Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown issue. Hard drive fills up


  • This topic is locked This topic is locked
7 replies to this topic

#1 Woppe

Woppe

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 November 2008 - 03:09 PM

Wow, that was a massive list of tasks to perform before I got here and write this thread. I've run all the tests you recommended me to here.

My problem is, that my hard drive C:, where Windows XP pro SP3 is installed, gets filled up with I don't know what.
When I boot my computer, it says I have 160 GB free on C:. Now, three hours later, I only got 154 GB left. Free space continues to disappear, but returns when I reboot the system.

I hope you got any idea what i could possibly be.
Hijackthis log is shown below.

Edit: I forgot to mention, all the security software found was a few tracking cookies and two files I know are safe. On the other hand, Zone Alarm has recently started asking me lots of question if a want to allow a program to access other software as I start it. Unfortunately, I don't remember the name exactly, and I can't reproduce it right now. I'll make another edit when I find out. The executable starts with a c anyway, and it's a short name - 5 letters or so.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:32, on 2008-11-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\windows\Explorer.EXE
C:\Program Files\Security\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Internet\Apache\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Security\Nod32\ekrn.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Internet\MySQL\bin\mysqld-nt.exe
C:\Program Files\Internet\Apache\Apache2\bin\Apache.exe
C:\WINDOWS\system32\oodag.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Program Files\System\WMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system32\rundll32.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\Hardware\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Security\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\Editors\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Security\Nod32\egui.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Hardware\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Security\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet\Apache\Apache2\bin\ApacheMonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Assorted programs\shortcutcentral\Shortcut Central.exe
C:\Program Files\Assorted programs\Type and Run\TypeAndRun.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet\Firefox\firefox.exe
C:\Program Files\Internet\Miranda IM\miranda32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\Internet\Firefox\FlashGet\Jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Editors\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\Internet\Firefox\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\Internet\Firefox\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\Hardware\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Security\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\Internet\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Editors\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Video\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\Security\Nod32\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Hardware\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Security\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Shortcut to Shortcut Central.lnk = C:\Program Files\Assorted programs\shortcutcentral\Shortcut Central.exe
O4 - Startup: Shortcut to TypeAndRun.lnk = C:\Program Files\Assorted programs\Type and Run\TypeAndRun.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Internet\Apache\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\Internet\Firefox\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\Internet\Firefox\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Editors\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Editors\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Editors\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Internet\Firefox\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Internet\Firefox\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163587226921
O16 - DPF: {E505599B-F37A-4849-A7B0-E0AAB5CB054C} (ScriptPlayerRuntime Class) - https://gfs.nb.se/privat/bank/scripts/eid/N...eaSmartCard.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Editors\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Security\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Internet\Apache\Apache2\bin\Apache.exe
O23 - Service: Apache2.2 - Apache Software Foundation - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\Security\Nod32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\Security\Nod32\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\Internet\FileZilla Server\FileZilla Server.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Audio\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\System\WMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\Internet\VNC4\WinVNC4.exe

--
End of file - 14493 bytes

Edited by Woppe, 04 November 2008 - 05:36 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:05 AM

Posted 11 November 2008 - 04:35 PM

Hello, Woppe.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Woppe

Woppe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 14 November 2008 - 06:38 PM

Man, that kasperysky online scan took like forever. Scanning compressed archives was really slow. But finally, it's done.
I'm attaching the logs.

Regarding Abel.exe, Passwordspro.exe, GetHashes.exe and saminside.exe, I think it's in the nature of these programs to be detected as virus. But I've installed them for my own safety.

OTViewIt logfile created on: 2008-11-12 17:31:23 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Andreas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,50% Memory free
4,00 Gb Paging File | 3,97 Gb Available in Paging File | 99,25% Paging File free
Paging file location(s): G:\pagefile.sys 3072 4096;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 142,22 Gb Free Space | 47,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298,09 Gb Total Space | 14,40 Gb Free Space | 4,83% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CORE2DUO
Current User Name: Andreas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008-08-01 05:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008-08-01 05:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007-09-06 16:14:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2005-05-10 12:31:22 | 00,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\Stardock\SDMCP.exe
[2008-11-02 21:35:43 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Security\Ad-Aware\aawservice.exe
[2007-09-05 08:55:42 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Internet\Apache\Apache2\bin\Apache.exe
[2008-09-10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007-12-21 08:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\Security\Nod32\ekrn.exe
[2007-09-05 08:55:42 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Internet\Apache\Apache2\bin\Apache.exe
[2006-03-24 23:23:22 | 00,098,304 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
[2006-08-26 00:14:16 | 04,435,968 | ---- | M] () -- C:\Program Files\Internet\MySQL\bin\mysqld-nt.exe
[2007-02-15 13:45:36 | 00,707,344 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
[2007-11-15 22:28:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2006-11-13 13:00:58 | 00,224,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\System\WMware Workstation\vmware-authd.exe
[2006-11-13 12:43:56 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
[2006-11-13 13:01:04 | 00,142,128 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
[2005-11-22 15:06:14 | 00,685,048 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\Internet\VNC4\winvnc4.exe
[2006-11-13 13:00:48 | 00,113,456 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
[2007-01-31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008-04-14 05:42:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006-08-03 16:25:48 | 00,591,360 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
[2006-08-22 11:46:06 | 01,422,848 | ---- | M] () -- C:\Program Files\Hardware\Ai Suite\AiNap\AiNap.exe
[2006-12-18 20:34:36 | 00,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2006-07-13 06:12:26 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[2007-09-06 16:14:18 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Security\ZoneAlarm\zlclient.exe
[2007-11-05 05:32:38 | 00,061,440 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
[2007-08-24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Editors\Microsoft Office\Office12\GrooveMonitor.exe
[2007-10-11 18:12:16 | 00,094,208 | ---- | M] (Universal Electronics Inc.) -- C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2007-07-17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2007-12-21 08:21:06 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\Security\Nod32\egui.exe
[2006-11-12 11:48:46 | 00,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\Hardware\DAEMON Tools\daemon.exe
[2008-06-17 15:00:34 | 01,249,280 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[2008-08-11 07:31:54 | 01,124,352 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
[2008-09-16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Security\Spybot - Search & Destroy\TeaTimer.exe
[2008-08-07 10:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
[2007-09-05 08:57:06 | 00,041,042 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Internet\Apache\Apache2\bin\ApacheMonitor.exe
[2007-08-09 10:55:01 | 00,722,728 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
[2008-08-05 13:11:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
[2004-09-15 18:48:04 | 00,098,304 | ---- | M] () -- C:\Program Files\Assorted programs\shortcutcentral\Shortcut Central.exe
[2008-08-05 13:10:58 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
[2005-07-05 17:22:12 | 00,754,688 | ---- | M] (Evgeniy Galantsev) -- C:\Program Files\Assorted programs\Type and Run\TypeAndRun.exe
[2008-05-22 14:05:06 | 00,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
[2008-08-05 13:10:56 | 00,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
[2007-07-17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2008-08-04 00:04:00 | 01,345,376 | ---- | M] (Nullsoft) -- C:\Program Files\Sound\Winamp\winamp.exe
[2006-11-24 17:16:50 | 20,058,152 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe
[2008-09-28 08:22:43 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Internet\Firefox\firefox.exe
[2008-11-12 17:29:57 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andreas\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008-11-02 21:35:43 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Security\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2006-09-10 15:23:16 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008-08-15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4 [On_Demand | Stopped])
[2007-09-05 08:55:42 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Internet\Apache\Apache2\bin\Apache.exe -- (Apache2 [Auto | Running])
File not found -- -- (Apache2.2 [Auto | Stopped])
[2008-09-10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008-08-01 05:21:05 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008-07-31 20:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007-01-31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007-12-21 08:22:44 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\Security\Nod32\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
[2007-12-21 08:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\Security\Nod32\ekrn.exe -- (ekrn [Auto | Running])
[2007-12-25 22:25:50 | 00,586,240 | ---- | M] (FileZilla Project) -- C:\Program Files\Internet\FileZilla Server\FileZilla server.exe -- (FileZilla Server [On_Demand | Stopped])
[2005-11-17 14:18:52 | 01,527,900 | ---- | M] (MAGIX®) -- C:\Program Files\Audio\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance [On_Demand | Stopped])
[2008-10-30 22:46:50 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2006-03-24 23:23:22 | 00,098,304 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize [Auto | Running])
[2007-10-09 11:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007-01-04 02:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005-11-14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007-10-11 08:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007-11-02 18:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006-12-08 16:42:25 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2007-08-24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Editors\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2006-12-02 06:17:54 | 02,805,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
[2007-11-07 07:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped])
[2006-08-26 00:14:16 | 04,435,968 | ---- | M] () -- C:\Program Files\Internet\MySQL\bin\mysqld-nt.exe -- (MySQL [Auto | Running])
[2007-10-11 08:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007-08-03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007-02-15 13:45:36 | 00,707,344 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [Auto | Running])
[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007-11-15 22:28:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007-01-25 18:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2008-08-07 10:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
[2006-12-14 16:00:00 | 00,544,768 | ---- | M] (Magix AG) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService [On_Demand | Stopped])
[2006-11-13 13:00:58 | 00,224,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\System\WMware Workstation\vmware-authd.exe -- (VMAuthdService [Auto | Running])
[2006-11-13 13:00:48 | 00,113,456 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP [Auto | Running])
[2006-11-13 12:43:56 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2 [Auto | Running])
[2006-11-13 13:01:04 | 00,142,128 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service [Auto | Running])
[2007-09-06 16:14:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2005-11-22 15:06:14 | 00,685,048 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\Internet\VNC4\winvnc4.exe -- (WinVNC4 [Auto | Running])
[2006-10-18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008-08-14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\windows\System32\drivers\adfs.sys -- (adfs [Auto | Running])
[2006-12-08 16:06:00 | 00,139,776 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService [On_Demand | Running])
[2007-01-16 08:09:06 | 00,293,888 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2006-08-07 05:57:30 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio [On_Demand | Running])
[2006-09-08 23:15:16 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2005-12-22 09:22:20 | 00,005,685 | R--- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [System | Running])
[2002-07-17 02:53:02 | 00,016,877 | ---- | M] (Adaptec) -- C:\windows\System32\drivers\ASPI32.SYS -- (ASPI32 [System | Running])
[2008-08-01 07:38:20 | 03,266,560 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008-05-15 02:24:32 | 00,171,520 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW [On_Demand | Running])
[2006-01-06 03:24:48 | 00,166,400 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx [On_Demand | Stopped])
[2008-04-14 00:16:34 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Running])
[2008-04-14 00:16:34 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Running])
[2008-04-14 00:21:36 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Running])
[2008-06-13 12:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008-04-14 00:16:30 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Running])
[2007-12-21 08:19:54 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])
[2007-12-21 08:20:14 | 00,030,216 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running])
[2007-12-21 08:21:56 | 00,033,800 | ---- | M] () -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir [System | Running])
[2001-08-17 11:19:38 | 00,037,120 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\es1370mp.sys -- (ES1370 [On_Demand | Stopped])
[2001-08-17 11:19:34 | 00,040,704 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371 [On_Demand | Stopped])
[2008-04-14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Stopped])
[2008-04-17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007-06-20 12:13:46 | 00,019,424 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc [On_Demand | Stopped])
[1996-04-03 20:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
[2006-09-18 18:27:32 | 00,010,578 | ---- | M] (Applied Networking Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2006-11-13 13:01:34 | 00,031,024 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon [Auto | Running])
[2008-04-13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008-04-14 00:16:32 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys -- (HidBth [On_Demand | Running])
[2008-04-14 00:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2008-04-14 00:16:24 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])
[2001-08-17 13:02:40 | 00,035,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame [On_Demand | Stopped])
[2004-08-13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2006-01-06 03:23:42 | 00,015,360 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC [On_Demand | Stopped])
[2008-04-14 00:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2008-05-07 06:38:20 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
[2008-05-07 06:38:20 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
[2007-01-25 18:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2001-04-19 02:27:44 | 00,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Hardware\NSLU2UpgradeUtility\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
[2007-09-17 14:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
[2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008-02-06 03:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008-04-14 00:16:34 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Running])
[2006-06-16 08:30:16 | 00,176,128 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB [On_Demand | Running])
[2003-04-10 10:42:56 | 00,048,384 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\SaiNtHid.sys -- (SaiNtHid [On_Demand | Stopped])
[2003-04-10 10:42:32 | 00,019,200 | ---- | M] (Saitek) -- C:\WINDOWS\system32\drivers\saintsub.sys -- (SaiNtSub [On_Demand | Stopped])
[2008-07-07 08:40:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007-11-13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2006-03-31 03:39:54 | 00,013,532 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt [On_Demand | Stopped])
[2007-03-24 20:13:07 | 00,646,392 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008-01-12 16:59:23 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2007-10-30 07:57:56 | 00,023,040 | ---- | M] (Todos Data System AB) -- C:\WINDOWS\system32\drivers\nordecr.sys -- (TdsNordecr [On_Demand | Running])
[2008-11-03 11:20:04 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2007-05-24 12:42:16 | 00,018,176 | ---- | M] (Todos Data System AB) -- C:\WINDOWS\system32\drivers\AgmIIusb.sys -- (TodosAgmII [On_Demand | Stopped])
[2008-06-06 08:24:44 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
[2008-04-14 00:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
[2008-05-07 06:38:36 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
[2008-04-14 00:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2006-11-13 13:01:32 | 00,016,560 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Running])
[2006-11-13 13:01:38 | 00,030,256 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge [Auto | Running])
[2006-11-13 13:01:26 | 00,022,576 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])
[2006-11-13 13:01:28 | 00,102,576 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86 [Auto | Running])
[2007-09-06 16:14:28 | 00,395,080 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2006-11-13 12:43:56 | 00,018,480 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2 [Auto | Running])
[2005-06-13 09:03:12 | 00,060,768 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus [On_Demand | Stopped])
[2005-06-13 09:05:08 | 00,009,264 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl [On_Demand | Stopped])
[2005-06-13 09:05:16 | 00,096,224 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm [On_Demand | Stopped])
[2005-06-13 09:06:58 | 00,087,792 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt [On_Demand | Stopped])
[2005-06-13 09:08:36 | 00,085,664 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex [On_Demand | Stopped])
[2006-04-10 18:05:10 | 00,104,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
[2006-11-02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2004-08-04 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])
[2006-05-23 07:56:00 | 00,245,248 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])
[2006-10-21 11:24:32 | 00,066,656 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\zebrbus.sys -- (zebrbus [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (266387 bytes) - C:\windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 1800searchonline.com
9214 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (HKLM) -- C:\Program Files\Internet\Firefox\FlashGet\Jccatch.dll (www.flashget.com)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Security\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Editors\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{F156768E-81EF-470C-9057-481BA8380DBA} (HKLM) -- C:\Program Files\Internet\Firefox\FlashGet\getflash.dll (www.flashget.com)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" (HKLM) -- C:\Program Files\Internet\Firefox\FlashGet\fgiebar.dll (Amaze Soft)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" (Adobe Systems Incorporated)
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)
"Ai Nap"="C:\Program Files\Hardware\Ai Suite\AiNap\AiNap.exe" ()
"AsusServiceProvider"=C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe ()
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"egui"="C:\Program Files\Security\Nod32\egui.exe" /hide /waitservice (ESET)
"FileZilla Server Interface"="C:\Program Files\Internet\FileZilla Server\FileZilla Server Interface.exe" (FileZilla Project)
"GrooveMonitor"="C:\Program Files\Editors\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
"QuickTime Task"="C:\Program Files\Video\Quicktime\QTTask.exe" -atboottime (Apple Inc.)
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD.)
"sclauncher"=C:\Program Files\SimpleCenter\bin\win\sclauncher.exe (Universal Electronics Inc.)
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"ZoneAlarm Client"="C:\Program Files\Security\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\Hardware\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (Time Information Services Ltd.)
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
"SpybotSD TeaTimer"=C:\Program Files\Security\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"=C:\Program Files\Bild\Picasa2\PicasaMediaDetector.exe (Google Inc.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"=C:\Program Files\Bild\Picasa2\PicasaMediaDetector.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\Hardware\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (Time Information Services Ltd.)
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
"SpybotSD TeaTimer"=C:\Program Files\Security\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2007-09-05 08:57:06 | 00,041,042 | ---- | M] (Apache Software Foundation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = C:\Program Files\Internet\Apache\Apache2\bin\ApacheMonitor.exe
[2007-08-09 10:55:01 | 00,722,728 | ---- | M] (Technology Nexus AB) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
[2005-03-16 19:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Andreas\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2004-09-15 18:48:04 | 00,098,304 | ---- | M] () -- C:\Documents and Settings\Andreas\Start Menu\Programs\Startup\Shortcut to Shortcut Central.lnk = C:\Program Files\Assorted programs\shortcutcentral\Shortcut Central.exe
[2005-07-05 17:22:12 | 00,754,688 | ---- | M] (Evgeniy Galantsev) -- C:\Documents and Settings\Andreas\Start Menu\Programs\Startup\Shortcut to TypeAndRun.lnk = C:\Program Files\Assorted programs\Type and Run\TypeAndRun.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Download All with FlashGet: C:\Program Files\Internet\Firefox\FlashGet\jc_all.htm [2007-05-15 10:10:34 | 00,001,049 | ---- | M] ()
&Download with FlashGet: C:\Program Files\Internet\Firefox\FlashGet\jc_link.htm [2007-05-15 10:10:34 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Editors\Microsoft Office\Office12\EXCEL.EXE [2008-07-30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)
Sothink SWF Catcher: C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm [2007-02-09 09:00:00 | 00,000,191 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Editors\Microsoft Office\Office12\EXCEL.EXE [2008-07-30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Editors\Microsoft Office\Office12\EXCEL.EXE [2008-07-30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
&Download All with FlashGet: C:\Program Files\Internet\Firefox\FlashGet\jc_all.htm [2007-05-15 10:10:34 | 00,001,049 | ---- | M] ()
&Download with FlashGet: C:\Program Files\Internet\Firefox\FlashGet\jc_link.htm [2007-05-15 10:10:34 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Editors\Microsoft Office\Office12\EXCEL.EXE [2008-07-30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)
Sothink SWF Catcher: C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm [2007-02-09 09:00:00 | 00,000,191 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Editors\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Editors\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}: Button: Encarta Search Bar -- %CommonProgramFiles%\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL [2006-06-10 10:10:56 | 00,289,560 | ---- | M] (Microsoft Corporation)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Button: FlashGet -- %ProgramFiles%\Internet\Firefox\FlashGet\flashget.exe [2007-06-29 12:44:34 | 01,990,704 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Menu: FlashGet -- %ProgramFiles%\Internet\Firefox\FlashGet\flashget.exe [2007-06-29 12:44:34 | 01,990,704 | ---- | M] (FlashGet.com)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Security\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 14:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{E19ADC6E-3909-43E4-9A89-B7B676377EE3}: Button: Sothink SWF Catcher -- %CommonProgramFiles%\SourceTec\SWF Catcher\InternetExplorer.htm [2007-02-09 09:00:00 | 00,000,191 | ---- | M] ()
{E19ADC6E-3909-43E4-9A89-B7B676377EE3}: Menu: Sothink SWF Catcher -- %CommonProgramFiles%\SourceTec\SWF Catcher\InternetExplorer.htm [2007-02-09 09:00:00 | 00,000,191 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Editors\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\Internet\Firefox\FlashGet\flashget.exe [FlashGet] -> [2007-06-29 12:44:34 | 01,990,704 | ---- | M] (FlashGet.com)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Editors\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\Internet\Firefox\FlashGet\flashget.exe [FlashGet] -> [2007-06-29 12:44:34 | 01,990,704 | ---- | M] (FlashGet.com)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 05:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/7.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1163587226921 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object
{E505599B-F37A-4849-A7B0-E0AAB5CB054C}: https://gfs.nb.se/privat/bank/scripts/eid/N...eaSmartCard.cab -- ScriptPlayerRuntime Class

========== (O17) DNS Name Servers ==========

{057D878D-D7D4-44DA-9DA8-0C999F55ABB7} (Servers: | Description: )
{09F8FC14-1B82-4128-B00B-20912B19B2F8} (Servers: | Description: )
{19575A05-F627-4873-B8A4-36126FA8563E} (Servers: | Description: )
{1B40503B-37E1-476F-BC1B-E57EC7BEAAC4} (Servers: | Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter)
{36967534-7674-418E-A7F4-54C1CB7AEC49} (Servers: | Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)
{3DC33799-F44A-4E9E-A543-A7786668F1A7} (Servers: | Description: Windows Mobile-based Device)
{4C4B4F13-3196-421B-B59D-44721E1DDE52} (Servers: | Description: Windows Mobile-based Device)
{5B63A9AD-E5F3-4DC0-9737-09E9E7CBDD2D} (Servers: | Description: )
{6881FE66-4F78-4E78-AEC1-15C41AC47322} (Servers: | Description: )
{A5ADA6F9-02B3-49BC-8CD3-2B50E20BB1CD} (Servers: | Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter)
{C6E12074-68D0-43F0-B624-721AAED06064} (Servers: | Description: Generic Marvell Yukon Chipset based Ethernet Controller)
{CDB3BBBD-45F3-4C90-9468-FCF60DE6C15B} (Servers: | Description: 1394 Net Adapter)
{FBC5998B-09FF-4725-B6B4-C3CD40E7E384} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
MCPClient: "DllName" = C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll -- C:\Program Files\Common Files\Stardock\MCPStub.dll (Stardock)
WgaLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"0aMCPClient"={F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} (HKLM) -- C:\Program Files\Common Files\Stardock\MCPCore.dll (Stardock)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Editors\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 0

========== Files/Folders - Created Within 30 Days ==========

[3 C:\windows\System32\*.tmp files]
[5 C:\windows\*.tmp files]
[2008-11-12 17:29:44 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andreas\Desktop\OTViewIt.exe
[2008-11-11 12:25:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andreas\Application Data\vlc
[2008-11-04 20:58:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008-11-03 11:20:22 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmcomm.sys
[2008-11-03 09:53:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008-11-02 21:35:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008-11-02 21:34:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008-11-02 01:33:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andreas\Local Settings\Application Data\ESET
[2008-11-02 00:26:51 | 00,000,352 | -H-- | C] () -- C:\windows\nod32fixtemdono.reg
[2008-11-02 00:24:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008-11-01 23:28:30 | 00,000,000 | ---D | C] -- C:\64x64pics
[2008-10-30 22:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008-10-30 22:34:05 | 00,000,000 | ---D | C] -- C:\windows\Prefetch
[2008-10-30 22:01:30 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6.dll
[2008-10-30 22:01:30 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpcdll.dll
[2008-10-30 22:01:30 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6r.dll
[2008-10-30 22:01:19 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\irbus.sys
[2008-10-30 22:01:19 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\smtpapi.dll
[2008-10-30 22:01:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rwnh.dll
[2008-10-30 22:01:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\comsdupd.exe
[2008-10-30 22:01:16 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2008-10-30 22:01:16 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2008-10-30 22:01:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsprx4.dll
[2008-10-30 22:01:14 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2008-10-30 22:01:14 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2008-10-30 22:01:14 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3svc.dll
[2008-10-30 22:01:14 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2008-10-30 22:01:14 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll
[2008-10-30 22:01:14 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpqec.dll
[2008-10-30 22:01:14 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3gpclnt.dll
[2008-10-30 22:01:14 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dimsroam.dll
[2008-10-30 22:01:14 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapolqec.dll
[2008-10-30 22:01:14 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3api.dll
[2008-10-30 22:01:14 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dimsntfy.dll
[2008-10-30 22:01:14 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\credssp.dll
[2008-10-30 22:01:14 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3dlg.dll
[2008-10-30 22:01:13 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2008-10-30 22:01:13 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappcfg.dll
[2008-10-30 22:01:13 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll
[2008-10-30 22:01:13 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapqec.dll
[2008-10-30 22:01:13 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappprxy.dll
[2008-10-30 22:01:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapsvc.dll
[2008-10-30 22:01:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdpash.dll
[2008-10-30 22:01:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdnepr.dll
[2008-10-30 22:01:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdiultn.dll
[2008-10-30 22:01:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdbhc.dll
[2008-10-30 22:01:11 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcex.dll
[2008-10-30 22:01:11 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\microsoft.managementconsole.dll
[2008-10-30 22:01:11 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcfxcommon.dll
[2008-10-30 22:01:11 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kmsvc.dll
[2008-10-30 22:01:11 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\l2gpstore.dll
[2008-10-30 22:01:11 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcperf.exe
[2008-10-30 22:01:10 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napmontr.dll
[2008-10-30 22:01:10 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napstat.exe
[2008-10-30 22:01:10 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssha.dll
[2008-10-30 22:01:10 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msshavmsg.dll
[2008-10-30 22:01:10 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napipsec.dll
[2008-10-30 22:01:09 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qagentrt.dll
[2008-10-30 22:01:09 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rhttpaa.dll
[2008-10-30 22:01:09 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qagent.dll
[2008-10-30 22:01:09 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\onex.dll
[2008-10-30 22:01:09 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qutil.dll
[2008-10-30 22:01:09 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcliprov.dll
[2008-10-30 22:01:09 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rasqec.dll
[2008-10-30 22:01:08 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2008-10-30 22:01:08 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tspkg.dll
[2008-10-30 22:01:08 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupn.exe
[2008-10-30 22:01:07 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanapi.dll
[2008-10-30 22:01:05 | 00,000,000 | ---D | C] -- C:\windows\System32\scripting
[2008-10-30 22:01:05 | 00,000,000 | ---D | C] -- C:\windows\l2schemas
[2008-10-30 22:01:04 | 00,000,000 | ---D | C] -- C:\windows\System32\en
[2008-10-30 22:01:04 | 00,000,000 | ---D | C] -- C:\windows\System32\bits
[2008-10-30 21:57:42 | 00,000,000 | ---D | C] -- C:\windows\ServicePackFiles
[2008-10-30 21:54:45 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\agpcpq.sys
[2008-10-30 21:54:45 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\alim1541.sys
[2008-10-30 21:54:45 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\agp440.sys
[2008-10-30 21:54:43 | 00,129,045 | ---- | C] () -- C:\windows\System32\drivers\cxthsfs2.cty
[2008-10-30 21:54:42 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\gagp30kx.sys
[2008-10-30 21:54:41 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\hidir.sys
[2008-10-30 21:54:39 | 00,067,866 | ---- | C] () -- C:\windows\System32\drivers\netwlan5.img
[2008-10-30 21:54:38 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\sffp_mmc.sys
[2008-10-30 21:54:37 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\uagp35.sys
[2008-10-30 21:54:37 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\smbali.sys
[2008-10-30 21:54:36 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbvideo.sys
[2008-10-30 21:54:36 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\viaagp.sys
[2008-10-30 21:54:36 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\wacompen.sys
[2008-10-30 21:48:08 | 00,000,000 | -H-D | C] -- C:\windows\$NtServicePackUninstall$
[2008-10-23 22:32:33 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\netapi32.dll
[2008-10-21 15:22:01 | 00,057,282 | ---- | C] () -- C:\Documents and Settings\Andreas\Desktop\andreas.jpg
[2008-10-16 21:00:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andreas\Local Settings\Application Data\Spotify
[2008-10-16 21:00:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andreas\Application Data\Spotify
[2008-10-15 01:07:19 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\srv.sys
[2008-10-15 01:06:50 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\win32k.sys
[2008-10-15 01:06:48 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntoskrnl.exe
[2008-10-15 01:06:48 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrnlmp.exe
[2008-10-15 01:06:47 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrnlpa.exe
[2008-10-15 01:06:47 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrpamp.exe

========== Files - Modified Within 30 Days ==========

[3 C:\windows\System32\*.tmp files]
[5 C:\windows\*.tmp files]
[2008-11-12 17:29:57 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andreas\Desktop\OTViewIt.exe
[2008-11-12 00:00:39 | 00,530,858 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2008-11-12 00:00:39 | 00,447,348 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2008-11-12 00:00:39 | 00,073,498 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2008-11-11 23:56:42 | 00,350,921 | ---- | M] () -- C:\windows\System32\vsconfig.xml
[2008-11-11 23:56:34 | 00,000,434 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2008-11-11 23:55:41 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2008-11-11 23:55:13 | 00,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2008-11-11 23:55:10 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2008-11-11 23:55:08 | 00,003,568 | ---- | M] () -- C:\windows\System32\ativvaxx.cap
[2008-11-11 23:54:53 | 00,070,131 | ---- | M] () -- C:\windows\System32\OODBS.lor
[2008-11-11 23:52:50 | 00,003,316 | ---- | M] () -- C:\windows\wincmd.ini
[2008-11-11 19:25:07 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2008-11-10 09:00:58 | 00,167,936 | ---- | M] () -- C:\Documents and Settings\Andreas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-06 22:10:06 | 00,000,229 | ---- | M] () -- C:\windows\NeroDigital.ini
[2008-11-03 16:56:54 | 00,266,387 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2008-11-03 11:20:04 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmcomm.sys
[2008-11-03 10:56:45 | 00,269,159 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.bak
[2008-11-02 00:34:22 | 00,093,432 | ---- | M] () -- C:\Documents and Settings\Andreas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008-11-02 00:29:31 | 02,426,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2008-10-30 22:37:27 | 00,004,212 | -H-- | M] () -- C:\windows\System32\zllictbl.dat
[2008-10-30 22:29:56 | 00,002,711 | ---- | M] () -- C:\windows\imsins.BAK
[2008-10-30 21:53:53 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008-10-21 15:22:01 | 00,057,282 | ---- | M] () -- C:\Documents and Settings\Andreas\Desktop\andreas.jpg
[2008-10-16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuaueng.dll
[2008-10-16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuaueng.dll
[2008-10-16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuweb.dll
[2008-10-16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuweb.dll
[2008-10-16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wucltui.dll
[2008-10-16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wucltui.dll
[2008-10-16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2008-10-16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuapi.dll
[2008-10-16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuaucpl.cpl
[2008-10-16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuaucpl.cpl
[2008-10-16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\cdm.dll
[2008-10-16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\cdm.dll
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuauclt.exe
[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuauclt.exe
[2008-10-16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2008-10-16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wucltui.dll.mui
[2008-10-16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2008-10-16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wups.dll
[2008-10-16 14:07:46 | 00,023,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuaucpl.cpl.mui
[2008-10-16 14:07:44 | 00,023,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll.mui
[2008-10-16 14:07:14 | 00,018,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuaueng.dll.mui
[2008-10-16 14:06:48 | 00,268,648 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mucltui.dll
[2008-10-16 14:06:48 | 00,208,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\muweb.dll
[2008-10-16 14:06:48 | 00,027,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mucltui.dll.mui
[2008-10-15 18:21:25 | 00,004,096 | ---- | M] () -- C:\windows\System32\crash
[2008-10-15 17:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\netapi32.dll
[2008-10-15 17:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\netapi32.dll
< End of report >

OTViewIt Extras logfile created on: 2008-11-12 17:31:23 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Andreas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,50% Memory free
4,00 Gb Paging File | 3,97 Gb Available in Paging File | 99,25% Paging File free
Paging file location(s): G:\pagefile.sys 3072 4096;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 142,22 Gb Free Space | 47,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298,09 Gb Total Space | 14,40 Gb Free Space | 4,83% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CORE2DUO
Current User Name: Andreas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found
.txt [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008-04-14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008-10-08 21:27:34 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Internet\uTorrent\utorrent.exe:*:Enabled:µTorrent
[2008-09-04 02:35:46 | 00,557,666 | ---- | M] ( ) -- C:\Program Files\Internet\Miranda IM\miranda32.exe:*:Enabled:Miranda IM
File not found -- C:\Program Files\Internet\Apache\bin\httpd.exe:*:Enabled:httpd.exe
[2007-07-17 15:35:12 | 04,771,840 | ---- | M] () -- C:\Program Files\Hardware\W800i\Update Service\ma3platform.exe:*:Enabled:ma3platform
[2005-11-22 15:06:14 | 00,685,048 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\Internet\VNC4\winvnc4.exe:*:Enabled:VNC Server
[2006-09-22 10:11:24 | 00,561,152 | ---- | M] () -- C:\Program Files\Audio\Last.fm\LastFM.exe:*:Enabled:LastFM
[2008-04-14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007-08-16 01:19:22 | 00,761,856 | ---- | M] (ZtereoSoft Handelsbolag) -- C:\Program Files\Internet\Ztereo\Ztereo.exe:*:Enabled:Ztereo
[2008-02-25 17:03:44 | 08,811,824 | ---- | M] (VoipBuster) -- C:\Program Files\Internet\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster
[2005-08-11 08:39:22 | 01,387,008 | ---- | M] (ES-Computing) -- C:\Program Files\Editors\EditPlus 2\editplus.exe:*:Enabled:EditPlus
[2007-09-05 08:55:42 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Internet\Apache\Apache2\bin\Apache.exe:*:Enabled:Apache.exe
File not found -- C:\Program Files\Internet\RevConnect\DCPlusPlus.exe:*:Enabled:DC++
[2008-06-10 00:21:04 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary
[2007-08-28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Editors\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2007-11-02 18:36:34 | 17,152,808 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Documents and Settings\Andreas\Desktop\utorrent.exe:*:Enabled:µTorrent
[2005-03-28 18:35:00 | 00,721,408 | ---- | M] (DigitalCandle, Inc.) -- C:\Program Files\Internet\BPFTP Server\bpftpserver.exe:*:Enabled:BulletProof FTP Server (http://www.bpftpserver.com)
[2007-02-20 14:23:30 | 07,202,360 | ---- | M] (VoipCheapCom) -- C:\Program Files\Internet\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom
[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007-06-29 12:44:34 | 01,990,704 | ---- | M] (FlashGet.com) -- C:\Program Files\Internet\Firefox\FlashGet\flashget.exe:*:Enabled:Flashget
[2008-08-14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
[2008-08-15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server
[2006-11-24 17:16:50 | 20,058,152 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-08-24 06:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Editors\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-11-07 09:23:16 | 00,991,736 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006-10-26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}"=Adobe Color NA Recommended Settings CS4
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}"=Adobe Flash Player 10 Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam™
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}"=Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}"=Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}"=Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{06BB4B3D-3827-4891-9E38-5DF9DC54493B}"=Datakokboken
"{07041881-E9B4-4DF6-A845-CAAFD093E477}"=Microsoft Student with Encarta Premium 2007
"{07043840-959A-4B0D-8825-2C533F0DDB19}"=Microsoft Math
"{098727E1-775A-4450-B573-3F441F1CA243}"=kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}"=Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}"=Adobe CSI CS4
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}"=Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{14298AFE-9001-9CFB-595E-38BB3DCB25D3}"=ccc-utility
"{14F70205-1940-4000-88C7-BE799A6B2CAD}"=Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}"=Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}"=Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}"=AdobeColorCommonSetRGB
"{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}"=Nokia Software Updater
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}"=PC Connectivity Solution
"{1B7C06E1-4888-47A6-992A-0990B9683486}"=Adobe Version Cue CS4 Server
"{1BA6EE26-3358-B634-FD05-D07C964EE944}"=Skins
"{1C8466F1-8D45-45D9-B8CD-D5B243D4E0D6}"=Adobe Creative Suite 4 Production Premium
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}"=Adobe Media Player
"{212748BB-0DA5-46DE-82A1-403736DC9F27}"=MSVC80_x86
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}"=Adobe Flash CS4 STI-en
"{241F2BF7-69EB-42A4-9156-96B2426C7504}"=Microsoft SQL Server Compact 3.5 for Devices ENU
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}"=Need for Speed™ Carbon
"{26257044-A78C-49BF-8165-DD4ABAF851F8}"=S60 3rd Edition FP1 SDK for Symbian OS
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}"=Adobe CS4 American English Speech Analysis Models
"{2A0A6470-FD0F-4F45-9B11-85F3167DB943}"=Nokia Flashing Cable Driver
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}"=Macromedia Flash 8
"{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}"=Nokia Nseries Video Manager
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}"=Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}"=AI Suite
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}"=PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}"=Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}"=Adobe Flash Player 10 ActiveX
"{3A862C7D-0504-48BC-AEF8-7F7479C7C158}"=Apache HTTP Server 2.0.61
"{3A9E0E2F-B0D1-452B-B833-7A7300EA1231}"=Saitek NT Controller Drivers
"{3CCD4EBD-87BE-4089-AAD8-E88FEF96EDBD}"=Svorak A1
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}"=Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}"=Adobe WinSoft Linguistics Plugin
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}"=ATI HydraVision
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}"=Pixel Bender Toolkit
"{437AB8E0-FB69-4222-B280-A64F3DE22591}"=Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}"=Microsoft Document Explorer 2005
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}"=Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}"=Adobe After Effects CS4
"{46F441C8-4193-4D54-9F93-751D27EFB8F4}"=MySQL Server 5.0
"{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}"=Google Earth Pro
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}"=Adobe Service Manager Extension
"{4B403860-66B7-4269-B22E-A1DE5C6306D2}"=Aptana IDE
"{4F55E486-4EDE-A879-B6CC-0B07DD475540}"=Catalyst Control Center Graphics Light
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}"=Adobe Soundbooth CS4 Codecs
"{53480370-6CA2-47EC-BC05-02B4B9271C31}"=O&O Defrag Professional Edition
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}"=Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}"=Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}"=Adobe Media Encoder CS4 Exporter
"{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}"=ESET NOD32 Antivirus
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}"=Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}"=Adobe Dynamiclink Support
"{619B8475-0F48-41B7-A370-5147F7092989}"=Virtual Earth 3D (Beta)
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}"=Microsoft .NET Compact Framework 2.0
"{6297F8EC-D821-4B33-B845-8A8D1A0DF472}"=Lightroom
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}"=Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}"=Adobe Photoshop CS4 Support
"{64893BC9-D912-4A2D-A47A-E38650112781}"=Serif PanoramaPlus 3
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}"=Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}"=Microsoft Document Explorer 2008
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}"=Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}"=Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}"=AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}"=Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6B2C675E-8040-431B-99C4-137DF4FBF75A}"=Thermal Analysis Tool
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}"=HP Precisionscan Pro 3.1
"{6C531060-84FB-4F96-8F33-29DF020632EB}"=Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}"=Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6E65247F-58F9-41CA-BE69-0316F7907170}"=Disc2Phone
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}"=Adobe OnLocation CS4
"{746E4937-CC0E-C8A2-CEF3-41774D227847}"=Catalyst Control Center Graphics Full Existing
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}"=Adobe ExtendScript Toolkit 2
"{793D1D88-6141-43DE-BE58-59BCE31B4090}"=Adobe Flash CS4 Extension - Flash Lite STI en
"{80A1F948-2D8E-7C25-87AA-6D8294334A5D}"=Catalyst Control Center Core Implementation
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}"=Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}"=Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}"=Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}"=Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}"=Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{87532CAB-7932-4F84-8937-823337622807}"=Adobe Illustrator CS4
"{886F91D5-4B45-45DC-938E-6B0276C6B015}"=Solid Edge V20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A50284B-6426-2FDF-48BD-0895482344E8}"=CCC Help English
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}"=Adobe Setup
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1053}"=Nero 8
"{8B3F4499-32E6-470D-8586-E6C03420F889}"=ASUS WiFi-AP Solo
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}"=Macromedia Flash 8 Video Encoder
"{8C0E417D-551E-475C-8FA4-A3F0D7EF396A}"=Carbide.vs 3.0.1
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8DE292EC-FA26-4526-BFEB-3EE820E97005}"=OpenOffice.org Installer 1.0
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}"=Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}"=Adobe Help Center 2.0
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0021-0000-0000-0000000FF1CE}"=Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}"=Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0804-0000-0000000FF1CE}"=用于 2007 Microsoft Office 程序的 Microsoft 另存为 PDF/XPS 加载项
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90170409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office FrontPage 2003
"{92C7D009-A464-4948-A980-7A3E28CB2F49}"=Richard Burns Rally
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}"=Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}"=Adobe CMaps CS4
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}"=Windows Mobile 5.0 SDK R2 for Smartphone
"{96E94E18-54D6-42C1-8FC4-24DACEDC3395}"=Nokia NSeries System Utilities
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}"=Google SketchUp 6
"{98D1A713-438C-4A23-8AB6-41B37C4A2D47}"=VMware Workstation
"{98FA9751-E7E0-4509-BE22-0E66BE8592B4}"=MySQL Tools for 5.0
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}"=Microsoft SQL Server Database Publishing Wizard 1.2
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}"=Nokia PC Suite
"{A8C856AD-63CD-4613-AA29-E6C85607EA06}"=Nokia Software Launcher
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{ADE91A13-434D-4229-00BC-182BAD607303}"=Need for Speed™ Most Wanted
"{AF62372A-4A2A-4CE9-BDD7-A66B28E316B0}"=Visual Studio 2005 IDE Enhancements
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}"=Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}"=Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}"=Adobe Premiere Pro CS4 Functional Content
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}"=Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}"=Connect
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}"=Microsoft Device Emulator version 3.0 - ENU
"{B348E585-E872-41DF-8234-E2D49917CFBB}"=Learning Essentials for Microsoft Office
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}"=Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}"=Adobe Photoshop CS4
"{B74D4E10-0000-0000-0000-EDED00000102}"=Adobe ExtendScript Toolkit 1.0
"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0
"{B93F0E87-FBDB-097E-5DCA-FF99110F26E0}"=Catalyst Control Center Graphics Previews Common
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}"=Adobe Output Module
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}"=Microsoft SQL Server Compact 3.5 ENU
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1"=Sothink SWF Decompiler
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}"=Adobe Media Encoder CS4 Additional Exporter
"{C04ED833-89A3-BC13-BAE3-96FDD56933F9}"=Catalyst Control Center Graphics Full New
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}"=Nokia Connectivity Cable Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}"=Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}"=Adobe Premiere Pro CS4 Third Party Content
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}"=Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC419DDC-E0F0-4013-B25A-6FA036516F0D}"=Need for Speed™ ProStreet
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}"=Photoshop Camera Raw
"{CDC31D08-9789-2554-2670-C33BC49F0DD3}"=ccc-core-static
"{D048A3AD-31D3-44A5-9D12-C4ADD3253B00}"=ActivePerl 5.6.1 Build 638
"{D45EC259-4A19-4656-B588-C2C360DD18EA}"=Half-Life® 2
"{D499F8DE-3F31-4900-9157-61061613704B}"=Adobe Premiere Pro CS4
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}"=Microsoft Visual Studio 2008 Professional Edition - ENU
"{D84CB492-A248-49BA-8BBF-805A67C38A4E}"=Argos Mini II
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1"=NOD32 FiX v2.1
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}"=Adobe After Effects 7.0
"{DDEDBEE3-E5B7-454A-A457-9B06C5C67B85}"=Safari
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}"=Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}"=iTunes
"{EB909D22-8D05-43CC-ABDD-8F74DAE36533}"=Adobe Setup
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0
"{EE353798-E875-42E0-B58D-7E6696182EA8}"=Adobe Media Encoder CS4 Dolby
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}"=Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}"=Adobe Flash CS4
"{F779EC8D-6703-4C4A-817C-37B07898E647}"=Nokia NSeries Content Copier
"{F89E5AD8-AE47-49B5-B9F9-C498791E6255}"=Nokia NSeries Music Manager
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}"=Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}"=Adobe PDF Library Files CS4
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}"=Adobe Encore CS4 Codecs
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}"=Folder Size for Windows
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}"=Adobe Fonts All
"{FD349381-D79C-4E5C-8980-015DFFB962D5}"=Nokia NSeries Application Installer
"{FE2881D8-236B-6B25-2C5A-74CFB00F2756}"=ccc-core-preinstall
"{FEBC7B8D-BC69-46F7-A872-7698D03127C8}"=DiRT Demo
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}"=Microsoft Student 2007 for Learning Essentials
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F"=Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B"=Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe After Effects 7.0"=Adobe After Effects 7.0
"Adobe AIR"=Adobe AIR
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_3d93a3f0a9b616dcf6ecc835a3278f7"=Adobe Creative Suite 4 Production Premium
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Audacity_is1"=Audacity 1.2.5
"AutoHotkey"=AutoHotkey 1.0.47.04
"AVIcodec"=AVIcodec (remove only)
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD"=Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"Cablenut"=Cablenut 4.08
"Cain & Abel v4.9.1"=Cain & Abel v4.9.1
"CAL"=Canon Camera Access Library
"CameraWindowDC"=Canon Utilities CameraWindow DC
"CameraWindowDVC5"=Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6"=Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher"=Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task"=CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX"=Canon Internet Library for ZoomBrowser EX
"Canon_IJ_Network_UTILITY"=Canon IJ Network Tool
"CANONBJ_Deinstall_CNMCP7A.DLL"=Canon iP5200R
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player
"CSCLIB"=Canon Camera Support Core Library
"CSL Arm Toolchain (arm-symbianelf)_is1"=CSL ARM Toolchain (arm-symbianelf) 2005-Q1C
"Dev-C++"=Dev-C++ 5 beta 9 release (4.9.9.2)
"DFX for Winamp"=DFX 8 for Winamp
"Diablo II"=Diablo II
"DirectVobSub"=DirectVobSub (remove only)
"EditPlus 2"=EditPlus 2
"ENTERPRISE"=Microsoft Office Enterprise 2007
"EOS Utility"=Canon Utilities EOS Utility
"Far Manager"=Far Manager v1.70
"ffdshow_is1"=ffdshow [rev 1589] [2007-10-31]
"FileZilla Server"=FileZilla Server (remove only)
"Firebird SQL Server UK"=Firebird SQL Server - MAGIX Edition
"FLAC"=FLAC Installer 1.1.2a (remove only)
"FlashGet"=FlashGet 1.9.0.1012
"FlashGet(JetCar)"=FlashGet(JetCar)
"Foxit Reader"=Foxit Reader
"FreeUndelete"=FreeUndelete
"GMailFS"=GMail Drive Shell Extension
"HaaliMkx"=Haali Media Splitter
"HexEdit"=HexEdit
"HijackThis"=HijackThis 2.0.2
"Home Media Server 4.2.0.38"=Home Media Server 4.2.0.38
"HydraIRC"=HydraIRC
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ImageMagick 6.4.3 Q8_is1"=ImageMagick 6.4.3-6 Q8 (09/15/08)
"LADSPA_plugins-win_is1"=LADSPA_plugins-win-0.4.15
"LastFM_is1"=Last.fm 1.0.7
"Launchy_21344213_is1"=Launchy 1.25
"Live for Speed S2"=Live for Speed S2 0.5Q
"Macromedia Director MX 2004"=Macromedia Director MX 2004
"Magic ISO Maker v5.3 (build 0221)"=Magic ISO Maker v5.3 (build 0221)
"MatlabR2007b"=MATLAB R2007b
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"Microsoft Document Explorer 2005"=Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008"=Microsoft Document Explorer 2008
"Microsoft Visual J# 2.0 Redistributable Package"=Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU"=Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Studio 2008 Professional Edition - ENU"=Microsoft Visual Studio 2008 Professional Edition - ENU
"Miranda IM"=Miranda IM 0.7.10
"mIRC"=mIRC
"Monkey's Audio_is1"=Monkey's Audio
"MovieEditTask"=Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14)
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera"=Canon Utilities MyCamera
"MyCameraDC"=Canon Utilities MyCamera DC
"MySQL-Front_is1"=MySQL-Front 3.2
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NOD32 v3.x FiX 1.1 by TemDono_is1"=NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"Nokia PC Suite"=Nokia PC Suite
"ObjectDock Plus"=ObjectDock Plus
"Personal"=Personal 4.5.2
"Photomatix Pro_is1"=Photomatix Pro version 2.5
"PhotoStitch"=Canon Utilities PhotoStitch
"Picasa2"=Picasa 2
"Pixie_is1"=Pixie 1.4.1
"PowerISO"=PowerISO
"PSPad editor_is1"=PSPad editor
"PTGui"=PTGui Pro 7.0
"PuTTY_is1"=PuTTY version 0.58
"QuickSFV"=QuickSFV (Remove only)
"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX
"RealVNC_is1"=VNC Enterprise Edition 4.1.9
"RemoteCaptureDC"=Canon Utilities RemoteCapture DC
"RemoteCaptureTask"=Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sauerbraten"=Sauerbraten
"SE|PY ActionScript Editor"=SE|PY ActionScript Editor 1.5.3.6
"Serious Samurize"=Serious Samurize
"Skype_is1"=Skype 2.5
"Songbeat"=Songbeat 1.3
"Songbird 20080325"=Songbird 0.5 (20080325)
"Sony Ericsson W800"=Sony Ericsson W800 Software
"Spotify"=Spotify
"SUPER ©"=SUPER © Version 2007.bld.22 (Mar 14, 2007)
"TeXnicCenter_is1"=TeXnicCenter Version 1 Beta 7.01 (Greengrass)
"The Blocklist Manager_is1"=BLM 2.7.7
"The KMPlayer"=The KMPlayer (remove only)
"TopStyle3_is1"=TopStyle (Version 3)
"Totalcmd"=Total Commander (Remove or Repair)
"TPTEST5_is1"=TPTEST 5.0.2
"Ugutil"=Upgrade Utility
"Update Service"=Update Service
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC"=Windows Imaging Component
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPcapInst"=WinPcap 4.0
"WinRAR archiver"=WinRAR archiver
"VisualWebDeveloper"=Microsoft Visual Studio Web Authoring Component
"VLC media player"=VLC media player 0.9.6
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"VoipBuster_is1"=VoipBuster
"VoipCheapCom_is1"=VoipCheapCom
"Wudf01005"=Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"XviD_is1"=XviD 1.2.-127 +SMP Alpha uninstall
"ZoneAlarm Anti-Spyware"=ZoneAlarm Anti-Spyware
"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility"=Canon ZoomBrowser EX Memory Card Utility
"ZoomPlayer"=Zoom Player (remove only)
"Ztereo"=Ztereo 0.6.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoViz Toolkit"=GeoViz Toolkit
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoViz Toolkit"=GeoViz Toolkit
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008-10-18 05:26:02 | Computer Name = CORE2DUO | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in miranda32.exe [4620]. Just-In-Time
debugging this exception failed with the following error: The logged in user did
not have access to debug the crashing application. Check the documentation index
for 'Just-in-time debugging, errors' for more information.

Error - 2008-10-28 17:03:08 | Computer Name = CORE2DUO | Source = Application Hang | ID = 1002
Description = Hanging application KMPlayer.exe, version 2.9.3.1428, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2008-10-29 16:48:12 | Computer Name = CORE2DUO | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 13.0.128.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2008-10-29 16:54:22 | Computer Name = CORE2DUO | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2008-11-01 06:02:38 | Computer Name = CORE2DUO | Source = FolderSize | ID = 0
Description =

Error - 2008-11-01 06:02:40 | Computer Name = CORE2DUO | Source = FolderSize | ID = 0
Description =

Error - 2008-11-01 06:02:41 | Computer Name = CORE2DUO | Source = FolderSize | ID = 0
Description =

Error - 2008-11-01 06:02:58 | Computer Name = CORE2DUO | Source = FolderSize | ID = 0
Description =

Error - 2008-11-01 06:03:22 | Computer Name = CORE2DUO | Source = FolderSize | ID = 0
Description =

Error - 2008-11-10 04:30:57 | Computer Name = CORE2DUO | Source = Application Error | ID = 1000
Description = Faulting application musicmanager.exe, version 7.0.103.2, faulting
module qtcore4.dll, version 4.3.3.0, fault address 0x00039580.

[ OSession Events ]
Error - 2007-02-27 06:43:03 | Computer Name = CORE2DUO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 624
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2008-11-09 02:41:46 | Computer Name = CORE2DUO | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 2008-11-09 04:41:46 | Computer Name = CORE2DUO | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 2008-11-09 13:57:44 | Computer Name = CORE2DUO | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
Addresses.

Error - 2008-11-09 13:59:01 | Computer Name = CORE2DUO | Source = Service Control Manager | ID = 7000
Description = The Apache2.2 service failed to start due to the following error:
%%3

Error - 2008-11-11 05:57:49 | Computer Name = CORE2DUO | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 2008-11-11 09:57:49 | Computer Name = CORE2DUO | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 2008-11-11 13:57:50 | Computer Name = CORE2DUO | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 2008-11-11 18:55:37 | Computer Name = CORE2DUO | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
Addresses.

Error - 2008-11-11 18:56:30 | Computer Name = CORE2DUO | Source = Service Control Manager | ID = 7000
Description = The Apache2.2 service failed to start due to the following error:
%%3

Error - 2008-11-12 04:55:14 | Computer Name = CORE2DUO | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.


< End of report >

Attached Files


Edited by Billy O'Neal, 14 November 2008 - 10:14 PM.


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:05 AM

Posted 14 November 2008 - 10:24 PM

Hello, Woppe.
Please paste your logfiles into the post next time.. it makes it easier to read :thumbsup:

Regarding Abel.exe, Passwordspro.exe, GetHashes.exe and saminside.exe, I think it's in the nature of these programs to be detected as virus. But I've installed them for my own safety.


Alright.. those are all find except the PasswordsPro one. See here:
http://www.threatexpert.com/report.aspx?ui...dc-c242e7634054

I VERY much recomend removal of that file. But I will leave it alone if you ask.

When I boot my computer, it says I have 160 GB free on C:. Now, three hours later, I only got 154 GB left. Free space continues to disappear, but returns when I reboot the system.

That is normal. Several programs and utilities will dump working data into temporary directories in order to get it out of RAM.

You also have a high load of server-ish programs on this machine, for example Apache. This program creates large logfiles that are pruged upon reset. Additional programs whihc may do this are VMWare, ZoneAlarm, Bonjour (Related to Itunes) and O&O Defrag.

It is unlikely that a single applicaiton is causing the problem, likely these together is.

I don't see any active malware on this machine. Is this your only symptom?

We need to disable SpyBot Search and Destroy's "Tea Timer"
  • Launch SpyBot Search and Destroy, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit/Close Spybot S&D when done.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\Games\Need for Speed Carbon Demo\nfs_inst.exe
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=-
    [HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=-
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Woppe

Woppe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 15 November 2008 - 11:54 AM

Alright.. those are all find except the PasswordsPro one. See here:
http://www.threatexpert.com/report.aspx?ui...dc-c242e7634054

I VERY much recomend removal of that file. But I will leave it alone if you ask.

I've deleted all of them now.

That is normal. Several programs and utilities will dump working data into temporary directories in order to get it out of RAM.

You also have a high load of server-ish programs on this machine, for example Apache. This program creates large logfiles that are pruged upon reset. Additional programs whihc may do this are VMWare, ZoneAlarm, Bonjour (Related to Itunes) and O&O Defrag.

Thing is, only free space disappears. Used space does not increase.

I don't see any active malware on this machine. Is this your only symptom?

As far as I have noticed, yes.

Notice: After I had unchecked the tea timer box under "Resident" in spybot s&d and was supposed to disable it from startup, it wasn't in the list. It isn't running now anyway, so I guess it's all fine.

Log: OTMoveIt
========== FILES ==========
File/Folder C:\Games\Need for Speed Carbon Demo\nfs_inst.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-220523388-789336058-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Andreas\LOCALS~1\Temp\etilqs_qvVOO351CjZPnOOfDpKu scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Andreas\LOCALS~1\Temp\NGLALog.txt scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Andreas\LOCALS~1\Temp\Perflib_Perfdata_cfc.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Andreas\LOCALS~1\Temp\Perflib_Perfdata_d04.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Andreas\LOCALS~1\Temp\~DFC482.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\windows\temp\ib12 scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\ib13 scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\ib14 scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\ib15 scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\ib16 scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\Perflib_Perfdata_106c.dat scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\Perflib_Perfdata_120.dat scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\Perflib_Perfdata_df8.dat scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\vmware-vmount.log scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\ZLT047a8.TMP scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\ZLT0710b.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11152008_172710

Files moved on Reboot...
File C:\DOCUME~1\Andreas\LOCALS~1\Temp\etilqs_qvVOO351CjZPnOOfDpKu not found!
File move failed. C:\DOCUME~1\Andreas\LOCALS~1\Temp\NGLALog.txt scheduled to be moved on reboot.
File C:\DOCUME~1\Andreas\LOCALS~1\Temp\Perflib_Perfdata_cfc.dat not found!
File C:\DOCUME~1\Andreas\LOCALS~1\Temp\Perflib_Perfdata_d04.dat not found!
C:\DOCUME~1\Andreas\LOCALS~1\Temp\~DFC482.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\windows\temp\ib12 not found!
File C:\windows\temp\ib13 not found!
File C:\windows\temp\ib14 not found!
File C:\windows\temp\ib15 not found!
File C:\windows\temp\ib16 not found!
File C:\windows\temp\Perflib_Perfdata_106c.dat not found!
C:\windows\temp\Perflib_Perfdata_120.dat moved successfully.
C:\windows\temp\Perflib_Perfdata_df8.dat moved successfully.
File move failed. C:\windows\temp\vmware-vmount.log scheduled to be moved on reboot.
File C:\windows\temp\ZLT047a8.TMP not found!
File C:\windows\temp\ZLT0710b.TMP not found!
C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Andreas\Local Settings\Application Data\Mozilla\Firefox\Profiles\fzapdcmm.default\XUL.mfl moved successfully.

Log: Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:47, on 2008-11-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\windows\Explorer.EXE
C:\Program Files\Security\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Internet\Apache\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Internet\Apache\Apache2\bin\Apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Security\Nod32\ekrn.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\oodag.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Program Files\System\WMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Internet\VNC4\WinVNC4.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\rundll32.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\Hardware\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Security\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
C:\Program Files\Editors\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Security\Nod32\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Hardware\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet\Apache\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Assorted programs\shortcutcentral\Shortcut Central.exe
C:\Program Files\Assorted programs\Type and Run\TypeAndRun.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\notepad.exe
C:\Program Files\Internet\Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\Internet\Firefox\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Editors\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\Internet\Firefox\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\Internet\Firefox\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\Hardware\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Security\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\Internet\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Editors\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Video\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\Security\Nod32\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Hardware\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Shortcut to Shortcut Central.lnk = C:\Program Files\Assorted programs\shortcutcentral\Shortcut Central.exe
O4 - Startup: Shortcut to TypeAndRun.lnk = C:\Program Files\Assorted programs\Type and Run\TypeAndRun.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Internet\Apache\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\Internet\Firefox\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\Internet\Firefox\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Editors\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Editors\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Editors\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Internet\Firefox\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Internet\Firefox\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163587226921
O16 - DPF: {E505599B-F37A-4849-A7B0-E0AAB5CB054C} (ScriptPlayerRuntime Class) - https://gfs.nb.se/privat/bank/scripts/eid/N...eaSmartCard.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Editors\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Security\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Internet\Apache\Apache2\bin\Apache.exe
O23 - Service: Apache2.2 - Apache Software Foundation - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\Security\Nod32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\Security\Nod32\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\Internet\FileZilla Server\FileZilla Server.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Audio\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\System\WMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\Internet\VNC4\WinVNC4.exe

--
End of file - 14564 bytes

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:05 AM

Posted 15 November 2008 - 05:47 PM

Hello, Woppe.

Thing is, only free space disappears. Used space does not increase.

As far as I know the only thing that causes things like that are tools which rely on volume shadow service (Also known as volume shadow copy).
Examples of such tools:
Defraggers
Backup Utilities
Deep Freeze <-- You don't have it.

Either way, this issue does not appear malware related. And you said you have over a hundred GB left anyway... does it really matter all that much?

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Woppe

Woppe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 16 November 2008 - 03:19 PM

Thank you for your help.

I guess it's all fine now :thumbsup:

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:05 AM

Posted 16 November 2008 - 04:06 PM

Hello, Woppe
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users