Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is running slow and crashing


  • This topic is locked This topic is locked
13 replies to this topic

#1 ThisSportingLife

ThisSportingLife

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 26 October 2008 - 08:44 AM

Hi,

My computer is running slowly and crashes sometimes. I'd appreciate any help you can give. Thanks in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:46, on 26/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\USB Product Driver v2.33r005\shwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\msauc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShowIcon_Integral_USB Product Driver v2.33r005] "C:\Program Files\USB Product Driver v2.33r005\shwicon.exe" -t"Integral\USB Product Driver v2.33r005"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe
O4 - HKCU\..\Run: [SpySweeper] "E:\SpySweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [procact] C:\WINDOWS\system32\wvobgngd.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161428680622
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: smartdb - {02C63A4F-AB96-1F6C-609B-009702B577C3} - C:\Program Files\nflsvzd\smartdb.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9119 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:14 AM

Posted 26 October 2008 - 10:16 AM

Hello ThisSportingLife

Welcome to BleepingComputer :thumbsup:
========================
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information,
please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions
to apprise them of your situation.

Please read this for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
================
Next

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      FIle - Lop check
      File - Purity Scan
      Under Basic scans:
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Attach the information back here. I will review it when it comes in.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 ThisSportingLife

ThisSportingLife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 29 October 2008 - 06:30 AM

Hi Kahdah,

Thanks a lot for taking the trouble to answer so quickly. Just let me tell you how things went.

It was actually my friend's HJT log that I posted here though it seemed simpler just to say it was mine. The last time I posted something here it took quite a while to get a response so this time, while I was waiting, I decided to do some research myself. It seemed I needed SDFix to get rid of the msauc.exe trojan, which I could see on the HJT log. So I downloaded and ran SDFix on my friend's computer and it found and removed several nasties including, as you correctly said, some trojans.

After this I pretty much forgot about checking for answers on this site. However, this afternoon I did, found your reply and have since forwarded your comments to my friend and advised her to follow your suggestions i.e. run ATF Cleaner and OTScanIt.exe. When she has done so I will post the results here.

Thanks again for your help,

Keith

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:14 AM

Posted 29 October 2008 - 09:24 AM

Ok no problem when you post the logs we will continue. :thumbsup:
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 ThisSportingLife

ThisSportingLife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 01 November 2008 - 05:51 AM

Hi Kahdah,

Here's the OTScanIt. I hope it makes some sense to you. How on Earth do you analyze stuff like this? Anyway, thanks in advance and I really appreciate your help.

OTScanIt logfile created on: 30/10/2008 21:39:05
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Ceri\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
479.48 Mb Total Physical Memory | 208.38 Mb Available Physical Memory | 43.46% Memory free
1.10 Gb Paging File | 0.76 Gb Available in Paging File | 68.96% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 11.49 Gb Free Space | 30.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AHUGHES
Current User Name: Ceri
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 21/02/2004 14:00:28 | Attr =	]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.11.6 23Jul04 | Size = 102400 bytes | Modified Date = 24/07/2004 13:49:30 | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.11.6 23Jul04 | Size = 684032 bytes | Modified Date = 24/07/2004 13:49:02 | Attr =	]
shwicon.exe -> %ProgramFiles%\USB Product Driver v2.33r005\shwicon.exe -> MyComp [Ver = 2, 0, 4, 20 | Size = 81920 bytes | Modified Date = 22/04/2005 19:11:22 | Attr =	]

[Win32 Services - Non-Microsoft Only]

[Driver Services - Non-Microsoft Only]
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:41 | Size = 1265388 bytes | Modified Date = 21/02/2004 14:00:44 | Attr =	]
(ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXSENS.SYS -> Sensaura [Ver = 5.10.00.3513 | Size = 400384 bytes | Modified Date = 24/02/2004 20:08:52 | Attr =	]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -> File not found
(FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc.			   [Ver = 2.66 | Size = 27165 bytes | Modified Date = 17/08/2001 21:13:08 | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 17/08/2001 21:52:12 | Attr =	]
(ntvptntr) ntvptntr [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\ntvptntr.sys -> File not found
(RTL8023xp) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.616.0809.2004 built by: WinDDK | Size = 70144 bytes | Modified Date = 10/08/2004 13:27:18 | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 04/08/2004 06:31:34 | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 17/08/2001 22:07:44 | Attr =	]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.11.6 23Jul04 | Size = 185824 bytes | Modified Date = 24/07/2004 13:44:24 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 21/02/2004 14:00:28 | Attr =	]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 23/07/2008 04:42:24 | Attr =	]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe [C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP] -> GRISOFT, s.r.o. [Ver = 7.5.0.545 | Size = 590848 bytes | Modified Date = 18/10/2008 11:08:54 | Attr =	]
HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.3865 | Size = 118784 bytes | Modified Date = 02/07/2004 10:58:46 | Attr =	]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 13/05/2004 00:18:56 | Attr =	]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 17/02/2005 07:11:42 | Attr =	]
IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.3865 | Size = 155648 bytes | Modified Date = 02/07/2004 11:02:52 | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 30/07/2008 18:47:56 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 27/05/2008 18:50:30 | Attr =	]
ShowIcon_Integral_USB Product Driver v2.33r005 -> %ProgramFiles%\USB Product Driver v2.33r005\shwicon.exe -tIntegral\USB Product Driver v2.33r ["C:\Program Files\USB Product Driver v2.33r005\shwicon.exe" -t"Integral\USB Product Driver v2.33r005"] -> File not found
SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 69632 bytes | Modified Date = 30/08/2004 22:48:34 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 04:27:04 | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.11.6 23Jul04 | Size = 684032 bytes | Modified Date = 24/07/2004 13:49:02 | Attr =	]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.11.6 23Jul04 | Size = 102400 bytes | Modified Date = 24/07/2004 13:49:30 | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
procact -> %SystemRoot%\system32\wvobgngd.exe [C:\WINDOWS\system32\wvobgngd.exe] -> File not found
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 4.0.59.161 | Size = 25510696 bytes | Modified Date = 09/08/2008 01:48:42 | Attr = R  ]
SpySweeper -> E:\SpySweeper\SpySweeper.exe ["E:\SpySweeper\SpySweeper.exe" /0] -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 17/06/2007 19:54:51 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 24/09/2005 06:05:26 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 16/09/2003 13:19:24 | Attr =	]
< Ceri Startup Folder > -> C:\Documents and Settings\Ceri\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 09:12:19 | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/04/2008 09:12:38 | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/04/2008 09:12:24 | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 09:12:05 | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/04/2008 09:12:41 | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3865 | Size = 344064 bytes | Modified Date = 02/07/2004 10:58:26 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 14/04/2008 03:40:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 20/08/2004 21:16:39 | Attr =	]
< HOSTS File > (686 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1 localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://news.bbc.co.uk/ -> 
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 12:16:42 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 04:27:02 | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 08:55:32 | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 1, 807, 1746 | Size = 737776 bytes | Modified Date = 27/09/2008 22:13:07 | Attr =	]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 08:55:32 | Attr = R  ]
{2E560504-B9C8-48AA-982A-08B79C3FD40E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll [Athens Toolbar] -> Eduserv Technologies Limited [Ver = 1.0.0.0 | Size = 155648 bytes | Modified Date = 08/07/2006 02:20:48 | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 08:55:32 | Attr = R  ]
WebBrowser\\{2E560504-B9C8-48AA-982A-08B79C3FD40E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll [Athens Toolbar] -> Eduserv Technologies Limited [Ver = 1.0.0.0 | Size = 155648 bytes | Modified Date = 08/07/2006 02:20:48 | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10/06/2008 04:27:02 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 04:27:02 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10/06/2008 04:27:02 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1D141641-AB15-4A99-A41A-B887A2F6C942} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{53B78E6A-5F29-47DC-B587-2EFF6B97ADD0} ->	(PRISM 802.11g Adapter (3886)) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24/07/2007 23:17:08 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 13/05/2004 00:18:56 | Attr =	]
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 31, 0 | Size = 1942824 bytes | Modified Date = 09/08/2008 01:48:42 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab[Office Genuine Advantage Validation Tool] -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{1E3F1348-4370-4BBE-A67A-CC7ED824CA85}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab[Microsoft Genuine Advantage Self Support Tool] -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161428680622[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\.Owner -> {0CCA191D-13A6-4E29-B746-314DEE697D83} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\{0CCA191D-13A6-4E29-B746-314DEE697D83} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/SelfHelpControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/SelfHelpControl.DLL\\.Owner -> {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/SelfHelpControl.DLL\\{1E3F1348-4370-4BBE-A67A-CC7ED824CA85} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{0CCA191D-13A6-4E29-B746-314DEE697D83} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 09:12:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 14/04/2008 09:11:56 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 09:12:00 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 14/04/2008 09:12:05 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 14/04/2008 09:12:08 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 712 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 14/04/2008 09:12:05 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 14/04/2008 09:12:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 9C 41 51 75 94 35 24 91 D2 17 3C 3A FD 55 07 38 61 30 35 66 63 65 33 33 00 00 00 00 46 8C 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 98 21 06 AA 21 2C 5F D4 00 09 3E A0  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 2C 7B 65 8A D7 2C 46 69 DE  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 6C D3 92 83 31 07  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 71 AF 96 2D 70 95 9A 21 93 86 C7 11 7F 8D 80 C1  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> A0 BB 50 F9 1B 38 C9 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 09:12:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 16841 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 14/04/2008 09:11:55 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 09:12:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 14/04/2008 03:53:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 11:34:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 17:18:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 09:12:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 14/04/2008 09:12:28 | Attr =  HS]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mshta.exe -> %SystemRoot%\system32\mshta.exe [C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host] -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 45568 bytes | Modified Date = 17/10/2006 20:56:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avginet.exe -> %ProgramFiles%\Grisoft\AVG Free\avginet.exe [C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.541 | Size = 514560 bytes | Modified Date = 18/10/2008 11:08:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe [C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 06/12/2007 00:48:09 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe [C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.545 | Size = 590848 bytes | Modified Date = 18/10/2008 11:08:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 14/04/2008 03:53:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 23:17:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.1.11 | Size = 20252968 bytes | Modified Date = 30/07/2008 18:47:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 11:34:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 17:18:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16735 (vista_gdr.080820-1506) | Size = 635848 bytes | Modified Date = 23/08/2008 14:56:15 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 4.0.59.161 | Size = 25510696 bytes | Modified Date = 09/08/2008 01:48:42 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 09:12:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 09:12:11 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 26/10/2008 20:12:28 | Attr =  HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 502845440 bytes | Created Date = 27/10/2008 19:26:52 | Attr =  HS]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 27/10/2008 18:50:52 | Attr =	]
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod ->  [Ver =  | Size = 64352 bytes | Created Date = 25/10/2008 13:10:23 | Attr =	]
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty ->  [Ver =  | Size = 129045 bytes | Created Date = 25/10/2008 13:10:55 | Attr =	]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img ->  [Ver =  | Size = 67866 bytes | Created Date = 25/10/2008 13:13:11 | Attr =	]
bits -> %SystemRoot%\System32\bits ->  [Folder | Created Date = 25/10/2008 15:00:32 | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 25/10/2008 15:00:33 | Attr =	]
pid.inf -> %SystemRoot%\System32\pid.inf ->  [Ver =  | Size = 1261 bytes | Created Date = 25/10/2008 13:11:54 | Attr =	]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 25/10/2008 15:00:35 | Attr =	]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 25/10/2008 14:44:29 | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
EHome -> %SystemRoot%\EHome ->  [Folder | Created Date = 25/10/2008 14:44:26 | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 27/10/2008 18:59:32 | Attr =	]
ftpcache -> %SystemRoot%\ftpcache ->  [Folder | Created Date = 15/10/2008 21:41:26 | Attr =  HS]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 25/10/2008 15:00:34 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 25/10/2008 23:46:16 | Attr =	]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Created Date = 25/10/2008 14:55:59 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
uhuxcnkr -> %AllUsersProfile%\Application Data\uhuxcnkr ->  [Folder | Created Date = 30/09/2008 22:26:43 | Attr =	]
Move Networks -> %AppData%\Move Networks ->  [Folder | Created Date = 13/10/2008 22:06:31 | Attr =	]
Essay.doc -> %UserProfile%\My Documents\Essay.doc ->  [Ver =  | Size = 19968 bytes | Created Date = 26/10/2008 23:15:18 | Attr =	]
JET QUES.doc -> %UserProfile%\My Documents\JET QUES.doc ->  [Ver =  | Size = 19456 bytes | Created Date = 11/10/2008 00:24:09 | Attr =	]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 576 bytes | Created Date = 06/10/2008 23:13:12 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1740 bytes | Created Date = 26/10/2008 21:56:51 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 30/10/2008 21:14:23 | Attr =	]
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe ->  [Ver =  | Size = 1556227 bytes | Created Date = 27/10/2008 18:50:26 | Attr =	]
nflsvzd -> %ProgramFiles%\nflsvzd ->  [Folder | Created Date = 30/09/2008 22:27:16 | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 26/10/2008 21:56:48 | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 27/10/2008 19:28:56 | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 502845440 bytes | Modified Date = 30/10/2008 19:36:07 | Attr =  HS]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 25/10/2008 14:51:14 | Attr = RHS]
1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> 
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 27/10/2008 19:03:31 | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 235168 bytes | Modified Date = 25/10/2008 23:45:40 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 53838 bytes | Modified Date = 25/10/2008 23:49:30 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 382260 bytes | Modified Date = 25/10/2008 23:49:30 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 441626 bytes | Modified Date = 25/10/2008 23:49:29 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 30/10/2008 19:36:24 | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 30/10/2008 19:36:08 | Attr =   S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 2711 bytes | Modified Date = 25/10/2008 15:09:02 | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 259 bytes | Modified Date = 27/10/2008 19:28:56 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 670 bytes | Modified Date = 27/10/2008 19:28:56 | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 25/10/2008 23:47:11 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 30/10/2008 19:36:10 | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 11/09/2004 02:14:47 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4646 bytes | Modified Date = 26/10/2008 09:13:30 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 26/10/2008 09:13:31 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 28/01/2005 17:12:04 | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 28/01/2005 17:12:02 | Attr =	]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat ->  [Ver =  | Size = 539532 bytes | Modified Date = 02/06/2008 08:00:34 | Attr =	]
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat ->  [Ver =  | Size = 539532 bytes | Modified Date = 02/06/2008 08:00:34 | Attr =	]
C:\Documents and Settings\Ceri\Local Settings\Temp\ -> C:\Documents and Settings\Ceri\Local Settings\Temp ->  [Folder | Modified Date = 30/10/2008 21:24:46 | Attr =	]
PicasaCD.exe -> C:\Documents and Settings\Ceri\Local Settings\Temp\PicasaCD.exe -> Google Inc. [Ver = 2.7.37.32 | Size = 980544 bytes | Modified Date = 28/09/2007 10:17:38 | Attr = R  ]
5 C:\Documents and Settings\Ceri\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Ceri\Local Settings\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Essay.doc -> %UserProfile%\My Documents\Essay.doc ->  [Ver =  | Size = 19968 bytes | Modified Date = 26/10/2008 23:15:19 | Attr =	]
JET QUES.doc -> %UserProfile%\My Documents\JET QUES.doc ->  [Ver =  | Size = 19456 bytes | Modified Date = 11/10/2008 00:43:30 | Attr =	]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 576 bytes | Modified Date = 30/10/2008 20:39:27 | Attr =	]
Windows Live Messenger .lnk -> %AllUsersProfile%\Desktop\Windows Live Messenger .lnk ->  [Ver =  | Size = 1833 bytes | Modified Date = 26/10/2008 20:12:54 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1740 bytes | Modified Date = 26/10/2008 21:56:51 | Attr =	]
Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk ->  [Ver =  | Size = 2473 bytes | Modified Date = 29/10/2008 23:12:35 | Attr =	]
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe ->  [Ver =  | Size = 1556227 bytes | Modified Date = 27/10/2008 18:50:26 | Attr =	]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 30/09/2008 22:26:43 | Attr = RH ]
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 22/04/2007 22:08:23 | Attr =	]
Apple -> C:\Documents and Settings\All Users\Application Data\Apple ->  [Folder | Modified Date = 01/10/2007 20:36:28 | Attr =	]
Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer ->  [Folder | Modified Date = 02/10/2006 23:05:04 | Attr =	]
Avg7 -> C:\Documents and Settings\All Users\Application Data\Avg7 ->  [Folder | Modified Date = 25/06/2008 16:01:45 | Attr =	]
BVRP Software -> C:\Documents and Settings\All Users\Application Data\BVRP Software ->  [Folder | Modified Date = 19/04/2006 00:26:01 | Attr =	]
Google -> C:\Documents and Settings\All Users\Application Data\Google ->  [Folder | Modified Date = 27/09/2006 23:20:01 | Attr =	]
Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft ->  [Folder | Modified Date = 10/03/2005 04:48:14 | Attr =	]
Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 09/02/2006 03:34:30 | Attr =   S]
Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage ->  [Folder | Modified Date = 30/08/2008 19:57:35 | Attr =	]
QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime ->  [Folder | Modified Date = 30/05/2005 07:14:45 | Attr =	]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI ->  [Folder | Modified Date = 10/09/2004 07:34:05 | Attr =	]
SBT -> C:\Documents and Settings\All Users\Application Data\SBT ->  [Folder | Modified Date = 28/10/2004 04:04:45 | Attr =	]
Skype -> C:\Documents and Settings\All Users\Application Data\Skype ->  [Folder | Modified Date = 18/09/2008 20:35:07 | Attr =	]
uhuxcnkr -> C:\Documents and Settings\All Users\Application Data\uhuxcnkr ->  [Folder | Modified Date = 30/09/2008 22:28:22 | Attr =	]
Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 26/04/2006 21:13:19 | Attr =	]
WLInstaller -> C:\Documents and Settings\All Users\Application Data\WLInstaller ->  [Folder | Modified Date = 23/09/2008 15:44:56 | Attr =	]
Application Data -> C:\Documents and Settings\Ceri\Application Data ->  [Folder | Modified Date = 13/10/2008 22:06:31 | Attr = RH ]
Adobe -> C:\Documents and Settings\Ceri\Application Data\Adobe ->  [Folder | Modified Date = 22/10/2008 19:52:38 | Attr =	]
AdobeUM -> C:\Documents and Settings\Ceri\Application Data\AdobeUM ->  [Folder | Modified Date = 13/09/2008 05:13:49 | Attr =	]
Apple Computer -> C:\Documents and Settings\Ceri\Application Data\Apple Computer ->  [Folder | Modified Date = 29/05/2005 20:01:36 | Attr =	]
AVG7 -> C:\Documents and Settings\Ceri\Application Data\AVG7 ->  [Folder | Modified Date = 21/10/2008 07:00:51 | Attr =	]
CoSoSys -> C:\Documents and Settings\Ceri\Application Data\CoSoSys ->  [Folder | Modified Date = 14/09/2008 07:45:23 | Attr =	]
Google -> C:\Documents and Settings\Ceri\Application Data\Google ->  [Folder | Modified Date = 25/01/2006 02:32:50 | Attr =	]
Greyfirst -> C:\Documents and Settings\Ceri\Application Data\Greyfirst ->  [Folder | Modified Date = 02/09/2008 18:33:03 | Attr =	]
Help -> C:\Documents and Settings\Ceri\Application Data\Help ->  [Folder | Modified Date = 25/11/2004 09:02:27 | Attr =	]
ICAClient -> C:\Documents and Settings\Ceri\Application Data\ICAClient ->  [Folder | Modified Date = 01/05/2006 02:42:05 | Attr =	]
Identities -> C:\Documents and Settings\Ceri\Application Data\Identities ->  [Folder | Modified Date = 10/09/2004 07:34:11 | Attr =	]
InterVideo -> C:\Documents and Settings\Ceri\Application Data\InterVideo ->  [Folder | Modified Date = 17/11/2004 05:42:21 | Attr =	]
Macromedia -> C:\Documents and Settings\Ceri\Application Data\Macromedia ->  [Folder | Modified Date = 24/10/2005 19:34:11 | Attr =	]
Microsoft -> C:\Documents and Settings\Ceri\Application Data\Microsoft ->  [Folder | Modified Date = 07/11/2006 08:32:19 | Attr =   S]
Microsoft Web Folders -> C:\Documents and Settings\Ceri\Application Data\Microsoft Web Folders ->  [Folder | Modified Date = 28/10/2004 03:57:39 | Attr =	]
Move Networks -> C:\Documents and Settings\Ceri\Application Data\Move Networks ->  [Folder | Modified Date = 22/10/2008 19:57:10 | Attr =	]
Mozilla -> C:\Documents and Settings\Ceri\Application Data\Mozilla ->  [Folder | Modified Date = 02/09/2008 18:33:04 | Attr =	]
MSNInstaller -> C:\Documents and Settings\Ceri\Application Data\MSNInstaller ->  [Folder | Modified Date = 25/02/2005 23:43:17 | Attr =	]
Real -> C:\Documents and Settings\Ceri\Application Data\Real ->  [Folder | Modified Date = 17/05/2005 04:27:34 | Attr =	]
Skype -> C:\Documents and Settings\Ceri\Application Data\Skype ->  [Folder | Modified Date = 30/10/2008 21:10:26 | Attr =	]
skypePM -> C:\Documents and Settings\Ceri\Application Data\skypePM ->  [Folder | Modified Date = 30/10/2008 09:13:53 | Attr =	]
Sun -> C:\Documents and Settings\Ceri\Application Data\Sun ->  [Folder | Modified Date = 11/09/2004 02:06:03 | Attr =	]
Template -> C:\Documents and Settings\Ceri\Application Data\Template ->  [Folder | Modified Date = 28/01/2005 17:11:57 | Attr =	]
Webroot -> C:\Documents and Settings\Ceri\Application Data\Webroot ->  [Folder | Modified Date = 10/09/2006 17:30:32 | Attr =	]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 26/10/2008 20:51:03 | Attr =   S]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 04/08/2004 21:00:00 | Attr = RH ]
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 30/10/2008 19:36:10 | Attr =  H ]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\Favorites\Season 1 - Gossip Girl - TV Shack.url:favicon 1150 bytes
C:\Documents and Settings\Ceri\Favorites\Shopping\Aldo Shoes.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\Shopping\Amazon.co.uk Shoes & Accessories Shop by Size.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\Shopping\Cheese Restaurant London.url:favicon 822 bytes
C:\Documents and Settings\Ceri\Favorites\SurfTheChannel - Gossip Girl.url:favicon 3638 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\. This is the official website of Sandford International School Addis Ababa, ETHIOPIA..url:favicon 894 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\Africa  ESL Jobs World  TEFL Jobs  TESOL Jobs  English Teaching Jobs.url:favicon 3638 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\Art lesson plans.url:favicon 1150 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\Cactus TEFL  TEFL Course TEFL Jobs TEFL Advice.url:favicon 3638 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\English Speaking Small Talk - Conversation Starters  EnglishClub.com.url:favicon 894 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\Teach English Overseas, ESL Teaching Jobs Abroad – FREE Placement.url:favicon 3262 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\Tefl directory  TEFL  EducationGuardian.co.uk.url:favicon 318 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\TEFL.net » Idea Thinktank.url:favicon 2238 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\Games & Activities for the ESL-EFL Classroom - Page 2(I-TESL-J).url:favicon 3638 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\Interac, Japan.url:favicon 1078 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\JET Japan Exchange and Teaching Programme UK.url:favicon 3638 bytes
C:\Documents and Settings\Ceri\Favorites\TEFL\Love Triangles - ESL-TEFL Game  Teach English in Asia.url:favicon 3638 bytes
C:\Documents and Settings\Ceri\Favorites\Travel\Reviews of Sheep Island View in Ballycastle.url:favicon 1150 bytes
C:\Documents and Settings\Ceri\Favorites\Travel\The Great Escapade - round the world flights.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\Travel\The Man in Seat Sixty-One....url:favicon 318 bytes
C:\Documents and Settings\Ceri\Favorites\Travel\Flight Select.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\Travel\Flights - Travelzoo SuperSearch.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\Travel\Tokyo Nightlife, Bars, Pubs, Clubs - Lonely Planet Travel Guide.url:favicon 372 bytes
C:\Documents and Settings\Ceri\Favorites\Travel\United Euro Bridge - Available Placements.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\Volunteer\Idealist.org - Imagine. Connect. Act..url:favicon 3638 bytes
C:\Documents and Settings\Ceri\Favorites\Work Abroad\Intern Abroad - Tanzania £2,221 6 weeks.url:favicon 3262 bytes
C:\Documents and Settings\Ceri\Favorites\Writing\Bad poetry index.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\Newtown\Cyngor Sir Powys County Council Oxford English Dictionary.url:favicon 318 bytes
C:\Documents and Settings\Ceri\Favorites\Policy.org\Forum For The Future.url:favicon 1150 bytes
C:\Documents and Settings\Ceri\Favorites\Random\YouTube - south park wheel of fortune.url:favicon 1150 bytes
C:\Documents and Settings\Ceri\Favorites\Reference\Oxford Reference Online  Subjects & Books.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\Reference\Shakespeare Online.url:favicon 1078 bytes
C:\Documents and Settings\Ceri\Favorites\References\The Young Foundation.url:favicon 1150 bytes
C:\Documents and Settings\Ceri\Favorites\BA English\ME\Middle English Dictionary.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\BA English\Shakespeare\Shakespeare's Works A Timeline.url:favicon 318 bytes
C:\Documents and Settings\Ceri\Favorites\BBC Radio 4 - Just a Minute.url:favicon 1150 bytes
C:\Documents and Settings\Ceri\Favorites\Blogs\Overseas Development Institute.url:favicon 3638 bytes
C:\Documents and Settings\Ceri\Favorites\Civil Service\Find a job now  Directgov - Employment.url:favicon 1150 bytes
C:\Documents and Settings\Ceri\Favorites\Civil Service\Sarah Russell Blog.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\CouchSurfing - CouchSearch!.url:favicon 766 bytes
C:\Documents and Settings\Ceri\Favorites\Further Study\Harvard Graduate School of Arts and Sciences - Social Policy.url:favicon 894 bytes
C:\Documents and Settings\Ceri\Favorites\History of Halloween - Halloween Costumes - Pumpkin Patterns - History.com.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\https--www.jet-uk.org-cgi-bin-application-AppForm2.html.url:favicon 3638 bytes
C:\Documents and Settings\Ceri\Favorites\Internships\Special report thinktanks  Special Reports  Guardian Unlimited Politics.url:favicon 318 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\Bristol Council.url:favicon 198 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\Find students on studentgems.com - the UK database of student talents and skills.url:favicon 318 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\Flats to rent London, jobs in London, flatshare, free classified ads UK.url:favicon 1150 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\Milkround.com - Internships Zone.url:favicon 1286 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\more job opportunities...  Marches.url:favicon 3638 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\Inclusion.url:favicon 894 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\International Programmes with IST Plus.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\ippr - Institute for Public Policy Research.url:favicon 9326 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\Jobs in Africa  careerjet.sg.url:favicon 766 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\ODI Recruitment.url:favicon 3638 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\Powys County Council Jobs and Careers.url:favicon 318 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\Royal Soc Arts - About the RSA - Vacancies.url:favicon 2238 bytes
C:\Documents and Settings\Ceri\Favorites\Job Seekment\United Euro Bridge - Available Placements.url:favicon 1406 bytes
C:\Documents and Settings\Ceri\My Documents\My Music\iTunes\iTunes Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Japan Sept - Dec 08\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Jesus 2004-05\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Jesus 2005-06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Jesus 2006-07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Lolita Sunday, Summer 06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Barcelona\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Christmas 06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Deepest Darkest Wales - Saying Hello to the Mountains 27.08.06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Family Album Xmas 05 - Early 06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\India 07 - Manda's Photos\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\India, August 07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Inter-railing\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Ireland & Wanderings\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Isle of Mull, Easter 06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Randoms\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Summer 06\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Summer 07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Summer 08\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\HT07\21sts\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\HT07\Broad St Luminox\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\HT07\jon's premiere etc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\HT07\new years\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\HT07\OUWRFC Varsity\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\HT07\pleasuredome banter\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\HT07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\MT06\Barcelona\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\MT06\DD\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\MT06\finalists xmas dinner\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\MT06\fireworks madness\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\MT06\Rhi's Bday\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\TT07\finishing\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\TT07\jesus-somerville ball\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\TT07\New Ball\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\TT07\post finals madness\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\TT07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thom's pictures\TT07\trashings\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Pictures\Trashings '07\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Scans\2005-05 (May)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Scans\2005-06 (Jun)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Scans\2005-10 (Oct)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Scans\2005-11 (Nov)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Scans\2006-02 (Feb)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Scans\2008-05 (May)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Scans\2008-06 (Jun)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Scans\2008-09 (Sep)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\My Scans\Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Ceri\My Documents\TEFL\Vacational Studies\Class Pictures\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 138

< End of report >


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:14 AM

Posted 01 November 2008 - 09:02 AM

Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> procact -> %SystemRoot%\system32\wvobgngd.exe [C:\WINDOWS\system32\wvobgngd.exe]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> uhuxcnkr -> %AllUsersProfile%\Application Data\uhuxcnkr
NY -> nflsvzd -> %ProgramFiles%\nflsvzd
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
NY -> uhuxcnkr -> C:\Documents and Settings\All Users\Application Data\uhuxcnkr
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
=========================

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 ThisSportingLife

ThisSportingLife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 02 November 2008 - 08:13 AM

Hi Kahdah,

Here is the OTScanIt scan. I'll post the Malwarebytes when we've run the scan. Thanks again.

Keith



[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\procact deleted successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
C:\Documents and Settings\All Users\Application Data\uhuxcnkr folder moved successfully.
C:\Program Files\nflsvzd folder moved successfully.
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
File C:\Documents and Settings\All Users\Application Data\uhuxcnkr not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Ceri\Local Settings\Temp\etilqs_by19ZV6lUa8RMuJHG52e scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ceri\Local Settings\Temp\etilqs_by19ZV6lUa8RMuJHG52e-journal scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11022008_214654

Files moved on Reboot...
File C:\Documents and Settings\Ceri\Local Settings\Temp\etilqs_by19ZV6lUa8RMuJHG52e not found!
File C:\Documents and Settings\Ceri\Local Settings\Temp\etilqs_by19ZV6lUa8RMuJHG52e-journal not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:14 AM

Posted 02 November 2008 - 08:49 AM

ok no problem.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 ThisSportingLife

ThisSportingLife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 04 November 2008 - 06:43 AM

Hi Kahdah,

Sorry it took us some time to post this and thanks for your patience. My friend ran two Malwarebytes scans. I've included both of them here in their correct order. Without wanting to sound too optimistic, the second scan looks clean...doesn't it? Anyway, thanks in advance for taking a look at them.

Keith


Malwarebytes' Anti-Malware 1.30
Database version: 1356
Windows 5.1.2600 Service Pack 3

02/11/2008 23:14:46
mbam-log-2008-11-02 (23-14-46).txt

Scan type: Quick Scan
Objects scanned: 49807
Time elapsed: 15 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d14d6793-9b65-11d3-80b6-00500487bdba} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fe6bc4ef-5676-484b-88ae-883323913256} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{90c61707-c8f8-43db-a25c-c1f4b18ee41e} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Malwarebytes' Anti-Malware 1.30
Database version: 1356
Windows 5.1.2600 Service Pack 3

02/11/2008 23:23:38
mbam-log-2008-11-02 (23-23-38).txt

Scan type: Quick Scan
Objects scanned: 2
Time elapsed: 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:14 AM

Posted 04 November 2008 - 08:43 PM

Yes it does look clean I would like for your friend to run another type of scan to double check things.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 ThisSportingLife

ThisSportingLife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 05 November 2008 - 06:21 AM

Hi Kahdah,

Here are the two RSIT logs:


Logfile of random's system information tool 1.04 (written by random/random)
Run by Ceri at 2008-11-05 19:44:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (31%) free of 38 GB
Total RAM: 479 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:38, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\USB Product Driver v2.33r005\shwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Ceri\Local Settings\Temporary Internet Files\Content.IE5\GDLUSDMP\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Ceri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ShowIcon_Integral_USB Product Driver v2.33r005] "C:\Program Files\USB Product Driver v2.33r005\shwicon.exe" -t"Integral\USB Product Driver v2.33r005"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpySweeper] "E:\SpySweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161428680622
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8740 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-27 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll [2006-01-18 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll [2006-01-18 282624]
{2E560504-B9C8-48AA-982A-08B79C3FD40E} - Athens Toolbar - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll [2006-07-08 155648]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-07-02 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-07-02 118784]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-08-30 69632]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-21 88363]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-07-24 102400]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-07-24 684032]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-13 241664]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-18 590848]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"ShowIcon_Integral_USB Product Driver v2.33r005"=C:\Program Files\USB Product Driver v2.33r005\shwicon.exe [2005-04-22 81920]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-23 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"=E:\SpySweeper\SpySweeper.exe /0 []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-17 68856]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-08-09 25510696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-07-02 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-16 236928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c589ee0-40a5-11db-a3de-00904b8e0bc1}]
shell\AutoRun\command - E:\healthcheck.exe


======List of files/folders created in the last 1 months======

2008-11-05 19:44:17 ----D---- C:\rsit
2008-11-02 22:36:43 ----D---- C:\Documents and Settings\Ceri\Application Data\Malwarebytes
2008-11-02 22:36:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-02 22:36:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-02 21:46:54 ----D---- C:\_OTScanIt
2008-10-27 18:59:32 ----D---- C:\WINDOWS\ERUNT
2008-10-27 18:50:52 ----D---- C:\SDFix
2008-10-26 21:56:48 ----D---- C:\Program Files\Trend Micro
2008-10-26 20:12:28 ----SHD---- C:\Config.Msi
2008-10-26 10:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-25 23:46:16 ----D---- C:\WINDOWS\Prefetch
2008-10-25 15:08:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-25 15:08:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-25 15:08:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-25 15:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-25 15:08:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-25 15:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-25 15:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-25 15:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-25 15:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-25 15:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-25 15:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-25 15:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-25 15:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-25 15:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-25 15:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-25 15:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-25 15:02:20 ----A---- C:\WINDOWS\setuplog.txt
2008-10-25 15:00:35 ----D---- C:\WINDOWS\system32\scripting
2008-10-25 15:00:34 ----D---- C:\WINDOWS\l2schemas
2008-10-25 15:00:33 ----D---- C:\WINDOWS\system32\en
2008-10-25 15:00:32 ----D---- C:\WINDOWS\system32\bits
2008-10-25 14:55:59 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-25 14:44:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-25 14:44:26 ----D---- C:\WINDOWS\EHome
2008-10-25 13:14:39 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-10-25 13:14:36 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-25 13:14:33 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-25 13:14:33 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-25 13:14:08 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-25 13:14:07 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-25 13:13:55 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-10-25 13:13:53 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-10-25 13:13:51 ----N---- C:\WINDOWS\system32\slserv.exe
2008-10-25 13:13:51 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-10-25 13:13:51 ----N---- C:\WINDOWS\slrundll.exe
2008-10-25 13:13:50 ----N---- C:\WINDOWS\system32\slgen.dll
2008-10-25 13:13:50 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-10-25 13:13:50 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-10-25 13:13:44 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-25 13:13:38 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-25 13:13:35 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-25 13:13:34 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-25 13:13:32 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-25 13:13:32 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-25 13:13:32 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-25 13:13:29 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-25 13:13:25 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-25 13:13:19 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-10-25 13:13:08 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-25 13:13:08 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-25 13:13:08 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-25 13:13:07 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-10-25 13:13:06 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-25 13:13:06 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-25 13:12:58 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-25 13:12:58 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-25 13:12:34 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-25 13:12:34 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-25 13:12:34 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-25 13:12:33 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-25 13:12:31 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-10-25 13:12:10 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-25 13:12:09 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-25 13:12:07 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-25 13:12:07 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-25 13:12:07 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-25 13:12:06 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-25 13:11:50 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-25 13:11:40 ----A---- C:\WINDOWS\002751_.tmp
2008-10-25 13:11:39 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-10-25 13:11:37 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-25 13:11:37 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-25 13:11:37 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-25 13:11:37 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-25 13:11:36 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-25 13:11:36 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-25 13:11:36 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-25 13:11:36 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-25 13:11:15 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-25 13:11:15 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-25 13:11:15 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-25 13:11:14 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-25 13:11:14 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-25 13:11:14 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-25 13:11:14 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-25 13:11:08 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-25 13:11:08 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-25 13:11:06 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-25 13:10:51 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-25 13:10:27 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-25 13:10:26 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-25 13:10:24 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-25 13:10:23 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-10-25 13:10:22 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-10-25 13:10:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-25 13:10:21 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-25 13:10:21 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-25 13:10:21 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-25 13:10:09 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-24 07:47:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-16 23:44:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-16 23:44:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 23:44:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-16 23:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-16 23:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-15 21:41:26 ----SHD---- C:\WINDOWS\ftpcache
2008-10-13 22:06:31 ----D---- C:\Documents and Settings\Ceri\Application Data\Move Networks

======List of files/folders modified in the last 1 months======

2008-11-05 19:44:01 ----D---- C:\Documents and Settings\Ceri\Application Data\Skype
2008-11-04 19:15:35 ----D---- C:\WINDOWS
2008-11-04 19:15:28 ----D---- C:\WINDOWS\Temp
2008-11-04 19:14:56 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2008-11-04 18:00:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-04 17:52:44 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-04 08:53:27 ----D---- C:\Documents and Settings\Ceri\Application Data\skypePM
2008-11-02 22:36:27 ----D---- C:\WINDOWS\system32\drivers
2008-11-02 22:36:21 ----RD---- C:\Program Files
2008-11-02 22:15:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avg7
2008-10-31 09:36:16 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-31 09:36:01 ----HD---- C:\WINDOWS\inf
2008-10-30 22:02:06 ----D---- C:\Documents and Settings\Ceri\Application Data\AVG7
2008-10-30 21:42:48 ----RHD---- C:\$VAULT$.AVG
2008-10-30 00:08:58 ----D---- C:\WINDOWS\system32
2008-10-29 23:05:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-27 19:28:56 ----RASH---- C:\boot.ini
2008-10-27 19:28:56 ----A---- C:\WINDOWS\win.ini
2008-10-27 19:28:56 ----A---- C:\WINDOWS\system.ini
2008-10-27 18:54:05 ----D---- C:\Documents and Settings
2008-10-27 18:52:25 ----D---- C:\WINDOWS\pss
2008-10-26 20:51:03 ----SD---- C:\WINDOWS\Tasks
2008-10-26 20:13:27 ----SHD---- C:\WINDOWS\Installer
2008-10-26 09:13:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-25 23:49:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-25 23:47:29 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-10-25 23:45:35 ----D---- C:\WINDOWS\system32\Setup
2008-10-25 23:45:34 ----D---- C:\WINDOWS\system32\wbem
2008-10-25 23:45:34 ----D---- C:\WINDOWS\AppPatch
2008-10-25 23:45:32 ----RSD---- C:\WINDOWS\Fonts
2008-10-25 15:12:11 ----D---- C:\WINDOWS\security
2008-10-25 15:09:02 ----A---- C:\WINDOWS\imsins.BAK
2008-10-25 15:08:59 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-25 15:06:54 ----D---- C:\Program Files\Messenger
2008-10-25 15:01:23 ----D---- C:\WINDOWS\WinSxS
2008-10-25 15:01:07 ----D---- C:\WINDOWS\network diagnostic
2008-10-25 15:01:07 ----D---- C:\WINDOWS\ime
2008-10-25 15:01:06 ----D---- C:\WINDOWS\Help
2008-10-25 15:00:37 ----D---- C:\WINDOWS\system32\usmt
2008-10-25 15:00:37 ----D---- C:\WINDOWS\system32\en-US
2008-10-25 15:00:32 ----D---- C:\WINDOWS\PeerNet
2008-10-25 15:00:32 ----D---- C:\Program Files\Movie Maker
2008-10-25 14:55:49 ----D---- C:\WINDOWS\system32\Restore
2008-10-25 14:55:48 ----D---- C:\WINDOWS\system32\npp
2008-10-25 14:55:46 ----D---- C:\WINDOWS\msagent
2008-10-25 14:55:43 ----D---- C:\WINDOWS\srchasst
2008-10-25 14:55:42 ----D---- C:\Program Files\NetMeeting
2008-10-25 14:55:39 ----D---- C:\WINDOWS\system32\Com
2008-10-25 14:55:36 ----D---- C:\Program Files\Windows Media Player
2008-10-25 14:55:35 ----D---- C:\Program Files\Windows NT
2008-10-25 14:55:34 ----D---- C:\Program Files\Outlook Express
2008-10-25 14:55:29 ----D---- C:\Program Files\Common Files\System
2008-10-25 14:55:02 ----D---- C:\WINDOWS\system32\oobe
2008-10-25 14:54:58 ----D---- C:\WINDOWS\system
2008-10-25 14:49:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-23 07:01:10 ----D---- C:\WINDOWS\system32\Macromed
2008-10-22 19:52:38 ----D---- C:\Documents and Settings\Ceri\Application Data\Adobe
2008-10-16 23:43:51 ----D---- C:\Program Files\Internet Explorer
2008-10-16 01:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-08 04:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-12-06 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2006-10-29 4224]
R1 Avg7RsXP;AVG7 Rezident Driver; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-26 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-01-04 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-21 1265388]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-31 637713]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-07-02 724221]
R3 PRISM_A00;PRISM 802.11 Driver; C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-21 393280]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-08-10 70144]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-07-24 185824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 37760]
S2 ntvptntr;ntvptntr; \??\C:\WINDOWS\system32\drivers\ntvptntr.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-02-26 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-02-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-02-26 21488]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-04-19 22768]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-23 116040]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-12-06 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2006-10-29 49664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-23 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-02-26 65795]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.04 2008-11-05 19:44:49

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader Japanese Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Athens Toolbar-->MsiExec.exe /I{E79734B1-B505-42E6-B6AF-65D049C503B0}
Audible Download Manager-->C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup[1].exe /Uninstall
Avanquest update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
AVG Free Edition-->C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Celtx (1.0)-->C:\Program Files\Celtx\uninstall\helper.exe
Citrix ICA Web Client-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Motorola Phone Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\mtbs.exe c
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ Beta 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
USB Product Driver v2.33r005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E64E769-E3AA-11D7-B6FB-00055D7C3943}\Setup.exe" -l0x9
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O21 - SSODL: smartdb - {02C63A4F-AB96-1F6C-609B-009702B577C3} - C:\Program Files\nflsvzd\smartdb.dll (file missing)

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG 7.5.549

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=3.0.5.001
"SESSIONID"=1128356904865htx6056862d13:106c0305a60:-2cfe
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\Ceri\LOCALS~1\Temp\rad1B658.tmp
"TOOLPATH"=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.22.20030804
"OSVER"=winXPH
"LANG"=2057
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:14 AM

Posted 05 November 2008 - 06:32 AM

Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 ThisSportingLife

ThisSportingLife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 05 November 2008 - 09:37 AM

Kahdah,

Thanks a lot for all your help. Your advice was always clear, concise and always spot on, exactly what we needed. We will run the various clean ups and uninstall the programs we used tomorrow (it's very late now here in Japan). we will then install some of the programs you suggested.

Once again, many thanks,

Keith

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:14 AM

Posted 05 November 2008 - 11:28 AM

You are welcome :thumbsup:

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users