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 00:15:46 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 00:15:43 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/14 23:15:36 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/10/14 23:09:09 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/10/14 17:59:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Thompson\Application Data\Malwarebytes
[2008/10/14 17:59:08 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 17:59:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/14 17:59:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/14 17:59:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/14 17:58:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/13 19:52:50 | 00,109,568 | ---- | C] () -- C:\WINDOWS\System32\nojyus.dll
[2008/10/13 19:52:44 | 00,109,568 | ---- | C] () -- C:\WINDOWS\System32\wxvthtla.dll
[2008/10/13 19:51:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\CAVTemp
[2008/10/13 19:34:44 | 00,032,240 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
[2008/10/13 19:34:44 | 00,021,488 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2008/10/13 19:34:44 | 00,021,104 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2008/10/13 19:34:43 | 00,880,560 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2008/10/13 19:34:43 | 00,108,368 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2008/10/13 19:34:43 | 00,099,568 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\isafeif.dll
[2008/10/13 19:34:43 | 00,091,376 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\isafprod.dll
[2008/10/13 19:34:43 | 00,083,256 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\vetredir.dll
[2008/10/13 19:34:43 | 00,026,352 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys
[2008/10/13 19:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/10/13 19:23:51 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/13 19:23:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/12 18:56:42 | 01,071,448 | -HS- | C] () -- C:\WINDOWS\System32\ttqhwhgi.ini
[2008/10/05 18:40:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Thompson\My Documents\University
[2008/10/05 14:44:53 | 00,962,936 | ---- | C] () -- C:\Documents and Settings\James Thompson\My Documents\trada catalogue.pdf
[2008/10/05 00:56:14 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/05 00:55:41 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/05 00:55:39 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/10/05 00:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/30 21:51:43 | 00,250,910 | ---- | C] () -- C:\Documents and Settings\James Thompson\Desktop\me for nus.jpg

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/25 10:17:19 | 00,000,581 | ---- | M] () -- C:\Documents and Settings\James Thompson\My Documents\My Sharing Folders.lnk
[2008/10/25 09:58:08 | 29,259,604 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/25 09:58:08 | 00,079,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/25 09:55:57 | 00,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2008/10/25 09:55:53 | 00,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/25 09:55:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/25 09:55:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/25 09:55:39 | 21,470,12608 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/24 23:52:29 | 00,005,635 | ---- | M] () -- C:\Documents and Settings\James Thompson\Desktop\online scanner log.rtf
[2008/10/24 23:39:43 | 00,003,404 | ---- | M] () -- C:\Documents and Settings\James Thompson\Desktop\kaspersky log.html
[2008/10/23 19:43:58 | 00,001,600 | ---- | M] () -- C:\Documents and Settings\James Thompson\Desktop\Document.rtf
[2008/10/23 19:25:13 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Thompson\Desktop\OTMoveIt3.exe
[2008/10/22 22:07:59 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Thompson\Desktop\OTViewIt.exe
[2008/10/22 19:00:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/21 21:02:08 | 11,057,8288 | ---- | M] (CA, Inc. ) -- C:\Documents and Settings\James Thompson\My Documents\issdm_en_32.exe
[2008/10/21 20:31:57 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/16 20:25:46 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/16 20:25:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/15 19:59:58 | 04,262,276 | -H-- | M] () -- C:\Documents and Settings\James Thompson\Local Settings\Application Data\IconCache.db
[2008/10/15 17:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 17:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 08:39:13 | 01,647,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 08:36:20 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 08:20:38 | 00,114,512 | ---- | M] () -- C:\Documents and Settings\James Thompson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/14 17:59:08 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/13 19:52:45 | 00,109,568 | ---- | M] () -- C:\WINDOWS\System32\wxvthtla.dll
[2008/10/13 19:52:45 | 00,109,568 | ---- | M] () -- C:\WINDOWS\System32\nojyus.dll
[2008/10/13 19:36:41 | 00,880,560 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2008/10/13 19:36:41 | 00,108,368 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2008/10/12 18:57:57 | 01,071,448 | -HS- | M] () -- C:\WINDOWS\System32\ttqhwhgi.ini
[2008/10/10 00:33:54 | 00,016,332 | ---- | M] () -- C:\Documents and Settings\James Thompson\Application Data\wklnhst.dat
[2008/10/09 21:58:20 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/05 14:44:53 | 00,962,936 | ---- | M] () -- C:\Documents and Settings\James Thompson\My Documents\trada catalogue.pdf
[2008/10/04 17:34:03 | 00,068,608 | ---- | M] () -- C:\Documents and Settings\James Thompson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/09/30 21:51:46 | 00,250,910 | ---- | M] () -- C:\Documents and Settings\James Thompson\Desktop\me for nus.jpg
[2008/09/30 20:47:34 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/26 22:26:55 | 00,358,400 | -HS- | M] () -- C:\Documents and Settings\James Thompson\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\James Thompson\My Documents\Thumbs.db:encryptable
< End of report >

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 25 October 2008 - 10:10 AM

Hello J-1303.

Something didn't go right with OTMoveIt. Let's try it again.

Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"="avgrsstx.dll"
    
    
    :files
    C:\WINDOWS\system32\nojyus.dll
    C:\WINDOWS\System32\wxvthtla.dll
    C:\WINDOWS\System32\ttqhwhgi.ini
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Post back with:
-the OTMoveIt log
-the F-Secure log
-a new HijackThis log

How is your computer running now?

With Regards,
The Panda

#7 J-1303

J-1303
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 28 October 2008 - 03:02 PM

Logs as requested.

Computer seems to have improved.

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"avgrsstx.dll" /E : value set successfully!
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nojyus.dll
C:\WINDOWS\system32\nojyus.dll NOT unregistered.
C:\WINDOWS\system32\nojyus.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wxvthtla.dll
C:\WINDOWS\System32\wxvthtla.dll NOT unregistered.
C:\WINDOWS\System32\wxvthtla.dll moved successfully.
C:\WINDOWS\System32\ttqhwhgi.ini moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10252008_180422

Scanning Report
Sunday, October 26, 2008 06:48:01 - 18:36:58
Computer name: JAMES
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ E:\

Result: 16 malware found
TrackingCookie.2o7 (spyware)
• System
TrackingCookie.Adrevolver (spyware)
• System
TrackingCookie.Adtech (spyware)
• System
TrackingCookie.Advertising (spyware)
• System
TrackingCookie.Atdmt (spyware)
• System
TrackingCookie.Doubleclick (spyware)
• System
TrackingCookie.Emediate (spyware)
• System
TrackingCookie.Mediaplex (spyware)
• System
TrackingCookie.Questionmarket (spyware)
• System
TrackingCookie.Revsci (spyware)
• System
TrackingCookie.Tradedoubler (spyware)
• System
TrackingCookie.Yieldmanager (spyware)
• System
TrackingCookie.Zanox (spyware)
• System
Trojan-Downloader.JS.Agent.cuu (virus)
• C:\DOCUMENTS AND SETTINGS\JAMES THOMPSON\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\3CDN2PT7\_FREESCAN[1].HTM (Renamed)
Trojan.Win32.Agent.ajla (virus)
• C:\_OTMOVEIT\MOVEDFILES\10252008_180422\WINDOWS\SYSTEM32\NOJYUS.DLL (Renamed)
• C:\_OTMOVEIT\MOVEDFILES\10252008_180422\WINDOWS\SYSTEM32\WXVTHTLA.DLL (Renamed)

Statistics
Scanned:
• Files: 124913
• System: 6463
• Not scanned: 8
Actions:
• Disinfected: 0
• Renamed: 4
• Deleted: 0
• None: 13
• Submitted: 0
Files not scanned:
• C:\HIBERFIL.SYS
• C:\PAGEFILE.SYS
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\0237\0192\VALUES

Options
Scanning engines:
• F-Secure USS: 2.30.0
• F-Secure Blacklight: 1.0.68
• F-Secure Hydra: 2.8.8110, 2008-10-27
• F-Secure Pegasus: 1.20.0, 2008-09-22
• F-Secure AVP: 7.0.171, 2008-10-27
Scanning options:
• Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
• Use Advanced heuristics

Copyright ฉ 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:27, on 26/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LiveUpdate] "C:\Program Files\Samsung\Samsung PC Studio 3\\Update\Copyer.exe" -R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1097053507402
O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} (Promap Control) - https://www.promapserver.co.uk/controls/latest/promap.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://server01.simpsonhilder.co.uk/Remote/msrdp.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15443 bytes

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 28 October 2008 - 03:32 PM

Hello J-1303.

Looks good. If it's doing well on your side, then we can wrap up.

Run Cleanup! with OTMoveIt
Let's clear out the tools we've used.
  • Double click the OTMoveIt2.exe icon on your desktop to start the program.
  • Click Posted Image.
  • A pop-up box will appear asking "Begin Removal Process?". Click Yes.
  • Click Yes when asked to reboot.
Set New System Restore Point
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restor.
  • Choose the radio button marked "Create a Restore Point" on the first screen then click Next. Give the R.P. a name then click Create. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type:
    cleanmgr
  • Click OK.
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

For general slowness problems, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#9 J-1303

J-1303
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 28 October 2008 - 05:32 PM

i noticed when i started y computer that a little red shield with a cross in it showed with a message saying windows firewall is turnt off, and i let my computer start up fully, and i noticed it had gone and checked the security center and it was turnt on.

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 29 October 2008 - 07:21 AM

Hello.

Could you possibly provide a screeshot. It would help us to deduce if this is something to worry about.

With Regards,
The Panda

#11 J-1303

J-1303
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 PM

Posted 30 October 2008 - 06:06 AM

It didnt appear this time, rather strange, also i did a quick scan 2 days ago with Malware byte's as it always picked up on 2 infected registry keys and rescanned yesterday and these are now removed, all seems to be working fine.

Thank You for your help, greatly appreciated.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 PM

Posted 30 October 2008 - 10:56 AM

Hello.

Glad we could help :thumbsup: .

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users