Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows update not working - DSNchanger trojan ?


  • This topic is locked This topic is locked
16 replies to this topic

#1 zw2042

zw2042

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Birmingham, England
  • Local time:08:05 AM

Posted 03 November 2008 - 03:29 PM

Preparation guide followed before preparing the following HJT log but not able to carry out 'windows update' as this is the reason for me contacting you for help. Problem originally raised in forum 'Security. Am I infected'


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:27, on 03/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\WINDOWS\713xRMT.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FreecycleMemberBHO - {C3E5E149-27B7-49D1-8420-B02AC52AF663} - C:\Program Files\Freecycle\FreecycleMember.dll
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMT.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1957994488-1993962763-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ComproRemote.lnk = C:\Program Files\Common Files\VideoMate\ComproRemote.exe
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183839371218
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185197781593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay119.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13275 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:05 AM

Posted 04 November 2008 - 05:19 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 zw2042

zw2042
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Birmingham, England
  • Local time:08:05 AM

Posted 05 November 2008 - 03:31 AM

Hi Sam.
I successfully downloaded ComboFix as instructed. Antivirus and antispyware appls were disabled and ComboFix executed - see log below. I did encounter some problems though. The process identified that Microsoft Windows Recovery Console needed to be installed and tried to download it but came up with an error informing me that there was no internet connection. I was connected to the net as I could access websites. I clicked on OK and the process continued but did not download recovery console. The process continued through to the end and produced a report but I was then unable to connect to the internet to post the results. I had to reboot again.

Antivirus ans antispyware appls are still disabled.

ComboFix 08-11-04.02 - Owner 2008-11-05 7:27:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.476 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\ODCTOOLS

.
((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-03 20:03 . 2008-11-03 20:03 <DIR> d-------- c:\program files\Trend Micro
2008-11-03 16:31 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-03 16:30 . 2008-11-03 16:30 <DIR> d-------- c:\program files\Panda Security
2008-11-03 14:15 . 2008-11-03 15:47 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6
2008-11-03 12:54 . 2008-11-03 17:43 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-03 12:54 . 2008-11-03 17:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-03 09:56 . 2008-11-03 09:56 <DIR> d-------- c:\program files\Lavasoft
2008-11-03 09:55 . 2008-11-03 09:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-03 09:49 . 2008-11-03 09:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\Lavasoft
2008-11-02 12:16 . 2008-11-02 12:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-02 12:16 . 2008-10-22 16:27 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-02 12:16 . 2008-10-22 16:27 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-31 07:58 . 2008-11-03 09:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-30 22:55 . 1999-12-13 01:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-10-30 22:55 . 1999-11-18 01:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-10-30 16:47 . 2008-10-30 16:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-10-30 16:46 . 2008-10-30 16:46 <DIR> d-------- c:\documents and settings\Administrator
2008-10-30 16:15 . 2008-10-30 16:15 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-10-30 16:15 . 2008-10-30 16:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-29 07:52 . 2008-10-29 07:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Acronis
2008-10-29 07:48 . 2008-10-29 07:48 <DIR> d-------- c:\program files\Common Files\Acronis
2008-10-29 07:48 . 2008-10-29 07:48 <DIR> d-------- c:\program files\Acronis
2008-10-29 07:48 . 2008-10-29 07:48 217,664 --a------ c:\windows\system32\drivers\timntr.sys
2008-10-29 07:48 . 2008-10-29 07:48 96,032 --a------ c:\windows\system32\drivers\snapman.sys
2008-10-29 07:48 . 2008-10-29 07:48 30,080 --a------ c:\windows\system32\drivers\tifsfilt.sys
2008-10-24 22:10 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-24 20:42 . 2008-11-05 07:32 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-24 18:51 . 2008-10-24 18:51 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-10-15 15:47 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 15:46 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 15:46 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 15:46 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 15:46 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 15:46 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-11 11:25 . 2008-10-11 11:25 <DIR> d-------- c:\program files\iPod
2008-10-11 11:24 . 2008-10-11 11:25 <DIR> d-------- c:\program files\iTunes
2008-10-11 11:24 . 2008-10-11 11:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-11 11:20 . 2008-10-11 11:21 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 07:32 --------- d-----w c:\program files\Lx_cats
2008-11-05 07:32 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-11-05 07:17 --------- d-----w c:\program files\Common Files\Command Software
2008-11-05 07:16 --------- d-----w c:\program files\Common Files\PestPatrol
2008-10-30 22:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-30 22:57 --------- d--h--w c:\program files\Creative Installation Information
2008-10-30 14:45 --------- d-----w c:\program files\Napster
2008-10-11 11:20 --------- d-----w c:\program files\Common Files\Apple
2008-10-04 15:27 --------- d-----w c:\program files\Microsoft IntelliType Pro
2008-09-10 16:37 --------- d-----w c:\documents and settings\Owner\Application Data\Windows Search
2008-09-10 14:10 --------- d-----w c:\program files\Windows Desktop Search
2008-09-10 14:10 --------- d-----w c:\documents and settings\Owner\Application Data\Windows Desktop Search
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-06-23 15:09 36,856 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-05-12 08:56 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-05-12 08:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-05-12 08:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051220080513\index.dat
2008-05-12 08:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3E5E149-27B7-49D1-8420-B02AC52AF663}]
2008-08-29 18:21 207360 --a------ c:\program files\Freecycle\FreecycleMember.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-14 1032376]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 2037240]
"PCguard"="c:\program files\Virgin Broadband\PCguard\Rps.exe" [2007-01-24 275960]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 1687552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 363008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WireLessMouse "="c:\program files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 503808]
"WireLessKeyboard "="c:\program files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2004-07-01 233472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TV Card Remote Control Device Monitor"="c:\windows\713xRMT.exe" [2007-06-01 466944]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-12 323216]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-09-20 918463]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-09-20 110592]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2007-07-22 1974272]
ComproSchedulerDTV.lnk - c:\program files\Common Files\VideoMate\ComproSchedulerDTV.exe [2007-07-22 229376]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2002-10-15 12964]
R3 Cap7134;VideoMate TV Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2005-09-23 354048]
R3 PhTVTune;VideoMate TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2005-09-12 19840]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);c:\windows\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
.
Contents of the 'Scheduled Tasks' folder

2008-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-05 c:\windows\Tasks\User_Feed_Synchronization-{769DC3A9-4704-4B34-B3B3-400CCC1BBCB8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.virginmedia.com/
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
c:\windows\Downloaded Program Files\CTSUEng.inf
c:\windows\Downloaded Program Files\CTSUEng.ocx
c:\windows\Downloaded Program Files\CTSUEngn.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 07:31:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Broadband\PCguard\fws.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Command Software\dvpapi.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\windows\system32\lxcecoms.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-05 7:36:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-05 07:35:58

Pre-Run: 166,325,764,096 bytes free
Post-Run: 166,971,473,920 bytes free

191 --- E O F --- 2008-10-15 16:26:49

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:05 AM

Posted 05 November 2008 - 07:36 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


=================

  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 zw2042

zw2042
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Birmingham, England
  • Local time:08:05 AM

Posted 05 November 2008 - 08:56 AM

Results of MBAM scan and OTViewIt scan as requested.

Malwarebytes' Anti-Malware 1.30
Database version: 1367
Windows 5.1.2600 Service Pack 3

05/11/2008 13:40:34
mbam-log-2008-11-05 (13-40-34).txt

Scan type: Quick Scan
Objects scanned: 55459
Time elapsed: 9 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.25 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{12dc2ef2-3019-4671-b4d7-bc16c478fbd5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.25 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.25 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{12dc2ef2-3019-4671-b4d7-bc16c478fbd5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.25 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.25 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{12dc2ef2-3019-4671-b4d7-bc16c478fbd5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.25 192.168.0.1 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

......................................................................................................................................

OTViewIt logfile created on: 05/11/2008 13:46:14 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.11 Mb Total Physical Memory | 435.58 Mb Available Physical Memory | 42.91% Memory free
2.39 Gb Paging File | 1.82 Gb Available in Paging File | 76.31% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 155.53 Gb Free Space | 81.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AUTHORIS-6EDCBA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/01/24 17:53:22 | 00,316,920 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Broadband\PCguard\fws.exe
[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/09/20 11:18:18 | 00,159,744 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2007/04/27 18:07:52 | 00,177,688 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
[2007/11/14 17:53:08 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
[2005/01/31 08:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/14 00:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/05/26 21:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe
[2008/05/26 21:17:56 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchfilterhost.exe
[2007/01/24 13:12:48 | 02,037,240 | ---- | M] (Virgin Broadband) -- C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
[2007/01/24 17:53:48 | 00,275,960 | ---- | M] (Virgin Broadband) -- C:\Program Files\Virgin Broadband\PCguard\Rps.exe
[2007/03/09 10:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[2005/08/02 17:45:16 | 00,192,512 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 4300 Series\lxcemon.exe
[2005/07/26 12:17:18 | 00,094,208 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 4300 Series\ezprint.exe
[2005/09/19 15:53:50 | 01,687,552 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
[2005/09/19 15:29:54 | 00,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
[2006/10/06 11:11:10 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2006/10/06 11:13:28 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2006/10/06 11:10:06 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2007/07/05 15:08:46 | 16,380,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2004/06/27 14:38:58 | 00,503,808 | ---- | M] () -- C:\Program Files\Multimedia Combo Set\MouseDrv.exe
[2004/07/01 08:40:22 | 00,233,472 | ---- | M] () -- C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
[2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2007/06/01 03:00:00 | 00,466,944 | R--- | M] () -- C:\WINDOWS\713xRMT.exe
[2005/09/19 15:20:58 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
[2007/01/12 18:36:40 | 00,323,216 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
[2008/06/10 11:56:30 | 01,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
[2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2004/07/28 06:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2005/09/20 11:18:18 | 00,918,463 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
[2005/09/20 11:18:18 | 00,110,592 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
[2007/11/14 17:53:08 | 01,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/07/08 15:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007/06/22 10:14:12 | 01,974,272 | ---- | M] (Compro Technology, Inc.) -- C:\Program Files\Common Files\VideoMate\ComproRemote.exe
[2007/06/22 14:14:10 | 00,229,376 | ---- | M] (Compro Technology, Inc.) -- C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
[2005/07/06 10:14:12 | 00,471,040 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcecoms.exe
[2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2005/09/19 15:09:30 | 00,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
[2008/08/23 05:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 09:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/11/05 13:45:14 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2005/09/20 11:18:18 | 00,159,744 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2007/04/27 18:07:52 | 00,177,688 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/11/14 17:53:08 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
[2005/07/06 10:14:12 | 00,471,040 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcecoms.exe -- (lxce_device [On_Demand | Running])
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2005/09/19 15:25:20 | 00,229,376 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare [Auto | Stopped])
[2005/09/19 15:24:00 | 00,856,064 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB [On_Demand | Stopped])
[2005/09/19 14:57:14 | 00,045,056 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer [On_Demand | Stopped])
[2005/09/19 14:56:32 | 00,401,408 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer [Auto | Stopped])
[2005/09/19 15:20:58 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch [Auto | Running])
[2007/01/24 17:53:22 | 00,316,920 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Broadband\PCguard\fws.exe -- (RP_FWS [Auto | Running])
[2005/01/31 08:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006/10/18 19:12:16 | 00,012,664 | R--- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [System | Running])
[2005/09/23 17:41:42 | 00,354,048 | ---- | M] (Compro Technology, Inc.) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134 [On_Demand | Running])
[2005/09/19 22:05:00 | 00,309,632 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2007/04/27 17:49:12 | 00,840,352 | R--- | M] (Authentium, Inc.) -- C:\WINDOWS\system32\drivers\css-dvp.sys -- (CSS DVP [Auto | Running])
[2005/01/27 02:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/09/19 22:05:00 | 00,027,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
[2003/09/24 09:23:56 | 00,033,408 | ---- | M] (Zero-Knowledge Systems Inc.) -- C:\WINDOWS\system32\drivers\freedom.sys -- (Freedom [On_Demand | Running])
[2006/01/11 12:58:38 | 00,054,840 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\system32\drivers\FreeTdi.sys -- (FreeTdi [Auto | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/10/06 13:24:00 | 01,181,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])
[2007/07/18 18:26:04 | 04,547,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/01/19 02:01:00 | 00,017,280 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
[2008/04/13 18:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2002/10/15 13:48:46 | 00,012,964 | ---- | M] (WayTech Development, Inc.) -- C:\WINDOWS\System32\drivers\kbfilter.sys -- (kbfilter [System | Running])
[2005/09/19 22:05:00 | 00,027,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
[2007/06/18 13:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped])
[2004/08/13 02:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2005/09/12 10:10:18 | 00,019,840 | ---- | M] (Compro Technology, Inc.) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune [On_Demand | Running])
[2006/02/28 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/09/19 22:05:00 | 00,119,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
[2007/07/26 23:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/09/19 17:08:50 | 00,050,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter [System | Running])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/10/29 07:48:48 | 00,096,032 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [Boot | Running])
[2008/10/29 07:48:55 | 00,030,080 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter [Auto | Running])
[2008/10/29 07:48:54 | 00,217,664 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter [Boot | Running])
[2004/12/23 16:27:56 | 00,027,392 | ---- | M] (Ulead Systems, Inc.) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp [On_Demand | Running])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2007/12/06 09:51:00 | 00,285,952 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])
[2006/08/24 12:44:14 | 00,477,696 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS) [On_Demand | Stopped])
[2004/10/25 12:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.virginmedia.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.virginmedia.com/

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main]

========== (O1) Hosts File ==========

HOSTS File - (27 bytes) - C:\WINDOWS\System32\Drivers\etc\hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3C060EA2-E6A9-4E49-A530-D4657B8C449A} (HKLM) -- C:\Program Files\Virgin Broadband\PCguard\pkR.dll (Radialpoint Inc.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{56071E0D-C61B-11D3-B41C-00E02927A304} (HKLM) -- C:\Program Files\Virgin Broadband\PCguard\FBHR.dll (Radialpoint Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{C3E5E149-27B7-49D1-8420-B02AC52AF663} (HKLM) -- C:\Program Files\Freecycle\FreecycleMember.dll (Edward Hibbert (eh@dataconnection.com))

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" (Acronis)
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AsusStartupHelp"=C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe ()
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN (Virgin Broadband)
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" (Lexmark International Inc.)
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s ()
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
"LXCECATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 ()
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" (Lexmark International, Inc.)
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray (Napster)
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" (Virgin Broadband)
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" (Sonic Solutions)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" ()
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
"TV Card Remote Control Device Monitor"=C:\WINDOWS\713xRMT.exe ()
"WireLessKeyboard "=C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe ()
"WireLessMouse "=C:\Program Files\Multimedia Combo Set\MouseDrv.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2007/06/22 10:14:12 | 01,974,272 | ---- | M] (Compro Technology, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ComproRemote.lnk = C:\Program Files\Common Files\VideoMate\ComproRemote.exe
[2007/06/22 14:14:10 | 00,229,376 | ---- | M] (Compro Technology, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
[2001/02/13 00:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
[2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-500\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\update: http in My Computer
microsoft.com\windowsupdate: http in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\update: http in My Computer
microsoft.com\windowsupdate: http in My Computer
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0742B9EF-8C83-41CA-BFBA-830A59E23533}: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab -- Microsoft Data Collection Control
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative.com/su/ocx/15030/CTSUEng.cab -- Creative Software AutoUpdate
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1183839371218 -- WUWebControl Class
{6C269571-C6D7-4818-BCA4-32A035E8C884}: http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab -- Creative Software AutoUpdate
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1185197781593 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}: http://upload.facebook.com/controls/Facebo...Uploader4_5.cab -- Facebook Photo Uploader 4
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}: http://by119fd.bay119.hotmail.msn.com/activex/HMAtchmt.ocx -- Hotmail Attachments Control
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su/...15106/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{12DC2EF2-3019-4671-B4D7-BC16C478FBD5} (Servers: | Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)
{36DAE779-5D6A-4F3C-8F53-D0F5CBF39898} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,relog_ap,
>[2005/09/20 11:18:18 | 00,008,192 | ---- | M] (Acronis) -- C:\WINDOWS\system32\relog_ap.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/07/07 16:51:20 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2008/11/05 13:45:12 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/11/05 08:18:39 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/11/05 07:26:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/11/05 07:26:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/11/05 07:26:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/11/05 07:26:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/11/05 07:26:08 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/11/05 07:26:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/11/05 07:26:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/11/05 07:26:08 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/11/05 07:26:08 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/11/05 07:26:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/11/05 07:26:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/11/05 07:23:00 | 03,024,895 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2008/11/03 20:03:37 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/11/03 20:03:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/03 16:31:00 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/11/03 16:30:39 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/11/03 12:54:39 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/11/03 12:54:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/03 12:54:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/03 09:56:12 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/03 09:56:12 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/03 09:56:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/11/03 09:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/11/03 09:49:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Lavasoft
[2008/11/02 12:16:13 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/02 12:16:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/02 12:16:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/02 12:16:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/02 12:14:05 | 02,373,088 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2008/10/31 07:58:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/31 06:37:26 | 00,002,530 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MBAM Bug collection info
[2008/10/30 16:15:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2008/10/30 16:15:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/30 13:13:08 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2008/10/30 13:12:27 | 00,000,169 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
[2008/10/26 18:59:42 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\To sharn Happy Birthday we are going out with sharn wagamamas games shop another games shop around the corner.doc
[2008/10/24 22:10:43 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/24 20:42:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
[2008/10/24 20:42:23 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/10/24 20:42:23 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2008/10/24 20:42:20 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/10/24 18:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2008/10/15 17:07:03 | 00,000,339 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\My Documents.lnk
[2008/10/15 15:47:00 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 15:46:35 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 15:46:34 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 15:46:34 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 15:46:33 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 15:46:19 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/11 11:25:45 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/11 11:25:02 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/11 11:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/10/11 11:24:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/11 11:20:33 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[22 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/11/05 13:45:14 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/11/05 13:42:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/05 13:42:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/05 13:15:25 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2008/11/05 11:19:51 | 00,127,488 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\current account.xls
[2008/11/05 07:31:41 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/05 07:31:28 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/05 07:23:06 | 03,024,895 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2008/11/05 07:16:16 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{769DC3A9-4704-4B34-B3B3-400CCC1BBCB8}.job
[2008/11/04 18:59:23 | 00,000,568 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2008/11/03 20:09:03 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/11/03 12:54:39 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/11/03 09:56:12 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/03 09:56:12 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/03 09:04:30 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Income 2008_09.xls
[2008/11/02 12:16:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/02 12:14:09 | 02,373,088 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2008/10/31 13:06:05 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2008/10/31 06:37:26 | 00,002,530 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\MBAM Bug collection info
[2008/10/30 13:41:43 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Hours worked.xls
[2008/10/30 13:35:51 | 06,419,546 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/10/30 13:12:27 | 00,000,169 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
[2008/10/29 07:17:09 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/26 19:48:11 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\To sharn Happy Birthday we are going out with sharn wagamamas games shop another games shop around the corner.doc
[2008/10/26 14:27:02 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/26 07:36:20 | 00,551,928 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/26 07:36:20 | 00,462,668 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/26 07:36:20 | 00,078,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/25 10:35:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/25 09:55:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/10/25 09:55:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/10/24 21:28:00 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2008/10/22 16:27:34 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:27:26 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/15 17:33:53 | 00,173,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 17:07:03 | 00,000,339 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\My Documents.lnk
[2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 16:26:31 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/07 19:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >


.........................................................................................................................


OTViewIt Extras logfile created on: 05/11/2008 13:46:14 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.11 Mb Total Physical Memory | 435.58 Mb Available Physical Memory | 42.91% Memory free
2.39 Gb Paging File | 1.82 Gb Available in Paging File | 76.31% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 155.53 Gb Free Space | 81.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AUTHORIS-6EDCBA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/11/14 17:53:08 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2005/09/19 14:56:32 | 00,401,408 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 17:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CF9FF3-7934-4E94-B8BD-DBE1FB033694}"=PPSDKRedistributables
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}"=Microsoft IntelliType Pro 6.3
"{07224AA9-2F2F-46A2-9A56-3B7B603B5E6C}"=Ulead Straight-to-Disc SDK
"{12346CA2-3799-4C06-90BC-A4AF242F439B}"=ComproDTV 3
"{13E5C47B-D111-406A-9B69-D5886BDA5F86}"=VideoMate TV driver
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{193FA8A6-E195-4DF0-BC9C-588115D9D7C8}"=Freecycle Internet Explorer Plugin
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3780136B-22BA-4327-A226-A39EB2636730}"=Roxio Easy Media Creator 8 Content
"{41E340F0-0BD6-4A87-AF29-E9E584471756}"=VideoMate T , M , P , S Series Driver
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{621C02EA-AAFF-4026-A903-165D59529A16}"=Driver Detective
"{68CC21AD-B6EC-4DB8-954D-F27AD0D9A83F}"=TV Expert
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{868901EE-7807-4F89-A134-7C705D34F91F}"=Roxio Easy Media Creator 8 Suite
"{890DC1F9-893B-4FD3-B4F8-476CA4F2777A}"=PCguard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}"=Napster Burn Engine
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{9EA404D2-5A5E-4A44-94E3-B8B148F7BCBC}"=ComproFM 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BBBCAE4B-B416-4182-A6F2-438180894A81}"=Napster
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}"=Creative MediaSource 5
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver
"{CA83357B-931E-44DC-AD43-9996FEEB8116}"=Acronis True Image
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D3386797-A836-4030-AB5D-4E89F2F15F33}"=Authentium
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{D6A1E429-CCE1-4140-A615-710B806D12BA}"=Motorola Driver Installation 3.2.0
"{D944236D-7992-41D6-8257-930B5832F1CC}"=Creative Zen Micro
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{ECFADFA9-F1B7-438E-A2DC-C6D482D5C760}"=Multimedia Combo Set Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}"=PC Probe II
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"Creative Jukebox Driver"=Creative Jukebox Driver
"Creative Removable Disk Manager"=Creative Removable Disk Manager
"DECCHECK"=Microsoft Windows XP Video Decoder Checkup Utility
"Freedom{890DC1F9-893B-4FD3-B4F8-476CA4F2777A}"=Virgin Broadband PCguard
"HDMI"=Intel® Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}"=Driver Detective
"Lexmark 4300 Series"=Lexmark 4300 Series
"Lexmark Fax Solutions"=Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"RadialpointClientGateway_is1"=Virgin Broadband advisor 1.5.10
"Registry Mechanic_is1"=Registry Mechanic 8.0
"SysInfo"=Creative System Information
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:46:59 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:46:59 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ System Events ]
Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 06:14:40 | Computer Name = AUTHORIS-6EDCBA | Source = System Error | ID = 1003
Description = Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3
80000000, parameter4 00000000.

Error - 03/11/2008 07:11:53 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7034
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 03/11/2008 08:22:41 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7034
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 04/11/2008 12:49:54 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:05 AM

Posted 05 November 2008 - 09:19 AM

Download(right click and select Save file as or Save link as): DelDomains.inf
http://mvps.org/winhelp2002/DelDomains.inf

To use: Close all open browsers
Right-click DelDomains.inf and select: Install


Reboot your computer.
See if you can get your Windows updates now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 zw2042

zw2042
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Birmingham, England
  • Local time:08:05 AM

Posted 05 November 2008 - 01:12 PM

Downloaded file and installed then rebooted but still get directed to MSN.COM when I try Windows Update.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:05 AM

Posted 05 November 2008 - 01:21 PM

Please post a new log from OTViewIt.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 zw2042

zw2042
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Birmingham, England
  • Local time:08:05 AM

Posted 05 November 2008 - 05:58 PM

New log from OTViewIt as requested.

----------------------------------------------------------

OTViewIt logfile created on: 05/11/2008 22:49:09 - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.11 Mb Total Physical Memory | 437.80 Mb Available Physical Memory | 43.13% Memory free
2.39 Gb Paging File | 1.88 Gb Available in Paging File | 78.71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 155.49 Gb Free Space | 81.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AUTHORIS-6EDCBA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/01/24 17:53:22 | 00,316,920 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Broadband\PCguard\fws.exe
[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/09/20 11:18:18 | 00,159,744 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2007/04/27 18:07:52 | 00,177,688 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
[2007/11/14 17:53:08 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
[2005/09/19 15:20:58 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
[2005/01/31 08:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2007/01/24 13:12:48 | 02,037,240 | ---- | M] (Virgin Broadband) -- C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
[2007/01/24 17:53:48 | 00,275,960 | ---- | M] (Virgin Broadband) -- C:\Program Files\Virgin Broadband\PCguard\Rps.exe
[2008/04/14 00:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007/03/09 10:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[2008/04/14 00:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/08/02 17:45:16 | 00,192,512 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 4300 Series\lxcemon.exe
[2005/07/26 12:17:18 | 00,094,208 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 4300 Series\ezprint.exe
[2005/09/19 15:53:50 | 01,687,552 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
[2005/09/19 15:29:54 | 00,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
[2006/10/06 11:11:10 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2006/10/06 11:13:28 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2006/10/06 11:10:06 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2007/07/05 15:08:46 | 16,380,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2004/06/27 14:38:58 | 00,503,808 | ---- | M] () -- C:\Program Files\Multimedia Combo Set\MouseDrv.exe
[2004/07/01 08:40:22 | 00,233,472 | ---- | M] () -- C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
[2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2007/06/01 03:00:00 | 00,466,944 | R--- | M] () -- C:\WINDOWS\713xRMT.exe
[2007/01/12 18:36:40 | 00,323,216 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
[2008/06/10 11:56:30 | 01,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
[2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2005/07/06 10:14:12 | 00,471,040 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcecoms.exe
[2004/07/28 06:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2005/09/20 11:18:18 | 00,918,463 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
[2005/09/20 11:18:18 | 00,110,592 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
[2005/09/19 15:09:30 | 00,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
[2007/11/14 17:53:08 | 01,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/07/08 15:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007/06/22 10:14:12 | 01,974,272 | ---- | M] (Compro Technology, Inc.) -- C:\Program Files\Common Files\VideoMate\ComproRemote.exe
[2007/06/22 14:14:10 | 00,229,376 | ---- | M] (Compro Technology, Inc.) -- C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[2008/05/26 21:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe
[2008/05/26 21:17:56 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchfilterhost.exe
[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/11/05 13:45:14 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2005/09/20 11:18:18 | 00,159,744 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2007/04/27 18:07:52 | 00,177,688 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007/11/14 17:53:08 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
[2005/07/06 10:14:12 | 00,471,040 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcecoms.exe -- (lxce_device [On_Demand | Running])
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2005/09/19 15:25:20 | 00,229,376 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare [Auto | Stopped])
[2005/09/19 15:24:00 | 00,856,064 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB [On_Demand | Stopped])
[2005/09/19 14:57:14 | 00,045,056 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer [On_Demand | Stopped])
[2005/09/19 14:56:32 | 00,401,408 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer [Auto | Stopped])
[2005/09/19 15:20:58 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch [Auto | Running])
[2007/01/24 17:53:22 | 00,316,920 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Broadband\PCguard\fws.exe -- (RP_FWS [Auto | Running])
[2005/01/31 08:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006/10/18 19:12:16 | 00,012,664 | R--- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [System | Running])
[2005/09/23 17:41:42 | 00,354,048 | ---- | M] (Compro Technology, Inc.) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134 [On_Demand | Running])
[2005/09/19 22:05:00 | 00,309,632 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2007/04/27 17:49:12 | 00,840,352 | R--- | M] (Authentium, Inc.) -- C:\WINDOWS\system32\drivers\css-dvp.sys -- (CSS DVP [Auto | Running])
[2005/01/27 02:22:00 | 00,088,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/09/19 22:05:00 | 00,027,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
[2003/09/24 09:23:56 | 00,033,408 | ---- | M] (Zero-Knowledge Systems Inc.) -- C:\WINDOWS\system32\drivers\freedom.sys -- (Freedom [On_Demand | Running])
[2006/01/11 12:58:38 | 00,054,840 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\system32\drivers\FreeTdi.sys -- (FreeTdi [Auto | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/10/06 13:24:00 | 01,181,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])
[2007/07/18 18:26:04 | 04,547,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/01/19 02:01:00 | 00,017,280 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
[2008/04/13 18:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2002/10/15 13:48:46 | 00,012,964 | ---- | M] (WayTech Development, Inc.) -- C:\WINDOWS\System32\drivers\kbfilter.sys -- (kbfilter [System | Running])
[2005/09/19 22:05:00 | 00,027,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
[2007/06/18 13:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped])
[2004/08/13 02:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2005/09/12 10:10:18 | 00,019,840 | ---- | M] (Compro Technology, Inc.) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune [On_Demand | Running])
[2006/02/28 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/09/19 22:05:00 | 00,119,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
[2007/07/26 23:06:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/09/19 17:08:50 | 00,050,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter [System | Running])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/10/29 07:48:48 | 00,096,032 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [Boot | Running])
[2008/10/29 07:48:55 | 00,030,080 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter [Auto | Running])
[2008/10/29 07:48:54 | 00,217,664 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter [Boot | Running])
[2004/12/23 16:27:56 | 00,027,392 | ---- | M] (Ulead Systems, Inc.) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp [On_Demand | Running])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2007/12/06 09:51:00 | 00,285,952 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])
[2006/08/24 12:44:14 | 00,477,696 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS) [On_Demand | Stopped])
[2004/10/25 12:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.virginmedia.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.virginmedia.com/

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main]

========== (O1) Hosts File ==========

HOSTS File - (27 bytes) - C:\WINDOWS\System32\Drivers\etc\hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3C060EA2-E6A9-4E49-A530-D4657B8C449A} (HKLM) -- C:\Program Files\Virgin Broadband\PCguard\pkR.dll (Radialpoint Inc.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{56071E0D-C61B-11D3-B41C-00E02927A304} (HKLM) -- C:\Program Files\Virgin Broadband\PCguard\FBHR.dll (Radialpoint Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{C3E5E149-27B7-49D1-8420-B02AC52AF663} (HKLM) -- C:\Program Files\Freecycle\FreecycleMember.dll (Edward Hibbert (eh@dataconnection.com))

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" (Acronis)
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AsusStartupHelp"=C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe ()
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN (Virgin Broadband)
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" (Lexmark International Inc.)
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s ()
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
"LXCECATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 ()
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" (Lexmark International, Inc.)
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray (Napster)
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" (Virgin Broadband)
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" (Sonic Solutions)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" ()
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
"TV Card Remote Control Device Monitor"=C:\WINDOWS\713xRMT.exe ()
"WireLessKeyboard "=C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe ()
"WireLessMouse "=C:\Program Files\Multimedia Combo Set\MouseDrv.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2007/06/22 10:14:12 | 01,974,272 | ---- | M] (Compro Technology, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ComproRemote.lnk = C:\Program Files\Common Files\VideoMate\ComproRemote.exe
[2007/06/22 14:14:10 | 00,229,376 | ---- | M] (Compro Technology, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
[2001/02/13 00:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
[2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-500\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-1993962763-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0742B9EF-8C83-41CA-BFBA-830A59E23533}: https://support.microsoft.com/OAS/ActiveX/MSDcode.cab -- Microsoft Data Collection Control
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative.com/su/ocx/15030/CTSUEng.cab -- Creative Software AutoUpdate
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1183839371218 -- WUWebControl Class
{6C269571-C6D7-4818-BCA4-32A035E8C884}: http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab -- Creative Software AutoUpdate
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1185197781593 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}: http://upload.facebook.com/controls/Facebo...Uploader4_5.cab -- Facebook Photo Uploader 4
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D}: http://by119fd.bay119.hotmail.msn.com/activex/HMAtchmt.ocx -- Hotmail Attachments Control
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su/...15106/CTPID.cab -- Creative Software AutoUpdate Support Package

========== (O17) DNS Name Servers ==========

{12DC2EF2-3019-4671-B4D7-BC16C478FBD5} (Servers: | Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)
{36DAE779-5D6A-4F3C-8F53-D0F5CBF39898} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,relog_ap,
>[2005/09/20 11:18:18 | 00,008,192 | ---- | M] (Acronis) -- C:\WINDOWS\system32\relog_ap.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/07/07 16:51:20 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2008/11/05 17:52:17 | 00,001,432 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DelDomains.inf
[2008/11/05 13:45:12 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/11/05 08:18:39 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/11/05 07:26:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/11/05 07:26:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/11/05 07:26:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/11/05 07:26:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/11/05 07:26:08 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/11/05 07:26:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/11/05 07:26:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/11/05 07:26:08 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/11/05 07:26:08 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/11/05 07:26:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/11/05 07:26:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/11/05 07:23:00 | 03,024,895 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2008/11/03 20:03:37 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/11/03 20:03:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/03 16:31:00 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/11/03 16:30:39 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/11/03 12:54:39 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/11/03 12:54:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/03 12:54:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/03 09:56:12 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/03 09:56:12 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/03 09:56:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/11/03 09:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/11/03 09:49:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Lavasoft
[2008/11/02 12:16:13 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/02 12:16:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/02 12:16:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/02 12:16:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/02 12:14:05 | 02,373,088 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2008/10/31 07:58:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/31 06:37:26 | 00,002,530 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MBAM Bug collection info
[2008/10/30 16:15:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2008/10/30 16:15:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/30 13:13:08 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2008/10/30 13:12:27 | 00,000,169 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
[2008/10/26 18:59:42 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\To sharn Happy Birthday we are going out with sharn wagamamas games shop another games shop around the corner.doc
[2008/10/24 22:10:43 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/24 20:42:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
[2008/10/24 20:42:23 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/10/24 20:42:23 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2008/10/24 20:42:20 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/10/24 18:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2008/10/15 17:07:03 | 00,000,339 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\My Documents.lnk
[2008/10/15 15:47:00 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/10/15 15:46:35 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/10/15 15:46:34 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/10/15 15:46:34 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/10/15 15:46:33 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/10/15 15:46:19 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/10/11 11:25:45 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/11 11:25:02 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/10/11 11:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/10/11 11:24:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/10/11 11:20:33 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[22 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/11/05 22:47:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/05 22:47:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/05 22:42:25 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{769DC3A9-4704-4B34-B3B3-400CCC1BBCB8}.job
[2008/11/05 18:05:52 | 00,001,432 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DelDomains.inf
[2008/11/05 13:45:14 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[2008/11/05 13:15:25 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2008/11/05 11:19:51 | 00,127,488 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\current account.xls
[2008/11/05 07:31:41 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/05 07:31:28 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/05 07:23:06 | 03,024,895 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2008/11/04 18:59:23 | 00,000,568 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2008/11/03 20:09:03 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2008/11/03 12:54:39 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2008/11/03 09:56:12 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/03 09:56:12 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/03 09:04:30 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Income 2008_09.xls
[2008/11/02 12:16:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/02 12:14:09 | 02,373,088 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2008/10/31 13:06:05 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2008/10/31 06:37:26 | 00,002,530 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\MBAM Bug collection info
[2008/10/30 13:41:43 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Hours worked.xls
[2008/10/30 13:35:51 | 06,419,546 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/10/30 13:12:27 | 00,000,169 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fix.bat
[2008/10/29 07:17:09 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/26 19:48:11 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\To sharn Happy Birthday we are going out with sharn wagamamas games shop another games shop around the corner.doc
[2008/10/26 14:27:02 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/26 07:36:20 | 00,551,928 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/26 07:36:20 | 00,462,668 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/26 07:36:20 | 00,078,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/25 10:35:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/25 09:55:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/10/25 09:55:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/10/24 21:28:00 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2008/10/22 16:27:34 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:27:26 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/15 17:33:53 | 00,173,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 17:07:03 | 00,000,339 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\My Documents.lnk
[2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 16:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/15 16:26:31 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/07 19:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

-----------------------------------------------------

OTViewIt Extras logfile created on: 05/11/2008 22:49:09 - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.11 Mb Total Physical Memory | 437.80 Mb Available Physical Memory | 43.13% Memory free
2.39 Gb Paging File | 1.88 Gb Available in Paging File | 78.71% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 155.49 Gb Free Space | 81.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AUTHORIS-6EDCBA
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/11/14 17:53:08 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2005/09/19 14:56:32 | 00,401,408 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 17:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CF9FF3-7934-4E94-B8BD-DBE1FB033694}"=PPSDKRedistributables
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}"=Microsoft IntelliType Pro 6.3
"{07224AA9-2F2F-46A2-9A56-3B7B603B5E6C}"=Ulead Straight-to-Disc SDK
"{12346CA2-3799-4C06-90BC-A4AF242F439B}"=ComproDTV 3
"{13E5C47B-D111-406A-9B69-D5886BDA5F86}"=VideoMate TV driver
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{193FA8A6-E195-4DF0-BC9C-588115D9D7C8}"=Freecycle Internet Explorer Plugin
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3780136B-22BA-4327-A226-A39EB2636730}"=Roxio Easy Media Creator 8 Content
"{41E340F0-0BD6-4A87-AF29-E9E584471756}"=VideoMate T , M , P , S Series Driver
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{621C02EA-AAFF-4026-A903-165D59529A16}"=Driver Detective
"{68CC21AD-B6EC-4DB8-954D-F27AD0D9A83F}"=TV Expert
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{868901EE-7807-4F89-A134-7C705D34F91F}"=Roxio Easy Media Creator 8 Suite
"{890DC1F9-893B-4FD3-B4F8-476CA4F2777A}"=PCguard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}"=Napster Burn Engine
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{9EA404D2-5A5E-4A44-94E3-B8B148F7BCBC}"=ComproFM 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BBBCAE4B-B416-4182-A6F2-438180894A81}"=Napster
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}"=Creative MediaSource 5
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver
"{CA83357B-931E-44DC-AD43-9996FEEB8116}"=Acronis True Image
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D3386797-A836-4030-AB5D-4E89F2F15F33}"=Authentium
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{D6A1E429-CCE1-4140-A615-710B806D12BA}"=Motorola Driver Installation 3.2.0
"{D944236D-7992-41D6-8257-930B5832F1CC}"=Creative Zen Micro
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{ECFADFA9-F1B7-438E-A2DC-C6D482D5C760}"=Multimedia Combo Set Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}"=PC Probe II
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"Creative Jukebox Driver"=Creative Jukebox Driver
"Creative Removable Disk Manager"=Creative Removable Disk Manager
"DECCHECK"=Microsoft Windows XP Video Decoder Checkup Utility
"Freedom{890DC1F9-893B-4FD3-B4F8-476CA4F2777A}"=Virgin Broadband PCguard
"HDMI"=Intel® Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}"=Driver Detective
"Lexmark 4300 Series"=Lexmark 4300 Series
"Lexmark Fax Solutions"=Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"RadialpointClientGateway_is1"=Virgin Broadband advisor 1.5.10
"Registry Mechanic_is1"=Registry Mechanic 8.0
"SysInfo"=Creative System Information
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:41:12 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:46:59 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/11/2008 11:46:59 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\.HOUSECALL6.6\AU_TEMP\1984_5416\SERVER.INI>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 05/11/2008 14:20:15 | Computer Name = AUTHORIS-6EDCBA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 05:49:15 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/11/2008 06:14:40 | Computer Name = AUTHORIS-6EDCBA | Source = System Error | ID = 1003
Description = Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3
80000000, parameter4 00000000.

Error - 03/11/2008 07:11:53 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7034
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 03/11/2008 08:22:41 | Computer Name = AUTHORIS-6EDCBA | Source = Service Control Manager | ID = 7034
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 04/11/2008 12:49:54 | Computer Name = AUTHORIS-6EDCBA | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:05 AM

Posted 05 November 2008 - 06:20 PM

Run the quick scan with Malwarebytes.
Remove whatever it finds.

DO NOT REBOOT!

Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)


Now lets check some settings on your system.
  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL
  • Left click on Properties
  • Double-Click on the Internet Protocol (TCP/IP) item
  • Select the radio dial that says Obtain DNS Servers Automatically
  • Press OK twice to get out of the properties screen and reboot if it asks

Let me know if you are still being redirected.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 zw2042

zw2042
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Birmingham, England
  • Local time:08:05 AM

Posted 06 November 2008 - 02:19 AM

MBAM scan found 6 baddies again. Items removed but did not reboot.
ran the ipconfig /flushdns command
In network connections the radio dial for 'obtain DNS servers automatically' was already selected
exited out of properties - no reboot requested

Tried Windows update again - briefly displayed windowsupdate web address in IE but immediately changed to and went to MSN.COM

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:05 AM

Posted 06 November 2008 - 04:55 PM

Are you using a router? This must have infected the settings on your router.
If so, reset your router and then run ipconfig /flushdns again.

Run Malwarebytes to see if it cleared it up.

Let me know how it goes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 zw2042

zw2042
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Birmingham, England
  • Local time:08:05 AM

Posted 07 November 2008 - 10:55 AM

Hi there. SUCCESS! I do use a router. Everything appears to be working now. Thanks very much for your help.
Do I need to do anything else or do you have any recommendations?

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:05 AM

Posted 07 November 2008 - 11:06 AM

Alright! :thumbsup:

Let's just clean up the tools that I had you download and then I'll post some final recommendations for you.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Posted Image




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:) :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 zw2042

zw2042
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Location:Birmingham, England
  • Local time:08:05 AM

Posted 07 November 2008 - 05:47 PM

Cleanup complete, system restore disabled and enabled, IE settings checked and amended, firewall and anti-virus software running, Spybot and Ad-aware already installed, Spywareblaster downloaded and installed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users