Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan/DNS Changer/Adware Attack, also Cut off from Windows Updates.


  • This topic is locked This topic is locked
24 replies to this topic

#1 Bob!

Bob!

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 17 November 2008 - 09:49 PM

Hi, I believe I am a victim of malware, this post will be long but I'll attempt to include as much information as possible about my symptoms and a HijackThis Log. I am running Windows XP Professional, SP2 and I am connected to a BT Homehub router with hardware firewall (that I am not the admin of) by a Wireless D-link PCI express card.

The other day while browsing, my Norton Security Online by BT Yahoo Online Protection (Combined anti-virus/malware & Firewall) popped up with alerts saying it had caught two infections, one named W32.SillyDC and the other Backdoor.Tideserv.inf! / Trojan.Knowedel (known by both names apprently) I also saw an alert about a DNS Changer or Redirector, however it said that it had removed these threats and that I was protected. I then tried to do a scan but encountered an error so I had to do a restart.

Upon login to my desktop, (which took several tries as it kept refusing to load after login, I had to use "Last Good Known Configuration") the first thing I noticed was that "Do not show hidden files", "hide extentions for known file types", and "hide protected operating system files" folder options were all turned off for some reason, so I reset these settings. I then attembed to access my USB flash memory stick to assess the integrity of my degree assignments, the full extent of my problems was then encountered.

I received an error message when double clicking my USB stick, stating "C:\resycled\boot.com is not a valid win32 application" (its actually spelled that way) It will not open unless I right click & select explore, in which case it functions normally. I have also recently seen a hidden folder called "resycled" in my C drive that contains an MS DOS file called boot.com when logged into admin account through safe mode.

To research the error, I went onto google, and then found that every time I clicked a search result, my browser was redirected to some other random site, such as some search site or something. However it is usually fine if I paste the links into my address bar manually as it mainly only redirects my browser if I click the links in the google results. However I have also received popups now and then when browsing a few other sites, and viagra style adverts are placed on some sites such as dictionary.com where other adverts should usually be. Therefore I believe this was caused by a DNS changer and adware that came along with whatever the hell infected me.

I then realised my Windows Updates wern't functioning, it at first redirected to a "resource not found" page, and now just sends me to MSN.com, therefore I am cut off from updates.

I also found that my computer was just generally unstable, it would randomly cut off the net and require a restart, (resulting in further toils of trying to get my desktop to load after login) and it was taking a double - double click to open most of my documents and programs, many of my startup programs stopped loading properly at login, and some of my other programs had stopped functioning such as my Dell Image Expert Software gave errors about lacking registry information, and Photoshop stated it was somehow unlicensed and must be uninstalled, and then cut off too. I also found that the login screen would not load while trying to boot into safe mode.


I then tried a system restore to no joy as it just said "It could not be restored", but it seemed whatever had got me and done its damage had garbled my registry and messed up my system, so I booted from my Windows disk and performed a Windows XP Repair install, (reinstall of core OS files, but programs, files and settings are saved) and uninstalled most of my broken startup programs. This has enhanced my stability quite a bit as I am now able to boot into safe mode, and my desktop loads more reliably after login. Also the double-double click thing to open files has now gone, they load quickly as they used to.

I then attempted to reinstall Internet Explorer 7 as it had been downgraded due to the XP Repair install, but found that as soon as I clicked the download button on Microsoft's website I was redirected to a random search website with a snarky lil message: "The domain Download.Microsoft.com is invalid, Use our handy search to find what you wanted" However I was able to attain the IE7 explorer file through another computer on my network.

The repair install only helped with the issues of stability as I still suffer from all the other symptoms such as redirects, being cut off from windows updates, (which I definately need now I did that repair install) and I still cannot access my USB through straight double click.


As to my security software, as stated earlier, Norton just gave an error message while attempting a scan before the XP Repair Reinstall, however it now seems to scan fine, but just comes up clean, it did say it successfully removed the trojans mentioned earlier though, so maybe just what damage they did is left, along with the browser redirects.

Crap Ceaner's registry scanning and fixing facilities seem to work ok, but gives me an error while attempting to Analyse my system for a cleanup, despite it being the latest version, and reinstalling it. (see screenshot below)

Registry Mechanic scans and performs registry fixes ok, but cannot update and just says "Update failed, please try again later" - However I think its fixed most of the problems with my programs as Photoshop and so on now seems to be working normally.

Kaspersky Online scan produces an error when attempting to finish updating virus database, despite the number of tried. Also see below for a screenshot.

Panda Active online scan seems to work fine now (it just froze before I did the repair install) but doesn't seem to show anything major as the 2 of the 3 things it identified as malware is an older version of combofix I have in my backup files (thats one I've tactfully not ran) and the other is gamespy arcade, the other vulnerabilities are mainly related to cookies or windows vulnerabilities due to me lacking windows updates.

I have now installed SpywareBlaster to provide an extra bit of protection from such threats and hopefully prevent any more nasties getting back on through the browser redirects. Also I used to have Adware and Spybot search and destroy, but the version of Norton I have apparently doesn't like these being installed and advised me to remove them when I first got it.

So, yeah I believe this infection to be a combination of trojan, adware and DNS changer malware that garbled/damaged my registry and system files, bodged up windows update, (just goes to Msn.com now) as well as hijacking google search clicks and displaying viagra adverts where normal ones should be, and some random popups on other sites. I also believe this to be reason why a lot of my security programs are not functioning properly or are having problems updating. Also as stated although I can still use my USB memory stick through selecting "Explore", I would like to fix the resycled\boot.com error.

Anyways sorry for the long post, but I wanted to describe all my symptoms as much as possible, I'll leave it to you guys to say which order they need to be addressed in, and how. Help with healing this and getting my computer back to a standard decent enough to at least last till Christmas would be immensly appreciated as I've an absolute ton of degree work to hand in before then. Also at any point if theres a high chance of my computer not recovering from any of the removal methods, please let me know in advance so I can backup my work and so on. Also be aware that scans take a while as I have over 200GB.

Here's the screenies I mentioned earlier showing the error messages I encountered:

Crap Cleaner error during Analysis. (Ignore the MS Paint bodge, I had to join the bits together as the list was too large)

Kaspersky error during database update:


Here's my Panda Active Scan Results Log:


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-18 02:45:12
PROTECTIONS: 1
MALWARE: 21
SUSPECTS: 7
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4104.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Cookies\bob!@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Cookies\bob!@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@tradedoubler[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@mediaplex[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Cookies\bob!@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Cookies\bob!@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Cookies\bob!@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Cookies\bob!@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@bs.serving-sys[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Cookies\bob!@media.adrevolver[3].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@zedo[2].txt
00172825 Joke/Stress Jokes No 0 Yes No K:\Misc\weapons.exe
00172825 Joke/Stress Jokes No 0 Yes No C:\Documents and Settings\Bob!\My Documents\Personal Files\Misc Files\weapons.exe
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Cookies\bob!@adrevolver[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Bob!\Local Settings\Temp\Cookies\bob!@adviva[1].txt
01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
03587590 Adware/Yassist Adware No 0 No No C:\Installer Backups\Drivers & Programs\Misc Programs\Codecs\DivXInstaller.exe[²ÇÇ\y_toolbar.exe][²èÇ]
03738686 Generic Malware Virus/Trojan No 0 No No C:\Program Files\Security Tools\ComboFix.exe[327882R2FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\Installer Backups\Drivers & Programs\Security Tools\ComboFix.exe[327882R2FWJFW\catchme.cfexe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location 
;===================================================================================================================================================================================
No C:\WINDOWS\system32\ico.exe 
No C:\Installer Backups\Drivers & Programs\Drivers\Mouse\R164210.exe[R164210\EXE\ico.exe] 
No C:\Installer Backups\Drivers & Programs\Drivers\Mouse\R164210.exe[R164210\EXE_VISTA\ico.exe] 
No C:\Installer Backups\Drivers & Programs\Misc Programs\gwave525.exe 
No C:\Installer Backups\Drivers & Programs\Security Tools\ComboFix.exe[327882R2FWJFW\psexec.cfexe] 
No C:\Program Files\Security Tools\ComboFix.exe[327882R2FWJFW\psexec.cfexe] 
No C:\WINDOWS\system32\ico.exe 
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 
184379 MEDIUM MS08-001 
182048 HIGH MS07-069 
182046 HIGH MS07-067 
182043 HIGH MS07-064 
179553 HIGH MS07-061 
176382 HIGH MS07-057 
176383 HIGH MS07-058 
170911 HIGH MS07-050 
170907 HIGH MS07-046 
170906 HIGH MS07-045 
170904 HIGH MS07-043 
164915 HIGH MS07-035 
164913 HIGH MS07-033 
164911 HIGH MS07-031 
160623 HIGH MS07-027 
157262 HIGH MS07-022 
157261 HIGH MS07-021 
157260 HIGH MS07-020 
157259 HIGH MS07-019 
156477 HIGH MS07-017 
150253 HIGH MS07-016 
150249 HIGH MS07-013 
150248 HIGH MS07-012 
150247 HIGH MS07-011 
150243 HIGH MS07-008 
150242 HIGH MS07-007 
150241 MEDIUM MS07-006 
145501 HIGH MS07-004 
141034 HIGH MS06-076 
141033 MEDIUM MS06-075 
137571 HIGH MS06-070 
133387 MEDIUM MS06-065 
133386 MEDIUM MS06-064 
133385 MEDIUM MS06-063 
133379 HIGH MS06-057 
129977 MEDIUM MS06-053 
129976 MEDIUM MS06-052 
126093 HIGH MS06-051 
126092 MEDIUM MS06-050 
126087 HIGH MS06-046 
126086 MEDIUM MS06-045 
126082 HIGH MS06-041 
126081 HIGH MS06-040 
123421 HIGH MS06-036 
123420 HIGH MS06-035 
120825 MEDIUM MS06-032 
120823 MEDIUM MS06-030 
120818 HIGH MS06-025 
120815 HIGH MS06-022 
117384 MEDIUM MS06-018 
114666 HIGH MS06-015 
108744 MEDIUM MS06-008 
108743 MEDIUM MS06-007 
108742 MEDIUM MS06-006 
104567 HIGH MS06-002 
104237 HIGH MS06-001 
96574 HIGH MS05-053 
93395 HIGH MS05-051 
93394 HIGH MS05-050 
93454 MEDIUM MS05-049 
;===================================================================================================================================================================================



And finally, here's my Hijack This Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:15, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\acs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\GetRight\GetRight.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gamefaqs.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdwgn.exe] C:\WINDOWS\system32\kdwgn.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1219798769859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219984652437
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) - http://www.yougamers.com/systeminfo/MSC3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39BBB1BC-0D8C-4019-8298-40958750BFD2}: NameServer = 85.255.112.157;85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{404F68B8-8AD0-4008-BF38-C3EBA449AF03}: NameServer = 85.255.112.157;85.255.112.183
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\acs.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 13021 bytes

Edited by Bob!, 18 November 2008 - 08:19 PM.


BC AdBot (Login to Remove)

 


#2 Bob!

Bob!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 18 November 2008 - 06:15 PM

I've just tried my other two USB flash drives and they seem to work fine, no random errors with just double clicking to open those, however I didn't have those plugged in at the time.

Although I know security basics, I'm not so good at reading all these uber logs, but this one stood out to me as I don't know what it is and google has no info:

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdwgn.exe] C:\WINDOWS\system32\kdwgn.exe

Screenie from Windows Defender Startup Programs

As ya can see I tried to disable it but then it just made another, and won't let me remove either. Also I tried searching the system32 folder for the file to find when it was created from my normal account but it said nothing of that name was found. However I think most of these infections started on the 14th, since thats when me comp went foobar and Norton gave me those alerts.

Two other unknowns:

O17 - HKLM\System\CCS\Services\Tcpip\..\{39BBB1BC-0D8C-4019-8298-40958750BFD2}: NameServer = 85.255.112.157;85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{404F68B8-8AD0-4008-BF38-C3EBA449AF03}: NameServer = 85.255.112.157;85.255.112.183

Those look bad. :/

Regarding me not being able to connect to windows update and being very vulnerable at the moment (besides router hardware firewall, and Norton firewall and so on) due to the XP Repair reinstall, would I be able to plug in an ethernet cable (My wireless card doesn't seem to work in safe mode with networking) and try to access windows updates from there?

I also have an option in my Windows Media Player right click menu that says "Info Center View FarioLatino.com : Free music downloads!" That looks dodgy.

Also for reference, my Event log stopped last night for some reason and hadn't displayed anything else since 3 in the morning, though I'm sure it usually reports successful startup info and so on at least doesn't it? Also its only the System section though, the Application event viewer and so on seem to be recording fine.

Edited by Bob!, 18 November 2008 - 08:39 PM.


#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 24 November 2008 - 04:02 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

Please transfer files needed to/from the problem computer if the sites are blocked.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..


Post back with:
-the OTViewIt log
-the GMER

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#4 Bob!

Bob!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 24 November 2008 - 05:55 PM

Hi Panda, thanks for the assistance, I’m still suffering from the same symptoms.

The first thing to note is that my problem seems very similar (almost identical) to the one described in this topic:

http://www.bleepingcomputer.com/forums/t/180735/helpredirectpopupmicrosoft-download-not-allowed/

He's being assisted by Buckeye Sam, and it seems he basically has the same problem, as in Google searches being redirected to the same sites as me and so on. I knew not to follow any of the guidance in it though, just note it for reference.

Edit: Seems that this infection is going around lately, as this user also seems to be experiencing the same problem: http://www.bleepingcomputer.com/forums/t/181880/copy-book/


I haven’t made any major changes (other than what has been described already in my previous posts) since this topic was posted, however I had been doing some extra scouting in the meantime before you posted, here's the descriptions and screenshots of my findings:

I ran a full scan using Windows Malicious Software Removal Tool, however this crashed and encountered an error during the scan with something to do with the index file in the temp files folder, similar to how Crap Cleaner kept crashing, (even though I’d previously deleted all temp files through Internet Options.)

I also had a look in my Registry at the strange key called kdwgn.exe that Windows Defender and Hijack This showed, this seems to be in Hkey Local Machine > Software > Microsoft > Windows > CurrentVersion > Run. However the key immediately comes back after deletion. (I checked it wasn’t something critical first of course but nothing seems to have any information about that name) It would be interesting if I could find the date of when that key was created, as I believe the infection happened on the 14th November.

I also had a look at the TCIP settings for my Internet Connection, and it is set to use a Preferred DNS server, using the same IP as the first Octet shown in what HijackThis picked up. However selecting “obtain automatically” results in it resetting itself again immediately afterwards to that IP.

Screenshots of my findings are below:

Windows Malicious Software Tool Scan Error

Suspect Registry Key

TCIP DNS Server Connection Options


The only other points to note are that this is my main machine so small changes will happen as I use this computer for net browsing and my degree assignments and so on, however I will follow your instructions and not make any major changes or perform unadvised anti-malware operations.

I’d set the topic to notify me by e-mail and so on before you posted and I’m generally aware of most of the “best practices” and so on with this sorta thing and I’m studying in IT so I understand the basics and I’m comfortable with most operations. Explanations on any complicated processes, especially with these additional anti-malware programs are always helpful though. :thumbsup:

The main worry is that after I performed the XP Repair Reinstall described in the first topic, I believe it reset most of my operating system back to the version on the disc, so I’m without all the Windows Update patches and so on since that disc was made, leaving me very vulnerable until I can get it back working.

However I’ve confidence we’ll be able to sort this and at least my machine seems to be running more stable now, it just needs disinfecting.

Also as to my USB flash drive, it brings up the “recycled” error I described in my first post when attempting to open it by double-click even on other computers. There are also TWO “Autoplay” options in the right-click menu for some reason, that could possibly have something to do with it, as said I can use it fine by selecting "View files/folders in windows explorer" after I plug it in, or by right clicking and selecting explore, but double-clicking produces that error, named the same as the strange hidden folder in my C: drive shown in Administrator view. Remember my USB was plugged in at the time of infection.

However before I run the scans, should I have my USB drive plugged in while running the programs or will we deal with that separately?

Again, sorry for the long post but I felt it was best to keep you fully updated as to my situation and provide as much information as possible, once I know what to do with my USB drive I’ll get on with generating the logs through your instructions, thanks for the help. :)

Edited by Bob!, 24 November 2008 - 06:22 PM.


#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 24 November 2008 - 06:48 PM

Hello Bob.

No problem. I would much rather have you explain a lot than not at all. I skimmed over your original post only briefly, so kindly remind me if I seem to have missed something.

Since your USB drive was plugged in during the infection already, let's keep it connected during the process. We'll take care of any infections that "jumped" onto it as well.

Please post back with OTScanIt and GMER logs when ready.

With Regards,
The Panda

#6 Bob!

Bob!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 24 November 2008 - 07:37 PM

No problemos as long as ya read through it to guage my symptoms, I tried to do as much research as I could to speed up the process. :thumbsup:

Anyways I ran the programs with my USB in, heres how it went:

I ran OTViewIt in normal mode and that seemed to go fine, see below for the logs of that.

I did the initial setup and so on of Gmer, then restarted as prompted and started the scan, however when it reached the temporary internet files folder it crashed, this happened in both normal and safe mode so I haven't been able to get logs from that one.

However although the temporary internet files folder looks empty, it was looking in a folder called content.ie5 which seems to be one of those invisible (not hidden) folders like "local settings" is. This is strange as I only got my computer in January (brand new Dell XPS 720 H2C) and the version of the OS that came with the disk is XP Pro Service pack 2, so I'd have thought there would only be files for IE6 and later, since I'm sure thats what it came with, and I'm now using IE7. Also I directly navigated to this folder using the address from where gmer crashed, and as soon as I enter the folder, windows explorer crashes. This could be the reason Crap Cleaner, Windows Malware Removal Tool, and Gmer are all crashing with something to do with the Temp folder. Theres 2 folders inside that Content.ie5 folder but I wasn't able to have a look in them as it crashed as soon as I navigated to the main folder. This happened in both normal and safe mode.

Crash Screenshots:

Gmer Crash

Windows Explorer Crash

From the Previous Posts:

Crap Cleaner Crash

Windows Malware Removal Tool Crash

Pattern maybe? Although the WMRT one said it was looking at Index.dat and its unclear with Crap Cleaner, but they all crashed in the same way when looking at that folder, (even though I cleared it from internet options) and all give the memory errors too, although the second screenshots don't show it. No idea why.


However as said I was able to run OTViewIt with no problems, the logs from that are below: (C: is my 1TB Hard Drive, (two 500GB in Raid 0 Stripe) Drives D: and E: are my CD/DVD drives, F-I are my media card reader slots, and K: is my USB drive)

OTViewIt Log 1 - OTViewIt.txt:

OTViewIt logfile created on: 24/11/2008 23:52:54 - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Bob!\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.54% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.22% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 928.16 Gb Total Space | 716.25 Gb Free Space | 77.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7.46 Gb Total Space | 6.83 Gb Free Space | 91.52% Space Free | Partition Type: NTFS

Computer Name: BOBSBEAST
Current User Name: Bob!
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2007/04/27 08:07:42 | 00,364,628 | ---- | M] (Atheros) -- C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\acs.exe
[2007/09/12 17:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/09/24 03:01:21 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2006/07/12 12:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
[2008/08/18 07:58:08 | 00,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
[2008/10/07 12:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/09/02 12:33:22 | 00,048,640 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
[2007/01/05 08:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
[2008/08/01 10:11:10 | 00,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
[2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
[2004/08/04 10:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2004/08/04 10:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2004/08/04 10:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2006/09/21 14:40:48 | 00,137,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
[2003/06/18 00:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
[2004/08/04 10:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
[2005/11/04 17:07:56 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
[2005/11/08 12:30:42 | 00,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
[2005/11/08 12:30:46 | 00,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
[2005/11/08 12:25:46 | 00,716,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
[2007/01/10 05:59:52 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2007/08/09 12:19:00 | 00,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
[2007/05/23 19:02:36 | 00,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\pmxmiced.exe
[2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2004/08/04 10:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2004/08/04 10:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006/11/15 22:01:52 | 00,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/08/26 19:23:39 | 01,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2008/06/23 13:47:18 | 04,628,752 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\GetRight\GetRight.exe
[2008/11/24 21:26:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/10/08 19:54:02 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2007/08/13 18:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/12/14 12:06:52 | 00,120,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/11/24 21:56:43 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob!\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/04/27 08:07:42 | 00,364,628 | ---- | M] (Atheros) -- C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\acs.exe -- (ACS [Auto | Running])
[2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/09/12 17:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/09/24 03:01:21 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
[2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2007/01/13 03:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
[2008/08/29 12:16:23 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2004/08/04 10:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Disabled | Stopped])
[2007/01/14 07:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
[2007/09/12 17:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
[2008/01/29 16:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
File not found -- -- (LVPrcSrv [Auto | Stopped])
[2006/11/15 22:05:40 | 00,101,152 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2008/08/29 10:16:06 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2006/07/12 12:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2004/08/04 10:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc [Disabled | Stopped])
[2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/08/18 07:58:08 | 00,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
[2008/10/07 12:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/09/02 12:33:22 | 00,048,640 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])
[2004/08/04 10:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Stopped])
[2008/08/26 19:23:39 | 01,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
[2007/01/05 08:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])
[2008/08/01 10:11:10 | 00,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService [Auto | Running])
[2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2004/08/04 10:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Disabled | Stopped])
[2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/11/24 21:26:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services ==========

[2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2007/04/21 06:07:00 | 01,296,256 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5416.sys -- (AR5416 [On_Demand | Running])
[2007/08/08 16:54:10 | 00,028,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool [System | Running])
[2007/02/16 14:46:00 | 00,160,256 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Stopped])
[2004/08/04 10:00:00 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2004/08/04 10:00:00 | 00,100,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2004/08/04 10:00:00 | 00,274,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2004/08/04 10:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2004/12/13 21:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2005/11/08 12:14:40 | 00,502,272 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2005/11/08 12:15:38 | 00,439,680 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2005/07/13 09:18:48 | 00,340,704 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2005/11/08 12:15:38 | 00,007,168 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2005/11/08 12:14:46 | 00,143,360 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2008/09/02 08:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2005/11/08 12:14:44 | 00,077,824 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2007/08/20 09:05:02 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH [On_Demand | Stopped])
[2008/09/02 08:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2005/11/08 12:15:22 | 01,095,680 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k [On_Demand | Running])
[2004/08/04 10:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2006/11/15 22:00:56 | 01,678,368 | ---- | M] () -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Stopped])
[2006/11/15 22:02:50 | 01,962,912 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv [On_Demand | Stopped])
[2006/11/11 03:48:00 | 00,040,352 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2007/08/15 06:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\system32\drivers\n558.sys -- (n558 [On_Demand | Stopped])
[2008/11/11 09:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081124.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/11/11 09:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081124.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2008/11/14 21:24:55 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\ndisprot.sys -- (Ndisprot [On_Demand | Stopped])
[2008/10/07 12:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/10/18 21:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NvAtaBus.sys -- (nvatabus [Boot | Running])
[2008/08/18 08:00:00 | 00,029,952 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Running])
[2008/08/01 10:08:28 | 00,036,640 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvflash.sys -- (NVR0FLASHDev [Auto | Running])
[2006/10/18 21:31:46 | 00,089,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
[2001/08/22 07:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2005/11/08 12:14:54 | 00,114,688 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2006/11/11 03:43:49 | 00,487,328 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928 [On_Demand | Running])
[2007/06/01 12:41:00 | 00,018,432 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse [On_Demand | Running])
[2007/05/24 15:56:00 | 00,014,336 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf [On_Demand | Running])
[2004/08/04 10:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/08/05 22:02:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 10:00:00 | 00,059,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2007/10/30 18:05:00 | 00,009,088 | ---- | M] () -- C:\Program Files\RivaTuner v2.06\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Stopped])
[2008/09/02 12:33:22 | 00,100,352 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv [On_Demand | Running])
[2004/08/04 10:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/04/14 01:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/11/18 03:11:06 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/11/30 22:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2007/11/30 22:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2007/11/30 22:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008/10/03 13:14:08 | 00,012,848 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/08/26 19:36:51 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/10/03 13:14:10 | 00,146,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/10/03 13:14:10 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/09/12 07:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20081120.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
[2008/10/03 13:14:10 | 00,035,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/10/03 13:14:10 | 00,027,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/10/03 13:14:10 | 00,187,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2004/08/04 10:00:00 | 00,223,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2004/08/04 10:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2004/08/04 10:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2007/03/29 09:52:20 | 00,057,024 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.gamefaqs.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.gamefaqs.com/

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} (HKLM) -- C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" (Creative Technology Ltd.)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"C:\WINDOWS\system32\kdwgn.exe"=C:\WINDOWS\system32\kdwgn.exe File not found
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" (Creative Technology Ltd)
"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)
"CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" (Logitech Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" (Symantec Corporation)
"PMX Daemon"=ICO.EXE (Primax Electronics Ltd.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
"UpdReg"=C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r (Creative Technology Ltd)
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (NVIDIA)

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (NVIDIA)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (Creative Technology Ltd)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (Creative Technology Ltd)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2008/06/23 13:47:18 | 04,628,752 | ---- | M] (Headlight Software, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight.lnk = C:\Program Files\GetRight\GetRight.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"Homepage"=1

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\Software\policies\microsoft\internet explorer\Control Panel]
"Homepage"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoSMMyPictures"=01 00 00 00 [binary data]
"NoUserNameInStartMenu"= [binary data]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"disableregistrytools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoSMMyPictures"=01 00 00 00 [binary data]
"NoUserNameInStartMenu"= [binary data]

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"disableregistrytools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download with GetRight: C:\Program Files\GetRight\GRDownload.htm [2006/03/29 14:35:12 | 00,000,994 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Open with GetRight Browser: C:\Program Files\GetRight\GRBrowse.htm [2006/03/29 14:35:12 | 00,000,977 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Download with GetRight: C:\Program Files\GetRight\GRDownload.htm [2006/03/29 14:35:12 | 00,000,994 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Open with GetRight Browser: C:\Program Files\GetRight\GRBrowse.htm [2006/03/29 14:35:12 | 00,000,977 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01A88BB1-1174-41EC-ACCB-963509EAE56B}: http://support.euro.dell.com/systemprofiler/SysPro.CAB -- SysProWmi Class
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab -- System Requirements Lab Class
{233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1219798769859 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1219984652437 -- MUWebControl Class
{74DBCB52-F298-4110-951D-AD2FF67BC8AB}: http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab -- NVIDIA Smart Scan
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98}: http://www.yougamers.com/systeminfo/MSC3.cab -- Futuremark Measurement Services Client

========== (O17) DNS Name Servers ==========

{030AEA98-FFA0-406C-87EE-93FA86191D5A} (Servers: | Description: )
{1E5A798A-9A1C-4B84-9CC0-B7AA825B176C} (Servers: 85.255.112.157;85.255.112.183 | Description: )
{39BBB1BC-0D8C-4019-8298-40958750BFD2} (Servers: 85.255.112.157;85.255.112.183 | Description: Broadcom NetXtreme 57xx Gigabit Controller)
{404F68B8-8AD0-4008-BF38-C3EBA449AF03} (Servers: 85.255.112.157;85.255.112.183 | Description: D-Link DWA-556 Xtreme N PCIe Desktop Adapter)
{74640C3F-7941-424B-A704-5758CAEFBF90} (Servers: | Description: )
{8905DB0A-5198-4599-B9B2-18AA076FA01B} (Servers: | Description: 1394 Net Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=kdwgn.exe
>File not found --


========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/08/25 23:17:57 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[autorun] | shellexecute="resycled\boot.com k:" | shell\Open\command="resycled\boot.com k:" | shell=Open | ]
[2008/11/14 21:25:23 | 00,000,103 | RHS- | M] () -- K:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1396bac-af5e-11dd-bf34-001cf0bb43c0}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1396bac-af5e-11dd-bf34-001cf0bb43c0}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1396bac-af5e-11dd-bf34-001cf0bb43c0}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2004/08/04 10:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1396bac-af5e-11dd-bf34-001cf0bb43c0}\Shell\Open\command]
""=K:\resycled\boot.com -- [2008/11/14 21:24:21 | 00,000,000 | RHS- | M] ()

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\*.tmp files]
[2008/11/24 22:05:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob!\Desktop\gmer
[2008/11/24 22:05:06 | 00,000,000 | ---D | C] -- C:\Program Files\ZapGrab
[2008/11/24 21:56:37 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob!\Desktop\OTViewIt.exe
[2008/11/21 22:31:51 | 00,007,734 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2008/11/21 22:31:50 | 00,042,594 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/21 20:52:01 | 00,348,160 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System\msvcr71.dll
[2008/11/19 01:35:58 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/11/18 22:34:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/11/18 02:58:14 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/11/18 00:50:47 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/11/18 00:50:43 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/11/17 22:14:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/11/17 22:14:05 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/11/17 22:04:47 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/11/17 21:46:50 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/11/17 21:02:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/11/17 21:00:59 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/11/17 21:00:59 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2008/11/17 20:59:35 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2008/11/17 20:59:35 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2008/11/17 20:59:35 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2008/11/17 20:59:35 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2008/11/17 20:59:35 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2008/11/17 20:59:35 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2008/11/17 20:59:19 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2008/11/17 20:59:18 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2008/11/17 20:59:18 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2008/11/17 20:59:18 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2008/11/17 20:59:15 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2008/11/17 20:59:14 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2008/11/17 20:59:13 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2008/11/17 20:59:13 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2008/11/17 20:59:13 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2008/11/17 20:59:13 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2008/11/17 20:59:13 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2008/11/17 20:59:12 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2008/11/17 20:59:12 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2008/11/17 20:59:09 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2008/11/17 20:59:09 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2008/11/17 20:59:08 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2008/11/17 20:59:08 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2008/11/17 20:59:08 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2008/11/17 20:59:08 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2008/11/17 20:59:08 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2008/11/17 20:59:08 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2008/11/17 20:59:08 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/11/17 20:59:08 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2008/11/17 20:59:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2008/11/17 20:59:07 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2008/11/17 20:59:07 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2008/11/17 20:59:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2008/11/17 20:59:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2008/11/17 20:59:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2008/11/17 20:59:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2008/11/17 20:59:07 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2008/11/17 20:59:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2008/11/17 20:59:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2008/11/17 20:59:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2008/11/17 20:59:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2008/11/17 20:59:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2008/11/17 20:59:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2008/11/17 20:59:07 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2008/11/17 20:59:07 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/11/17 20:59:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/11/17 20:59:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/11/17 20:59:06 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2008/11/17 20:59:06 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2008/11/17 20:59:06 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2008/11/17 20:59:06 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2008/11/17 20:59:03 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2008/11/17 20:59:03 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2008/11/17 20:59:03 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2008/11/17 20:59:03 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2008/11/17 20:59:03 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2008/11/17 20:59:03 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2008/11/17 20:59:03 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2008/11/17 20:59:02 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2008/11/17 20:59:00 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2008/11/17 20:58:59 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2008/11/17 20:58:59 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2008/11/17 20:58:58 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2008/11/17 20:58:58 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2008/11/17 20:58:58 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2008/11/17 20:58:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2008/11/17 20:58:57 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2008/11/17 20:58:57 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2008/11/17 20:58:57 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2008/11/17 20:58:50 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2008/11/17 20:58:46 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2008/11/17 20:58:42 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2008/11/17 20:58:41 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2008/11/17 20:58:41 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2008/11/17 20:58:40 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2008/11/17 20:58:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2008/11/17 20:58:39 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2008/11/17 20:58:36 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2008/11/17 20:58:35 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2008/11/17 20:58:34 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2008/11/17 20:58:28 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2008/11/17 20:58:27 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2008/11/17 20:58:27 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2008/11/17 20:58:27 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2008/11/17 20:58:27 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2008/11/17 20:58:26 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2008/11/17 20:58:26 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2008/11/17 20:58:26 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2008/11/17 20:58:25 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2008/11/17 20:58:25 | 00,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2008/11/17 20:58:25 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2008/11/17 20:58:25 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2008/11/17 20:58:25 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2008/11/17 20:58:25 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2008/11/17 20:58:25 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2008/11/17 20:58:25 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2008/11/17 20:58:25 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2008/11/17 20:58:25 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2008/11/17 20:58:25 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2008/11/17 20:58:25 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2008/11/17 20:58:25 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2008/11/17 20:58:25 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2008/11/17 20:58:25 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2008/11/17 20:58:25 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2008/11/17 20:58:25 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2008/11/17 20:58:25 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2008/11/17 20:58:25 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2008/11/17 20:58:24 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2008/11/17 20:58:24 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2008/11/17 20:58:23 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2008/11/17 20:58:23 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2008/11/17 20:58:23 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2008/11/17 20:58:23 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2008/11/17 20:58:23 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2008/11/17 20:58:23 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2008/11/17 20:58:23 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2008/11/17 20:58:16 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2008/11/17 20:58:15 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2008/11/17 20:58:15 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2008/11/17 20:58:14 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2008/11/17 20:58:14 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2008/11/17 20:58:14 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2008/11/17 20:58:14 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2008/11/17 20:58:14 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2008/11/17 20:58:14 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2008/11/17 20:58:13 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2008/11/17 20:58:13 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2008/11/17 20:58:13 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2008/11/17 20:58:13 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2008/11/17 20:58:13 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2008/11/17 20:58:13 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2008/11/17 20:58:13 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2008/11/17 20:58:12 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2008/11/17 20:58:08 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2008/11/17 20:58:08 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2008/11/17 20:58:08 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2008/11/17 20:57:55 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2008/11/17 20:57:28 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2008/11/17 20:56:10 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2008/11/17 20:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2008/11/17 20:54:41 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2008/11/17 20:54:28 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2008/11/17 20:54:28 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2008/11/17 20:49:08 | 00,201,157 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2008/11/17 20:46:53 | 00,134,656 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\System32\ctdvinst.dll
[2008/11/17 20:29:52 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/11/17 20:29:52 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2008/11/17 20:29:52 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/11/17 20:29:52 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2008/11/17 20:29:45 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2008/11/17 20:29:45 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2008/11/17 20:29:45 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2008/11/17 20:29:45 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/11/17 20:29:45 | 00,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2008/11/17 20:29:45 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2008/11/17 20:29:45 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2008/11/17 20:29:45 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2008/11/17 20:29:45 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2008/11/17 20:29:45 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2008/11/17 20:29:45 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2008/11/17 20:29:45 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2008/11/17 20:29:45 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2008/11/17 20:29:45 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2008/11/17 20:29:45 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2008/11/17 20:29:45 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/11/17 20:29:45 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/11/17 20:29:45 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2008/11/16 21:27:52 | 00,007,680 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\All Users\Documents\Thumbs.db:encryptable
[2008/11/15 22:14:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob!\Application Data\Ahead
[2008/11/15 03:41:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob!\Desktop\Problems
[2008/11/15 03:32:00 | 00,000,000 | RHSD | C] -- C:\Vault
[2008/11/14 21:24:55 | 00,027,904 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/11/14 21:24:22 | 00,000,000 | RHSD | C] -- C:\resycled
[2008/11/14 20:57:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob!\Local Settings\Application Data\ABBYY
[2008/11/07 23:34:44 | 00,000,512 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Shared Documents (Mum).lnk
[2008/10/28 22:36:00 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2008/10/28 22:36:00 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2008/10/28 22:35:58 | 00,815,104 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/10/28 22:35:58 | 00,802,816 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/10/28 22:35:56 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2008/10/28 22:35:50 | 00,729,088 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2008/11/24 21:56:43 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob!\Desktop\OTViewIt.exe
[2008/11/24 20:38:11 | 00,604,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/24 20:38:11 | 00,501,672 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/24 20:38:11 | 00,090,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/24 20:37:11 | 00,195,459 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/11/24 20:37:04 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/24 20:31:31 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/11/24 20:28:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/24 20:28:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/24 04:43:35 | 00,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2008/11/24 04:43:35 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/11/24 04:43:35 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/11/24 04:43:34 | 00,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2008/11/24 04:43:34 | 00,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2008/11/24 04:18:14 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/24 04:17:54 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\Bob!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 22:14:04 | 00,000,973 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/11/21 22:14:04 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/21 22:14:04 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/11/20 20:45:45 | 00,002,506 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2008/11/20 20:25:01 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2008/11/19 01:36:19 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/19 01:35:45 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/11/19 01:35:45 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/11/19 01:34:36 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/11/18 03:11:06 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/17 23:00:42 | 00,000,512 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Shared Documents (Mum).lnk
[2008/11/17 21:04:57 | 00,091,912 | ---- | M] () -- C:\Documents and Settings\Bob!\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/17 21:04:27 | 01,646,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/17 21:00:56 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/11/17 20:57:30 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/11/17 20:57:10 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/17 20:55:11 | 00,027,632 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/17 20:29:48 | 00,000,132 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/11/17 20:29:48 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/11/17 19:33:47 | 00,000,506 | ---- | M] () -- C:\Documents and Settings\Bob!\My Documents\Shared Documents.lnk
[2008/11/17 18:15:12 | 00,610,985 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2008/11/16 21:28:41 | 00,007,680 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\All Users\Documents\Thumbs.db:encryptable
[2008/11/15 21:24:17 | 00,030,720 | -HS- | M] () -- C:\Documents and Settings\Bob!\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Bob!\Desktop\Thumbs.db:encryptable
[2008/11/15 17:10:14 | 00,131,066 | ---- | M] () -- C:\WINDOWS\System32\DellPM.ini
[2008/11/14 21:24:55 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/11/08 17:19:48 | 04,849,158 | -H-- | M] () -- C:\Documents and Settings\Bob!\Local Settings\Application Data\IconCache.db
[2008/11/04 00:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/28 22:36:00 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2008/10/28 22:36:00 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2008/10/28 22:35:58 | 00,815,104 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/10/28 22:35:58 | 00,802,816 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/10/28 22:35:56 | 00,684,032 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2008/10/28 22:35:50 | 00,729,088 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax
< End of report >


OTViewIt Log 2 - Extras.txt:

OTViewIt Extras logfile created on: 24/11/2008 23:52:54 - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Bob!\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.54% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.22% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 928.16 Gb Total Space | 716.25 Gb Free Space | 77.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7.46 Gb Total Space | 6.83 Gb Free Space | 91.52% Space Free | Partition Type: NTFS

Computer Name: BOBSBEAST
Current User Name: Bob!
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 10:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 10:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
File not found -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/04/23 14:46:32 | 26,150,480 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9
[2008/04/16 16:35:22 | 25,667,160 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10
[2008/02/22 10:08:44 | 00,619,144 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update
[2008/07/29 16:03:02 | 09,721,088 | ---- | M] (Gas Powered Games) -- C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander
[2005/09/16 09:00:18 | 06,448,640 | ---- | M] (Gas Powered Games) -- C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable
[2007/08/07 16:22:12 | 09,710,464 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III
[2007/08/07 08:22:10 | 09,684,872 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs
[2008/03/21 13:46:14 | 09,725,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties
[2008/08/12 17:19:02 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll File not found
NameSpace_Catalog5\Catalog_Entries\000000000002 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [PNRP Cloud Namespace Provider] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [PNRP Name Namespace Provider] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 08:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/12 17:19:02 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}"=Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0931965F-6956-4AAA-AEC9-0D3BF28488F8}"=MSDN Library - January 2006
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1"=Driver Sweeper 1.5.5
"{0ED47137-C071-46CC-A243-E5E33271E10E}"=Windows Live Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}"=Dell Picture Studio - Dell Image Expert
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}"=Microsoft FrontPage Client - English
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}"=Sound Blaster X-Fi
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}"=Microsoft Visual J# .NET Redistributable Package 1.1
"{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}"=Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}"=Adobe Extension Manager CS3
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}"=Rome - Total War - Gold Edition
"{2F353D44-73BB-4971-B31D-F7642E9E9531}"=Macromedia Flash MX 2004
"{31D95937-B237-405D-920C-A3EF4E482395}"=Supreme Commander - Forged Alliance
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}"=Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}"=MVision
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}"=Adobe Setup
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}"=ccCommon
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1"=Classic Menu 3.x for Office 2007
"{448E2D77-E504-4221-B2C2-93646B344729}"=Mouse Suite for Desktop Computers
"{48185814-A224-447A-81DA-71BD20580E1B}"=Norton Internet Security
"{4837718C-5B6E-4496-B283-FFFB5A937825}"=ABBYY PDF Transformer 1.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}"=Norton Internet Security
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5DE1B7CF-7429-40CA-987F-6BEE09B63787}"=Prime95
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{65183D0F-C0DC-4D38-AD9F-C4C5A1CC931A}"=Symantec Real Time Storage Protection Component
"{68A35043-C55A-4237-88C9-37EE1C63ED71}"=Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6C1804BC-094F-431A-BEA5-37A837958029}"=Rome - Total War - Alexander
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6F69C969-2942-4E7B-B594-75B37664B8BA}"=NVIDIA System Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}"=Age of Empires III
"{75983B66-804C-40D1-BA13-64DAF652A6F1}"=Medieval II Total War : Kingdoms : Americas
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}"=Medieval II Total War : Kingdoms : Teutonic
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}"=Camtasia Studio 5
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA Performance
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}"=3DMark06
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{830D8CBD-C668-49e2-A969-C2C2106332E0}"=Norton AntiVirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}"=Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8ED2ECA4-4921-4A06-A8AA-FC7992252B5B}"=SymNet
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-0026-0000-0000-0000000FF1CE}"=Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}"=Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}"=Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{DA3B8FC6-8B1D-447A-A5EE-B226DCC10662}"=Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}"=Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{939740B5-0064-4779-854A-8C1086181C05}"=Macromedia FreeHand MXa
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}"=Norton Protection Center
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5}"=Enter The Matrix
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}"=Dungeon Siege 2 Broken World
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager
"{A7E07C2B-2220-4415-87E3-784D5814BC93}"=NVIDIA PhysX v8.09.04
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}"=Spelling Dictionaries Support For Adobe Reader 9
"{ADE4E72B-35C4-41DD-99B7-A30722FF01A4}"=PhoeniX WorX Client
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}"=MSRedist
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BEF726DD-4037-4214-8C6A-E625C02D2870}"=Logitech Audio Echo Cancellation Component
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}"=Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2
"{C194D333-B84A-4BB7-B35E-060732D98DC4}"=GPGNet
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}"=Age of Empires III - The Asian Dynasties
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}"=Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}"=Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}"=32 bit Windows Card Reader Driver
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}"=Medieval II Total War : Kingdoms : Britannia
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}"=Broadcom Gigabit Integrated Controller
"{D45EC259-4A19-4656-B588-C2C360DD18EA}"=Half-Life® 2
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}"=Visual Studio.NET Baseline - English
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E05F0409-0E9A-48A1-AC04-E35E3033604A}"=Visual Studio .NET Enterprise Architect 2003 - English
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton Internet Security
"{E583ED6F-BD99-4066-A420-C815BF692B69}"=Macromedia Fireworks MX 2004
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton Internet Security
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}"=NVIDIA System Monitor
"{EA516024-D84D-41F1-814F-83175A6188F2}"=Logitech Video Enumerator
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}"=Adobe Dreamweaver CS3
"{F4DB525F-A986-4249-B98B-42A8066251CA}"=AV
"{F95B340A-67A5-419C-843B-949406A357D2}"=MSDN Library - October 2003
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}"=User Profile Hive Cleanup Service
"0000CustomCampaignMod2_is1"=Medieval II - Custom Campaign Mod 2
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_435a6af7459cb02a9c1138113a26e93"=Adobe Dreamweaver CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Age of Empires 2.0"=Microsoft Age of Empires II
"Age of Empires Gold 1.0"=Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0"=Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0"=Age of Mythology
"Age of Mythology Expansion Pack 1.0"=Age of Mythology - The Titans Expansion
"ATITool"=ATITool Overclocking Utility
"Audacity_is1"=Audacity 1.2.6
"BitTornado"=BitTornado 0.3.17
"BlueJ_is1"=BlueJ 1.3.5
"BT Yahoo! Applications"=BT Yahoo! Applications
"CCleaner"=CCleaner (remove only)
"Dark Reign 2"=Dark Reign 2
"Driver Cleaner Pro"=DH Driver Cleaner Professional Edition
"Dungeon Siege Legends of Aranna 1.0"=Dungeon Siege Legends of Aranna
"Dungeon Siege Legends of Aranna Bonus Pack 1.0"=Dungeon Siege Legends of Aranna Bonus Pack
"Dungeon Siege: Yesterhaven"=Dungeon Siege: Yesterhaven
"DungeonSiege2"=Dungeon Siege 2
"File Shredder_is1"=File Shredder 2.0
"GameSpy Arcade"=GameSpy Arcade
"GetRight_is1"=GetRight
"GoldWave v5.25"=GoldWave v5.25
"Ground Control"=Ground Control
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}"=NVIDIA System Update
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}"=Age of Empires III
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA Performance
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}"=Age of Empires III - The Asian Dynasties
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}"=NVIDIA System Monitor
"Java Media Framework 2.1.1e"=Java Media Framework 2.1.1e
"JCreator LE_is1"=JCreator LE 3.10
"Jeff Wayne's 'The War Of The Worlds'"=Jeff Wayne's 'The War Of The Worlds'
"jGRASP"=jGRASP
"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)
"Measurement Services Client"=Futuremark Measurement Services Client
"MechCommander2 1.0"=Microsoft MechCommander 2
"MechWarrior Black Knight"=MechWarrior Black Knight
"MechWarrior Vengeance"=MechWarrior Vengeance
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package"=Microsoft Visual J# 2.0 Redistributable Package
"mIRC"=mIRC
"Mozilla Firefox (3.0.1)"=Mozilla Firefox (3.0.1)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"QcDrv"=Logitech® Camera Driver
"RealPlayer 6.0"=RealPlayer
"Registry Mechanic_is1"=Registry Mechanic 8.0
"RivaTuner"=RivaTuner v2.06
"Sandboxie"=Sandboxie 3.30
"Shockwave"=Shockwave
"Shogun Total War - Warlord Edition"=Shogun - Total War - Warlord Edition
"Sierra Utilities"=Sierra Utilities
"SpywareBlaster_is1"=SpywareBlaster 4.1
"Steam App 10"=Counter-Strike
"Steam App 130"=Half-Life: Blue Shift
"Steam App 17500"=Zombie Panic! Source
"Steam App 17510"=Age of Chivalry
"Steam App 17520"=Synergy
"Steam App 17530"=D.I.P.R.I.P. Warm Up
"Steam App 17700"=Insurgency
"Steam App 20"=Team Fortress Classic
"Steam App 220"=Half-Life 2
"Steam App 280"=Half-Life: Source
"Steam App 30"=Day of Defeat
"Steam App 300"=Day of Defeat: Source
"Steam App 320"=Half-Life 2: Deathmatch
"Steam App 340"=Half-Life 2: Lost Coast
"Steam App 3482"=Peggle Deluxe Demo
"Steam App 3483"=Peggle Extreme
"Steam App 360"=Half-Life Deathmatch: Source
"Steam App 380"=Half-Life 2: Episode One
"Steam App 40"=Deathmatch Classic
"Steam App 400"=Portal
"Steam App 420"=Half-Life 2: Episode Two
"Steam App 440"=Team Fortress 2
"Steam App 50"=Opposing Force
"Steam App 60"=Ricochet
"Swat2"=Police Quest: SWAT2
"SystemRequirementsLab"=System Requirements Lab
"TAE Version 1"=TAE Version 1
"Total Annihilation"=Total Annihilation
"Total Annihilation - Battle Tactics"=Total Annihilation - Battle Tactics
"Total Annihilation - Core Contingency"=Total Annihilation - Core Contingency
"Tweak UI 2.10"=Tweak UI
"ULTIMATER"=Microsoft Office Ultimate 2007
"Visual Studio .NET Enterprise Architect 2003 - English"=Microsoft Visual Studio .NET Enterprise Architect 2003 - English
"War of the Ring"=War of the Ring™
"WebDesigner"=Microsoft Expression Web
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions"=Adobe Digital Editions
"jEdit 4.0"=jEdit Version 4.0
"rosecppd"=Rational Rose C++ Demo 4.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions"=Adobe Digital Editions
"jEdit 4.0"=jEdit Version 4.0
"rosecppd"=Rational Rose C++ Demo 4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/11/2008 16:57:11 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application cocimanager.exe, version 10.4.0.1401, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00043345.

Error - 21/11/2008 17:07:03 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application cocimanager.exe, version 10.4.0.1401, faulting
module cocimanager.exe, version 10.4.0.1401, fault address 0x0000f6e0.

Error - 21/11/2008 17:07:08 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application cocimanager.exe, version 10.4.0.1401, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00043345.

Error - 21/11/2008 17:44:07 | Computer Name = BOBSBEAST | Source = Application Hang | ID = 1002
Description = Hanging application quickcamENU.exe, version 11.80.1065.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/11/2008 17:54:54 | Computer Name = BOBSBEAST | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/11/2008 20:43:55 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module
msidcrl40.dll, version 5.0.742.2, fault address 0x000beeb0.

Error - 21/11/2008 22:14:28 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module
msidcrl40.dll, version 5.0.742.2, fault address 0x000beeb0.

Error - 23/11/2008 13:47:57 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 2.4.2416.0, faulting module
unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 23/11/2008 14:59:31 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 2.4.2416.0, faulting module
unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 23/11/2008 22:16:39 | Computer Name = BOBSBEAST | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8227.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 21/11/2008 16:57:11 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application cocimanager.exe, version 10.4.0.1401, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00043345.

Error - 21/11/2008 17:07:03 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application cocimanager.exe, version 10.4.0.1401, faulting
module cocimanager.exe, version 10.4.0.1401, fault address 0x0000f6e0.

Error - 21/11/2008 17:07:08 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application cocimanager.exe, version 10.4.0.1401, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00043345.

Error - 21/11/2008 17:44:07 | Computer Name = BOBSBEAST | Source = Application Hang | ID = 1002
Description = Hanging application quickcamENU.exe, version 11.80.1065.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/11/2008 17:54:54 | Computer Name = BOBSBEAST | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/11/2008 20:43:55 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module
msidcrl40.dll, version 5.0.742.2, fault address 0x000beeb0.

Error - 21/11/2008 22:14:28 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module
msidcrl40.dll, version 5.0.742.2, fault address 0x000beeb0.

Error - 23/11/2008 13:47:57 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 2.4.2416.0, faulting module
unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 23/11/2008 14:59:31 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 2.4.2416.0, faulting module
unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 23/11/2008 22:16:39 | Computer Name = BOBSBEAST | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8227.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 17/11/2008 17:51:02 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17/11/2008 17:52:19 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17/11/2008 17:54:19 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17/11/2008 17:54:26 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17/11/2008 17:55:28 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17/11/2008 17:55:42 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 17/11/2008 17:56:39 | Computer Name = BOBSBEAST | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 17/11/2008 17:58:07 | Computer Name = BOBSBEAST | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 17/11/2008 18:07:58 | Computer Name = BOBSBEAST | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 17/11/2008 18:08:29 | Computer Name = BOBSBEAST | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd


< End of report >

Edited by Bob!, 24 November 2008 - 07:54 PM.


#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 24 November 2008 - 07:53 PM

Hello Bob.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run.

To disable Norton Antivirus.
  • Right click on thr Norton icon (Posted Image) beside your click and select Disable Auto-Protect.
  • Select a disabled duration of 5 hours to ensure that it will not interfere with this fix.
  • Click OK to apply the settings.
When done properly, you should recieve a pop-up warning saying that protection was disabled. The Norton icon should now look like Posted Image.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
--
Try running GMER again. If it still doesn't work, run BlackLight.

Download and Run F-Secure Blacklight
  • Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found.
    Do not choose to rename any yet!
  • Exit Blacklight and post the contents of the log in your next reply.

Please post back with:
-the ComboFix log
-the GMER/F-Secure log

With Regards,
The Panda

#8 Bob!

Bob!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 24 November 2008 - 09:37 PM

Thanks dude, mostly good news, Combofix seems to have nuked it, and Gmer now worked. :D

I'll try to summarise.

The Good:
  • Gmer worked fine this time, no crash.
  • Microsoft update SEEMS to load. (not fully ran it yet though)
  • Crap Cleaner Analyses ok. (Previously crashed when analysing. Not told it to clean yet)
  • Kaspersky scan LOADS. (Previously crashed on load. Not scanned with it yet.)
  • Registry Mechanic Auto Update now works. (Didn't before)
  • No more Viagra Ads where normal ones should be.
  • No google redirects observed. Registry key/DNS settings not there now. (Now set to Automatic)
  • Microsoft Download no longer redirected, tested with IE7 download.
  • USB works normally with double click, no recycler error, combofix looked like it nuked that. (Check bad section though regarding autoplay)
  • System Seems stable.
The Bad:
  • USB and CDs now no longer autoplay, even though its set to prompt.
  • Windows Media still has the FaroLatino thing in right click menu and "online stores" section, (mentioned in second post)
  • System Event log still not working. (mentioned in first post)
  • Security Centre Service in control panel not active. (could be because not ran windows update yet)
  • ComboFix wouldn't download the recovery console. (probably cause MS download was severed at the time)
  • ComboFix removed a bit too much, such as a couple of my security/utility programs, however I can see what it removed in the log and I have seperate backups of the items I know are legit so I can easily restore those later.
Things are looking good, however I understand we still need to make sure the system is fully clean and working properly, as well as address "The Bad" section. I believe some of these could possibly be fixed by running windows update, but I think it would be best to do another XP Repair Reinstall from my disk again to fully reset the core files before that, and only after the other parts are sorted.

I also have a "Qoobox" folder in my C: drive now, I assume thats Combofix's backup of things it removed, as said I have seperate backups so I don't need this. I've left it for now, so let me know when I can delete it please.

Also as well as addressing the above issues, can ya tell me where to donwload the recovery console without having to run Combofix again please? Since it didn't work before that as stated in the bad section.

I also didn't run the Fsecure blacklight program since gmer worked, however I still have it on my desktop if needed. Anyways, onto the logs:


ComboFix Log:

ComboFix 08-11-23.02 - Bob! 2008-11-25 1:13:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1606 [GMT 0:00]
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\documents and settings\Bob!\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\security tools
c:\program files\security tools\ComboFix.exe
c:\program files\security tools\OpenWithAdd.exe
c:\program files\security tools\StartupList.exe
c:\program files\security tools\VundoFix.exe
C:\resycled
c:\resycled\boot.com
c:\windows\jestertb.dll
c:\windows\system32\Cache
c:\windows\system32\kdwgn.exe
K:\autorun.inf
K:\resycled
k:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-24 23:54 . 2008-11-25 00:12 345 --a------ c:\windows\gmer.ini
2008-11-24 22:05 . 2008-11-24 22:06 <DIR> d-------- c:\program files\ZapGrab
2008-11-24 21:26 . 2008-11-24 21:26 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-21 22:31 . 2006-11-11 03:47 527,136 -ra------ c:\windows\system32\LVUI2RC.dll
2008-11-21 22:31 . 2006-11-11 03:43 487,328 -ra------ c:\windows\system32\drivers\LV561AV.SYS
2008-11-21 22:31 . 2006-11-11 03:44 264,992 -ra------ c:\windows\system32\lvcodec2.dll
2008-11-21 22:31 . 2006-11-11 03:47 211,744 -ra------ c:\windows\system32\LVUI2.dll
2008-11-21 22:31 . 2006-11-11 03:45 121,632 -ra------ c:\windows\system32\lvcoinst.dll
2008-11-21 22:31 . 2006-11-11 02:31 42,594 -ra------ c:\windows\system32\lvcoinst.ini
2008-11-21 22:31 . 2006-11-11 03:48 40,352 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2008-11-21 22:31 . 2006-11-11 02:30 7,734 -ra------ c:\windows\system32\Repository.reg
2008-11-21 20:52 . 2003-02-21 12:42 348,160 -ra------ c:\windows\system\msvcr71.dll
2008-11-18 22:34 . 2008-11-18 22:34 <DIR> d--h----- c:\windows\PIF
2008-11-18 02:58 . 2008-11-18 03:04 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-18 00:50 . 2008-11-18 00:50 <DIR> d-------- c:\program files\Panda Security
2008-11-18 00:50 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-17 22:04 . 2008-11-19 01:36 1,393 --a------ c:\windows\imsins.BAK
2008-11-17 21:46 . 2008-11-17 21:46 <DIR> d-------- c:\program files\CCleaner
2008-11-17 21:00 . 2008-11-25 01:18 1,080 --a------ c:\windows\system32\settingsbkup.sfm
2008-11-17 21:00 . 2008-11-25 01:18 1,080 --a------ c:\windows\system32\settings.sfm
2008-11-17 20:58 . 2004-08-04 10:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2008-11-17 20:57 . 2004-08-04 10:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-17 20:56 . 2008-11-17 20:56 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-17 20:56 . 2008-11-17 20:56 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-17 20:56 . 2008-11-17 20:56 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-17 20:56 . 2008-11-17 20:56 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-11-17 20:56 . 2008-11-17 20:56 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-17 20:56 . 2008-11-17 20:56 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-17 20:54 . 2004-08-04 10:00 125,952 --a--c--- c:\windows\system32\dllcache\ftpsv251.dll
2008-11-17 20:54 . 2004-08-04 10:00 7,680 --a--c--- c:\windows\system32\dllcache\inetmgr.exe
2008-11-17 20:54 . 2004-08-04 10:00 6,144 --a--c--- c:\windows\system32\dllcache\ftpmib.dll
2008-11-17 20:49 . 2008-10-07 12:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-11-17 20:46 . 2005-11-08 12:42 134,656 --a------ c:\windows\system32\ctdvinst.dll
2008-11-15 22:14 . 2008-11-15 22:14 <DIR> d-------- c:\documents and settings\Bob!\Application Data\Ahead
2008-11-15 03:32 . 2008-11-15 03:32 <DIR> dr-hs---- C:\Vault
2008-11-14 21:24 . 2008-11-14 21:24 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-10-28 22:36 . 2008-10-28 22:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 . 2008-10-28 22:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 . 2008-10-28 22:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 . 2008-10-28 22:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 . 2008-10-28 22:35 729,088 --a------ c:\windows\system32\divxdec.ax
2008-10-28 22:35 . 2008-10-28 22:35 684,032 --a------ c:\windows\system32\DivX.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 01:09 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-25 01:07 --------- d-----w c:\documents and settings\Bob!\Application Data\GetRight
2008-11-25 00:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-24 23:38 --------- d-----r c:\program files\Steam
2008-11-24 21:26 --------- d-----w c:\program files\Java
2008-11-23 21:48 --------- d-----r c:\program files\World of Warcraft
2008-11-21 22:19 --------- d-----w c:\program files\Common Files\Logitech
2008-11-21 22:06 --------- d-----w c:\program files\Common Files\LogiShrd
2008-11-18 03:25 --------- d-----w c:\program files\Dell Computer
2008-11-18 03:11 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-17 22:14 --------- d-----w c:\program files\MSECACHE
2008-11-16 19:57 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2008-11-15 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-14 20:35 --------- d-----w c:\program files\Common Files\Adobe
2008-11-13 01:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-12 06:26 --------- d-----w c:\program files\DivX
2008-11-01 15:59 --------- d-----w c:\documents and settings\Bob!\Application Data\Skype
2008-10-22 19:29 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 15:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-17 15:18 --------- d-----w c:\program files\NVIDIA Corporation
2008-10-17 15:11 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-10-17 15:09 --------- d-----w c:\program files\AGEIA Technologies
2008-10-17 15:08 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-16 21:23 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-16 21:23 286,720 ----a-w c:\windows\Setup1.exe
2008-10-15 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-13 02:51 --------- d-----w c:\program files\GameSpy Arcade
2008-10-11 03:07 --------- d-----w c:\program files\MSXML 4.0
2008-10-10 23:46 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-10 23:30 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
2008-10-10 23:19 --------- d-----r c:\program files\Microsoft Games
2008-10-08 19:54 --------- d-----w c:\program files\Real
2008-10-08 19:54 --------- d-----w c:\program files\Common Files\xing shared
2008-10-08 19:54 --------- d-----w c:\program files\Common Files\Real
2008-10-08 17:23 --------- d-----r c:\program files\SEGA
2008-10-08 00:02 --------- d-----w c:\program files\Rational
2008-10-07 23:08 6,688 ----a-w c:\windows\movexe.exe
2008-10-07 20:21 --------- d-----w c:\program files\Sun
2008-10-07 12:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-10-04 19:49 --------- d-----r c:\program files\The Creative Assembly
2008-10-04 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-10-04 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-03 13:14 39,984 ----a-w c:\windows\system32\drivers\symids.sys
2008-10-03 13:14 37,936 ----a-w c:\windows\system32\drivers\symndisv.sys
2008-10-03 13:14 35,120 ----a-w c:\windows\system32\drivers\symndis.sys
2008-10-03 13:14 27,696 ----a-w c:\windows\system32\drivers\symredrv.sys
2008-10-03 13:14 187,952 ----a-w c:\windows\system32\drivers\symtdi.sys
2008-10-03 13:14 146,096 ----a-w c:\windows\system32\drivers\symfw.sys
2008-10-03 13:14 12,848 ----a-w c:\windows\system32\drivers\symdns.sys
2008-10-03 13:14 10,804 ----a-w c:\windows\system32\drivers\SymRedir.cat
2008-10-03 13:14 1,358 ----a-w c:\windows\system32\drivers\SymRedir.inf
2008-09-27 00:11 --------- d-----r c:\program files\Liquid Entertainment
2008-09-26 23:53 --------- d-----r c:\program files\Sierra
2008-09-26 23:51 --------- d-----w c:\program files\Sierra On-Line
2008-09-26 21:27 --------- d-----r c:\program files\Jeff Wayne's 'The War Of The Worlds'
2008-09-26 20:28 --------- d-----r c:\program files\Guild Wars
2008-09-26 20:24 --------- d-----r c:\program files\Dark Reign 2
2008-09-25 00:14 --------- d-----r c:\program files\Emulators
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-09-21 137216]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\progra~1\Symantec\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"CTHelper"="CTHELPER.EXE" [2005-11-08 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-08 c:\windows\system32\CTXFIHLP.EXE]
"PMX Daemon"="ICO.EXE" [2007-08-09 c:\windows\system32\ico.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 c:\windows\MIDIDEF.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2008-08-27 4628752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-18 28544]
R2 NVR0FLASHDev;NVR0FLASHDev;\??\c:\windows\nvflash.sys [2008-08-01 36640]
R2 UpdateCenterService;Update Center Service;c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [2008-08-01 114688]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2005-11-08 1095680]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\DRIVERS\pmxmouse.sys [2008-08-26 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\DRIVERS\pmxusblf.sys [2008-08-26 14336]
R3 SbieDrv;SbieDrv;\??\c:\program files\Sandboxie\SbieDrv.sys [2008-09-02 100352]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-09-12 57024]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-14 27904]
S3 p2pgasvc;Peer Networking Group Authentication;c:\windows\system32\svchost.exe -k p2psvc [2004-08-04 14336]
S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\system32\svchost.exe -k p2psvc [2004-08-04 14336]
S3 p2psvc;Peer Networking;c:\windows\system32\svchost.exe -k p2psvc [2004-08-04 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;c:\windows\system32\svchost.exe -k p2psvc [2004-08-04 14336]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2008-11-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-c:\windows\system32\kdwgn.exe - c:\windows\system32\kdwgn.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Bob!\Application Data\Mozilla\Firefox\Profiles\wxzqgfuj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gamefaqs.com/
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 01:19:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\rsaenh.dll
c:\windows\system32\WgaLogon.dll

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\acs.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\pmxmiced.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-11-25 1:24:20 - machine was rebooted [Bob!]
ComboFix-quarantined-files.txt 2008-11-25 01:24:17

Pre-Run: 768,919,130,112 bytes free
Post-Run: 769,458,327,552 bytes free

278 --- E O F --- 2008-11-13 01:57:26


Gmer Log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-25 01:46:55
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 8823F9E8 ZwAlertResumeThread
SSDT 882404C0 ZwAlertThread
SSDT 8827E420 ZwAllocateVirtualMemory
SSDT 88AFA318 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA98F2EB0]
SSDT 889CD0C0 ZwCreateMutant
SSDT 8823F658 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA98F3130]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA98F3690]
SSDT spgt.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spgt.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT 8826B920 ZwFreeVirtualMemory
SSDT 88EC11C0 ZwImpersonateAnonymousToken
SSDT 88284ED8 ZwImpersonateThread
SSDT 88240B28 ZwMapViewOfSection
SSDT 8826CEA0 ZwOpenEvent
SSDT spgt.sys ZwOpenKey [0xBA6A80C0]
SSDT 88288B68 ZwOpenProcessToken
SSDT 88AA8008 ZwOpenThreadToken
SSDT spgt.sys ZwQueryKey [0xBA6C7108]
SSDT spgt.sys ZwQueryValueKey [0xBA6C6F88]
SSDT 88AA8188 ZwResumeThread
SSDT 88283B70 ZwSetContextThread
SSDT 8826C308 ZwSetInformationProcess
SSDT 88AA8070 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA98F38E0]
SSDT 88254210 ZwSuspendProcess
SSDT 88240EA0 ZwSuspendThread
SSDT 882895A0 ZwTerminateProcess
SSDT 8827CD98 ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA674F6D0]
SSDT 88288BA0 ZwUnmapViewOfSection
SSDT 8826B9B0 ZwWriteVirtualMemory

INT 0x63 ? 8A5C9BF8
INT 0x73 ? 8A5C9BF8
INT 0x84 ? 8A552BF8
INT 0xB4 ? 8A5C9BF8

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CFE 80503912 2 Bytes [ 26, 88 ]
? spgt.sys The system cannot find the file specified. !
? Combo-Fix.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B8EE062C 5 Bytes JMP 8A5521D8
.text win32k.sys!EngAcquireSemaphore + 16AA BF808524 5 Bytes JMP 89B1B4D0
.text win32k.sys!EngFreeUserMem + 423C BF80F617 5 Bytes JMP 89B1B430
.text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP 89B1B6B0
.text win32k.sys!EngStrokePath + 70B2 BF880DD8 5 Bytes JMP 89B1B750
.text win32k.sys!EngGradientFill + 4E4E BF8CEEE5 5 Bytes JMP 89B1B7F0
.text win32k.sys!FONTOBJ_pxoGetXform + 77F BF8FAF06 5 Bytes JMP 89B1B610
.text win32k.sys!FONTOBJ_pxoGetXform + 230B BF8FCA92 5 Bytes JMP 89B1B570
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spgt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spgt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spgt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spgt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spgt.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A5511F8
Device \Driver\usbstor \Device\0000008f 882033F8

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{404F68B8-8AD0-4008-BF38-C3EBA449AF03} 882851F8
Device \Driver\usbohci \Device\USBPDO-0 8A3E81F8
Device \Driver\usbehci \Device\USBPDO-1 8A3311F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5CA1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5CA1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5CA1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5CA1F8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5541F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5541F8
Device \Driver\Cdrom \Device\CdRom0 8A3221F8
Device \Driver\usbstor \Device\000000a4 882033F8
Device \Driver\Cdrom \Device\CdRom1 8A3221F8
Device \Driver\usbstor \Device\000000a5 882033F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5541F8
Device \Driver\atapi \Device\Ide\IdePort0 8A5531F8
Device \Driver\atapi \Device\Ide\IdePort1 8A5531F8
Device \Driver\usbstor \Device\00000090 882033F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 882851F8
Device \Driver\usbstor \Device\00000091 882033F8
Device \Driver\NetBT \Device\NetbiosSmb 882851F8
Device \Driver\usbstor \Device\00000092 882033F8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbohci \Device\USBFDO-0 8A3E81F8
Device \Driver\usbehci \Device\USBFDO-1 8A3311F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8823E500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8823E500
Device \Driver\Ftdisk \Device\FtControl 8A5541F8
Device \Driver\usbstor \Device\0000008d 882033F8
Device \FileSystem\Fastfat \Fat 86C1D1F8
Device \FileSystem\Fastfat \Fat A42A31F9

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A0B2500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF0 0xB8 0xDF 0x2A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x52 0x35 0xCC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x3F 0x64 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF0 0xB8 0xDF 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x52 0x35 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x3F 0x64 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF0 0xB8 0xDF 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x52 0x35 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x3F 0x64 0xFE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF0 0xB8 0xDF 0x2A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x52 0x35 0xCC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x3F 0x64 0xFE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF0 0xB8 0xDF 0x2A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x52 0x35 0xCC ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x3F 0x64 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a6444f0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0xC4 0xF3 0xDB ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF0 0xB8 0xDF 0x2A ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x52 0x35 0xCC ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x3F 0x64 0xFE ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\000a3a6444f0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA7 0xC4 0xF3 0xDB ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2008-11-25 01:31:04
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting@SequenceNumber 52

---- EOF - GMER 1.0.14 ----

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 25 November 2008 - 11:35 AM

Hello Bob.

USB and CDs now no longer autoplay, even though its set to prompt.

ComboFix disables autoplay to prevent worms that travel through removable media from spreading. We will reset those later.

ComboFix removed a bit too much, such as a couple of my security/utility programs

The folder that you put them in used the same name as a rogue program.

I also have a "Qoobox" folder in my C: drive now, I assume thats Combofix's backup of things it removed, as said I have seperate backups so I don't need this. I've left it for now, so let me know when I can delete it please.

Don't worry, we will cleanup all the tools and their components when done.

We will need ComboFix again to remove whats left of the infection, and install the recovery console. If you are not comfortable using that, please tell me and we will use another method.

Install Recovery Console with ComboFix
Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image

Download the file & save it as it's originally named, next to ComboFix.exe.
Posted Image
Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click No.
Posted Image

Submit File to Online Scanner
There is an unidentified file that I would like you to check out for me using Jotti/VirusTotal.
  • Open Jotti Online Scanner, or VirusTotal Online Scanner. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • c:\windows\system32\drivers\Ndisprot.sys
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Re-enable your protection.

Please now to to install updates.

Please post back with:
-the Jotti results
-the Kaspersky log
-a new OTScanIt log (default settings, attached)



With Regards,
The Panda

#10 Bob!

Bob!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 25 November 2008 - 04:28 PM

Whew, sorry for the delay, that Kaspersky scan took three hours.

Anyways ok about the autoplay and so on, that kinda stuff can be sorted after.

I'll be comfortable with using the recovery console if I need to as long as I have instructions on how to do it, combofix seems to have installed it properly now through your methods, and I selected "no" to run another scan, I just let it install the console as ya said.

As to that file well I uploaded it to both VirusTotal and Jotti and they both didn't find anything, however, get this:

Screenie of the file info. (Although another file is highlighted there, I'm mousing over the Ndisprot.sys file)

Check the creation date, and the time Norton alerted me about the initial infection as shown below that, coincidence?


Also Kaspersky only found one file, which was the kwdgn thing that ComboFix removed, the detection was in ComboFixes quarantine folder so Kaspersky thinks things are clean too.

As to the OTViewIt scan with default settings, do you mean run it with the settings you instructed me to set before and not change anything? Or reverse the changes/download a fresh copy and scan with that?

I haven't downloaded the Windows Updates yet, though it seems to be working fine now. Unless needed, I'd rather do those after another XP Repair Reinstall when most of the rest has been given the all clear as theres an absolute ton of them.

Anyways, heres the logs you asked for, besides OTViewIt.


VirusTotal File Scan:

File Ndisprot.sys received on 11.25.2008 18:59:04 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/37 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.11.24.3 2008.11.25 -
AntiVir 7.9.0.35 2008.11.25 -
Authentium 5.1.0.4 2008.11.25 -
Avast 4.8.1281.0 2008.11.24 -
AVG 8.0.0.199 2008.11.25 -
BitDefender 7.2 2008.11.25 -
CAT-QuickHeal 10.00 2008.11.25 -
ClamAV 0.94.1 2008.11.25 -
DrWeb 4.44.0.09170 2008.11.25 -
eSafe 7.0.17.0 2008.11.25 -
eTrust-Vet 31.6.6227 2008.11.25 -
Ewido 4.0 2008.11.25 -
F-Prot 4.4.4.56 2008.11.25 -
F-Secure 8.0.14332.0 2008.11.25 -
Fortinet 3.117.0.0 2008.11.25 -
GData 19 2008.11.25 -
Ikarus T3.1.1.45.0 2008.11.25 -
K7AntiVirus 7.10.533 2008.11.25 -
Kaspersky 7.0.0.125 2008.11.25 -
McAfee 5444 2008.11.24 -
McAfee+Artemis 5444 2008.11.24 -
Microsoft 1.4104 2008.11.25 -
NOD32 3639 2008.11.25 -
Norman 5.80.02 2008.11.25 -
Panda 9.0.0.4 2008.11.25 -
PCTools 4.4.2.0 2008.11.25 -
Prevx1 V2 2008.11.25 -
Rising 21.05.12.00 2008.11.25 -
SecureWeb-Gateway 6.7.6 2008.11.25 -
Sophos 4.35.0 2008.11.25 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.25 -
TheHacker 6.3.1.1.162 2008.11.25 -
TrendMicro 8.700.0.1004 2008.11.25 -
VBA32 3.12.8.9 2008.11.25 -
ViRobot 2008.11.25.1485 2008.11.25 -
VirusBuster 4.5.11.0 2008.11.25 -

Additional information
File size: 27904 bytes
MD5...: a3b80c6e0774815c362aeb5ed5ac047d
SHA1..: 6538e53927d7f5c977c421a4d45e810b12640d31
SHA256: 1ac398ae4b75a1483eab64c67b3808d0b559a672567cc6003e96acd630053f0d
SHA512: 7e3c8d74e23a55d2b521029d183cb5f2f7b19f76d94d8393fb723406d1bdff7e
ef731cf470402d9be48277dfa29e618ab3d7445b3a0a3eb910442aedccfb6891

ssdeep: 768:5DoLmkhJfejru7ixHU7rba/8D5tQ0lZsdHWQuA4kCcG7:5DoyjreSHUPbaw2
fCz

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x15d05
timedatestamp.....: 0x48d45a18 (Sat Sep 20 02:04:08 2008)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x4e7a 0x4e80 6.30 28115bdc36edd78bebbbc36c929ce45a
.rdata 0x5300 0x3e4 0x400 3.88 665d3d66e68cbcb5bfc2d62d39a5d351
.data 0x5700 0x5f0 0x600 0.73 5323ee493e8ddcec285f73ff820d29e0
INIT 0x5d00 0x742 0x780 5.29 9a33840ccaa7ee16e4662d0ebdde0f78
.rsrc 0x6480 0x430 0x480 3.24 0fe19f42d0da593582c2bd22ee818dc8
.reloc 0x6900 0x3fe 0x400 5.60 c465508735f034b51428ed227c360c42

( 3 imports )
> ntoskrnl.exe: MmProbeAndLockPages, IoAllocateMdl, KeResetEvent, ObfDereferenceObject, ObReferenceObjectByHandle, ExEventObjectType, _allmul, PsGetVersion, KeQuerySystemTime, _allrem, _alldiv, KeWaitForSingleObject, KeInitializeEvent, _aullrem, _aulldiv, ZwSetInformationThread, KeSetEvent, IoFreeMdl, KeClearEvent, KefReleaseSpinLockFromDpcLevel, MmBuildMdlForNonPagedPool, KefAcquireSpinLockAtDpcLevel, KeTickCount, KeBugCheckEx, MmUnlockPages, ExfInterlockedInsertTailList, ExfInterlockedRemoveHeadList, IofCompleteRequest, IoDeleteSymbolicLink, IoDeleteDevice, RtlCompareMemory, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, IoCreateDevice, IoCreateSymbolicLink, ZwOpenKey, ZwEnumerateKey, RtlInitUnicodeString, ZwQueryValueKey, ZwClose, memcpy, memset, ExAllocatePoolWithTag, RtlQueryRegistryValues, RtlWriteRegistryValue, MmMapLockedPagesSpecifyCache, ExFreePoolWithTag, RtlUnwind
> HAL.dll: KfReleaseSpinLock, KeQueryPerformanceCounter, KfLowerIrql, KfRaiseIrql, KfAcquireSpinLock
> NDIS.SYS: NdisInitializeEvent, NdisCloseAdapter, NdisSystemProcessorCount, NdisRegisterProtocol, NdisFreePacketPool, NdisResetEvent, NdisRequest, NdisWaitEvent, NdisSetEvent, NdisDeregisterProtocol, NdisOpenAdapter, NdisAllocatePacketPool, NdisFreePacket, NdisAllocatePacket, NdisReset, NdisUnchainBufferAtFront

( 0 exports )

CWSandbox info: http://research.sunbelt-software.com/partn...62aeb5ed5ac047d


Kaspersky Online Scan:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, November 25, 2008 14:13:03
Records in database: 1415235
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 242588
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:05:49


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\kdwgn.exe.vir Infected: Trojan.Win32.Agent.apbx 1

The selected area was scanned.

Edited by Bob!, 25 November 2008 - 04:39 PM.


#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 25 November 2008 - 05:01 PM

Hello.

Yes, that file seems very suspicious. Right now, I have a source saying it's bad, but none of the AV companies (as shown in the jotti scan) recognize it. That file started appearing the the forum logs only a month ago. It could just be that a company decided to update their software, or an infection.

Do you recognize this description?
"ArcNet NDIS Protocol Driver"

I'm going to ask my peers for their input.

Other than that, your logs look clean.

Please take a new OTScanIt log without changing any settings. Also include a new HijackThis log.

With Regards,
The Panda

#12 Bob!

Bob!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 25 November 2008 - 05:10 PM

Aye I had a gander at google about it and some say its bad, others don't know.

Does seem VERY suspicious that it was "created" at the exact time the infection began though, however I haven't noticed any strange activity since combofix nuked the rest of it.

I've never seen the file or name before, unless its to do with my Nvidia Raid 0 Stripe setup, or something to do with my network I've no idea what it is. However my ethernet is Broadcom and my Wireless card is D-Link so aye, give it a check, either ways it was apparently created on that day, and I always got on fine before that so I can't see it being anything to do with my comp.

Heres me logs:

OTViewIt Log 1 - OTViewIt.txt:

OTViewIt logfile created on: 25/11/2008 22:03:49 - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Bob!\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.20% Memory free
3.85 Gb Paging File | 3.03 Gb Available in Paging File | 78.81% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 928.16 Gb Total Space | 715.64 Gb Free Space | 77.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7.46 Gb Total Space | 6.83 Gb Free Space | 91.52% Space Free | Partition Type: NTFS

Computer Name: BOBSBEAST
Current User Name: Bob!
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/04/27 08:07:42 | 00,364,628 | ---- | M] (Atheros) -- C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\acs.exe
[2007/09/12 17:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/09/24 03:01:21 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/11/24 21:26:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/07/12 12:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
[2008/08/18 07:58:08 | 00,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
[2008/10/07 12:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/09/02 12:33:22 | 00,048,640 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
[2007/01/05 08:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
[2008/08/01 10:11:10 | 00,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
[2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
[2006/09/21 14:40:48 | 00,137,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
[2004/08/04 10:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2004/08/04 10:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
[2005/11/04 17:07:56 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
[2007/01/10 05:59:52 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2007/08/09 12:19:00 | 00,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
[2007/05/23 19:02:36 | 00,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\pmxmiced.exe
[2008/11/24 21:26:15 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2004/08/04 10:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2004/08/04 10:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006/11/15 22:01:52 | 00,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
[2008/08/26 19:23:39 | 01,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2007/12/14 12:06:52 | 00,120,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2007/08/13 18:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/11/24 21:56:43 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob!\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/04/27 08:07:42 | 00,364,628 | ---- | M] (Atheros) -- C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\acs.exe -- (ACS [Auto | Running])
[2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/09/12 17:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/09/24 03:01:21 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
[2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2007/01/13 03:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
[2008/08/29 12:16:23 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2004/08/04 10:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN [Disabled | Stopped])
[2007/01/14 07:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
[2008/11/24 21:26:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/09/12 17:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/01/10 05:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
[2008/01/29 16:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
File not found -- -- (LVPrcSrv [Auto | Stopped])
[2006/11/15 22:05:40 | 00,101,152 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2008/08/29 10:16:06 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2006/07/12 12:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2004/08/04 10:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc [Disabled | Stopped])
[2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/08/18 07:58:08 | 00,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
[2008/10/07 12:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/09/02 12:33:22 | 00,048,640 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])
[2004/08/04 10:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Stopped])
[2008/08/26 19:23:39 | 01,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
[2007/01/05 08:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])
[2008/08/01 10:11:10 | 00,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService [Auto | Running])
[2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2004/08/04 10:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC [Disabled | Stopped])
[2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2007/04/21 06:07:00 | 01,296,256 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5416.sys -- (AR5416 [On_Demand | Running])
[2007/08/08 16:54:10 | 00,028,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool [System | Running])
[2007/02/16 14:46:00 | 00,160,256 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Stopped])
[2004/08/04 10:00:00 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2004/08/04 10:00:00 | 00,100,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2004/08/04 10:00:00 | 00,274,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2004/08/04 10:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2004/12/13 21:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2005/11/08 12:14:40 | 00,502,272 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2005/11/08 12:15:38 | 00,439,680 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2005/07/13 09:18:48 | 00,340,704 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2005/11/08 12:15:38 | 00,007,168 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2005/11/08 12:14:46 | 00,143,360 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2008/09/02 08:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2005/11/08 12:14:44 | 00,077,824 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2007/08/20 09:05:02 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH [On_Demand | Stopped])
[2008/09/02 08:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/11/24 23:54:38 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2005/11/08 12:15:22 | 01,095,680 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k [On_Demand | Running])
[2004/08/04 10:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2006/11/15 22:00:56 | 01,678,368 | ---- | M] () -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Stopped])
[2006/11/15 22:02:50 | 01,962,912 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv [On_Demand | Stopped])
[2006/11/11 03:48:00 | 00,040,352 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2007/08/15 06:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\system32\drivers\n558.sys -- (n558 [On_Demand | Stopped])
[2008/11/11 09:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081125.004\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/11/11 09:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081125.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2008/11/14 21:24:55 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\ndisprot.sys -- (Ndisprot [On_Demand | Stopped])
[2008/10/07 12:33:00 | 06,133,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/10/18 21:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NvAtaBus.sys -- (nvatabus [Boot | Running])
[2008/08/18 08:00:00 | 00,029,952 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Running])
[2008/08/01 10:08:28 | 00,036,640 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvflash.sys -- (NVR0FLASHDev [Auto | Running])
[2006/10/18 21:31:46 | 00,089,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
[2001/08/22 07:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2005/11/08 12:14:54 | 00,114,688 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2006/11/11 03:43:49 | 00,487,328 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928 [On_Demand | Running])
[2007/06/01 12:41:00 | 00,018,432 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse [On_Demand | Running])
[2007/05/24 15:56:00 | 00,014,336 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf [On_Demand | Running])
[2004/08/04 10:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/08/05 22:02:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 10:00:00 | 00,059,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2007/10/30 18:05:00 | 00,009,088 | ---- | M] () -- C:\Program Files\RivaTuner v2.06\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Stopped])
[2008/09/02 12:33:22 | 00,100,352 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv [On_Demand | Running])
[2004/08/04 10:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/04/14 01:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/11/18 03:11:06 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/11/30 22:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2007/11/30 22:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2007/11/30 22:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008/10/03 13:14:08 | 00,012,848 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/08/26 19:36:51 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2008/10/03 13:14:10 | 00,146,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/10/03 13:14:10 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2008/09/12 07:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20081121.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
[2008/10/03 13:14:10 | 00,035,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/10/03 13:14:10 | 00,027,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/10/03 13:14:10 | 00,187,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2004/08/04 10:00:00 | 00,223,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running])
[2004/08/04 10:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running])
[2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2004/08/04 10:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2007/03/29 09:52:20 | 00,057,024 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.gamefaqs.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.gamefaqs.com/

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} (HKLM) -- C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" (Creative Technology Ltd.)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" (Creative Technology Ltd)
"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)
"CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" (Logitech Inc.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" (Symantec Corporation)
"PMX Daemon"=ICO.EXE (Primax Electronics Ltd.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
"UpdReg"=C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r (Creative Technology Ltd)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (NVIDIA)

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (NVIDIA)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (Creative Technology Ltd)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (Creative Technology Ltd)
"tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2008/06/23 13:47:18 | 04,628,752 | ---- | M] (Headlight Software, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight.lnk = C:\Program Files\GetRight\GetRight.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoSMMyPictures"=01 00 00 00 [binary data]
"NoUserNameInStartMenu"= [binary data]
"NoDrives"=0
"NoDriveTypeAutoRun"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"disableregistrytools"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoSMMyPictures"=01 00 00 00 [binary data]
"NoUserNameInStartMenu"= [binary data]
"NoDrives"=0
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"disableregistrytools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download with GetRight: C:\Program Files\GetRight\GRDownload.htm [2006/03/29 14:35:12 | 00,000,994 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Open with GetRight Browser: C:\Program Files\GetRight\GRBrowse.htm [2006/03/29 14:35:12 | 00,000,977 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Download with GetRight: C:\Program Files\GetRight\GRDownload.htm [2006/03/29 14:35:12 | 00,000,994 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Open with GetRight Browser: C:\Program Files\GetRight\GRBrowse.htm [2006/03/29 14:35:12 | 00,000,977 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 16:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01A88BB1-1174-41EC-ACCB-963509EAE56B}: http://support.euro.dell.com/systemprofiler/SysPro.CAB -- SysProWmi Class
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab -- System Requirements Lab Class
{233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1219798769859 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1219984652437 -- MUWebControl Class
{74DBCB52-F298-4110-951D-AD2FF67BC8AB}: http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab -- NVIDIA Smart Scan
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98}: http://www.yougamers.com/systeminfo/MSC3.cab -- Futuremark Measurement Services Client

========== (O17) DNS Name Servers ==========

{030AEA98-FFA0-406C-87EE-93FA86191D5A} (Servers: | Description: )
{1E5A798A-9A1C-4B84-9CC0-B7AA825B176C} (Servers: | Description: )
{39BBB1BC-0D8C-4019-8298-40958750BFD2} (Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller)
{404F68B8-8AD0-4008-BF38-C3EBA449AF03} (Servers: | Description: D-Link DWA-556 Xtreme N PCIe Desktop Adapter)
{74640C3F-7941-424B-A704-5758CAEFBF90} (Servers: | Description: )
{8905DB0A-5198-4599-B9B2-18AA076FA01B} (Servers: | Description: 1394 Net Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/08/25 23:17:57 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\*.tmp files]
[2008/11/25 22:03:17 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob!\Desktop\OTViewIt.exe
[2008/11/25 17:51:46 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/11/25 17:51:43 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/11/25 17:51:40 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/11/25 17:51:03 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008/11/25 17:50:10 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF5293.exe
[2008/11/25 17:45:38 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Bob!\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/11/25 17:16:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/11/25 02:11:09 | 00,000,000 | ---D | C] -- C:\Program Files\Security Tools
[2008/11/25 01:24:36 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/11/25 01:09:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/11/25 01:09:20 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/11/25 01:09:20 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/11/25 01:09:20 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/11/25 01:09:20 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/11/25 01:09:20 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/11/25 01:09:20 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/11/25 01:09:20 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/11/25 01:09:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/11/25 01:09:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/11/25 01:01:42 | 03,052,316 | R--- | C] () -- C:\Documents and Settings\Bob!\Desktop\ComboFix.exe
[2008/11/24 23:54:41 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/11/24 23:54:38 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/11/24 23:54:38 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/11/24 23:54:38 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/24 23:54:38 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/24 22:05:06 | 00,000,000 | ---D | C] -- C:\Program Files\ZapGrab
[2008/11/21 22:31:51 | 00,007,734 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2008/11/21 22:31:50 | 00,042,594 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/21 20:52:01 | 00,348,160 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System\msvcr71.dll
[2008/11/19 01:35:58 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2008/11/18 22:34:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/11/18 02:58:14 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/11/18 00:50:47 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/11/18 00:50:43 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/11/17 22:14:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/11/17 22:14:05 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/11/17 22:04:47 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/11/17 21:46:50 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/11/17 21:02:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/11/17 21:00:59 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/11/17 21:00:59 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2008/11/17 20:59:35 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2008/11/17 20:59:35 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2008/11/17 20:59:35 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2008/11/17 20:59:35 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2008/11/17 20:59:35 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2008/11/17 20:59:35 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2008/11/17 20:59:19 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2008/11/17 20:59:18 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2008/11/17 20:59:18 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2008/11/17 20:59:18 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2008/11/17 20:59:15 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2008/11/17 20:59:14 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2008/11/17 20:59:13 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2008/11/17 20:59:13 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2008/11/17 20:59:13 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2008/11/17 20:59:13 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2008/11/17 20:59:13 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2008/11/17 20:59:12 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2008/11/17 20:59:12 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2008/11/17 20:59:09 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2008/11/17 20:59:09 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2008/11/17 20:59:08 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2008/11/17 20:59:08 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2008/11/17 20:59:08 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2008/11/17 20:59:08 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2008/11/17 20:59:08 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2008/11/17 20:59:08 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2008/11/17 20:59:08 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/11/17 20:59:08 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2008/11/17 20:59:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2008/11/17 20:59:07 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2008/11/17 20:59:07 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2008/11/17 20:59:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2008/11/17 20:59:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2008/11/17 20:59:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2008/11/17 20:59:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2008/11/17 20:59:07 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2008/11/17 20:59:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2008/11/17 20:59:07 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2008/11/17 20:59:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2008/11/17 20:59:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2008/11/17 20:59:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2008/11/17 20:59:07 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2008/11/17 20:59:07 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2008/11/17 20:59:07 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/11/17 20:59:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/11/17 20:59:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/11/17 20:59:06 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2008/11/17 20:59:06 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2008/11/17 20:59:06 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2008/11/17 20:59:06 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2008/11/17 20:59:03 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2008/11/17 20:59:03 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2008/11/17 20:59:03 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2008/11/17 20:59:03 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2008/11/17 20:59:03 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2008/11/17 20:59:03 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2008/11/17 20:59:03 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2008/11/17 20:59:02 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2008/11/17 20:59:00 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2008/11/17 20:58:59 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2008/11/17 20:58:59 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2008/11/17 20:58:58 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2008/11/17 20:58:58 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2008/11/17 20:58:58 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2008/11/17 20:58:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2008/11/17 20:58:57 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2008/11/17 20:58:57 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2008/11/17 20:58:57 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2008/11/17 20:58:50 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2008/11/17 20:58:46 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2008/11/17 20:58:42 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2008/11/17 20:58:41 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2008/11/17 20:58:41 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2008/11/17 20:58:40 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2008/11/17 20:58:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2008/11/17 20:58:39 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2008/11/17 20:58:36 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2008/11/17 20:58:35 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2008/11/17 20:58:34 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2008/11/17 20:58:28 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2008/11/17 20:58:27 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2008/11/17 20:58:27 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2008/11/17 20:58:27 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2008/11/17 20:58:27 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2008/11/17 20:58:26 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2008/11/17 20:58:26 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2008/11/17 20:58:26 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2008/11/17 20:58:25 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2008/11/17 20:58:25 | 00,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2008/11/17 20:58:25 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2008/11/17 20:58:25 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2008/11/17 20:58:25 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2008/11/17 20:58:25 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2008/11/17 20:58:25 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2008/11/17 20:58:25 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2008/11/17 20:58:25 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2008/11/17 20:58:25 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2008/11/17 20:58:25 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2008/11/17 20:58:25 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2008/11/17 20:58:25 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2008/11/17 20:58:25 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2008/11/17 20:58:25 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2008/11/17 20:58:25 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2008/11/17 20:58:25 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2008/11/17 20:58:25 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2008/11/17 20:58:25 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2008/11/17 20:58:24 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2008/11/17 20:58:24 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2008/11/17 20:58:23 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2008/11/17 20:58:23 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2008/11/17 20:58:23 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2008/11/17 20:58:23 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2008/11/17 20:58:23 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2008/11/17 20:58:23 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2008/11/17 20:58:23 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2008/11/17 20:58:16 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2008/11/17 20:58:15 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2008/11/17 20:58:15 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2008/11/17 20:58:14 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2008/11/17 20:58:14 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2008/11/17 20:58:14 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2008/11/17 20:58:14 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2008/11/17 20:58:14 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2008/11/17 20:58:14 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2008/11/17 20:58:13 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2008/11/17 20:58:13 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2008/11/17 20:58:13 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2008/11/17 20:58:13 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2008/11/17 20:58:13 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2008/11/17 20:58:13 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2008/11/17 20:58:13 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2008/11/17 20:58:12 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2008/11/17 20:58:08 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2008/11/17 20:58:08 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2008/11/17 20:58:08 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2008/11/17 20:57:55 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2008/11/17 20:57:28 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2008/11/17 20:56:10 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2008/11/17 20:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2008/11/17 20:54:41 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2008/11/17 20:54:28 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2008/11/17 20:54:28 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2008/11/17 20:49:08 | 00,201,157 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2008/11/17 20:46:53 | 00,134,656 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\System32\ctdvinst.dll
[2008/11/17 20:29:52 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2008/11/17 20:29:52 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2008/11/17 20:29:52 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2008/11/17 20:29:52 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2008/11/17 20:29:45 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2008/11/17 20:29:45 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2008/11/17 20:29:45 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2008/11/17 20:29:45 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/11/17 20:29:45 | 00,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2008/11/17 20:29:45 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2008/11/17 20:29:45 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2008/11/17 20:29:45 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2008/11/17 20:29:45 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2008/11/17 20:29:45 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2008/11/17 20:29:45 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2008/11/17 20:29:45 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2008/11/17 20:29:45 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2008/11/17 20:29:45 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2008/11/17 20:29:45 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2008/11/17 20:29:45 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/11/17 20:29:45 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/11/17 20:29:45 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2008/11/16 21:27:52 | 00,007,680 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\All Users\Documents\Thumbs.db:encryptable
[2008/11/15 22:14:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob!\Application Data\Ahead
[2008/11/15 03:41:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob!\Desktop\Problems
[2008/11/15 03:32:00 | 00,000,000 | RHSD | C] -- C:\Vault
[2008/11/14 21:24:55 | 00,027,904 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/11/14 20:57:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bob!\Local Settings\Application Data\ABBYY
[2008/11/07 23:34:44 | 00,000,512 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Shared Documents (Mum).lnk
[2008/10/28 22:36:00 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2008/10/28 22:36:00 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2008/10/28 22:35:58 | 00,815,104 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/10/28 22:35:58 | 00,802,816 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/10/28 22:35:56 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2008/10/28 22:35:50 | 00,729,088 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2008/11/25 17:51:46 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/11/25 17:51:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/25 17:50:51 | 03,052,316 | R--- | M] () -- C:\Documents and Settings\Bob!\Desktop\ComboFix.exe
[2008/11/25 17:50:06 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF5293.exe
[2008/11/25 17:45:52 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Bob!\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/11/25 17:17:49 | 00,501,672 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/25 17:17:49 | 00,090,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/25 17:17:48 | 00,604,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/25 17:14:24 | 00,195,459 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/11/25 17:14:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/25 17:13:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/25 03:36:46 | 00,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2008/11/25 03:36:46 | 00,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2008/11/25 03:36:46 | 00,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2008/11/25 03:36:46 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/11/25 03:36:46 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/11/25 01:29:54 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/11/25 01:19:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/25 01:19:41 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/25 00:23:25 | 04,768,656 | -H-- | M] () -- C:\Documents and Settings\Bob!\Local Settings\Application Data\IconCache.db
[2008/11/24 23:54:38 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/11/24 23:54:38 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/24 23:54:38 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/24 21:56:43 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob!\Desktop\OTViewIt.exe
[2008/11/24 04:18:14 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/24 04:17:54 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\Bob!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 22:14:04 | 00,000,973 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/11/21 22:14:04 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2008/11/20 20:45:45 | 00,002,506 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2008/11/20 20:25:01 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2008/11/19 01:36:19 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/19 01:35:45 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/11/19 01:35:45 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/11/19 01:34:36 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/11/18 03:11:06 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/17 23:00:42 | 00,000,512 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Shared Documents (Mum).lnk
[2008/11/17 21:04:57 | 00,091,912 | ---- | M] () -- C:\Documents and Settings\Bob!\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/17 21:04:27 | 01,646,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/17 21:00:56 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/11/17 20:57:30 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/11/17 20:57:10 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/17 20:55:11 | 00,027,632 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/17 20:29:48 | 00,000,132 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/11/17 20:29:48 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/11/17 19:33:47 | 00,000,506 | ---- | M] () -- C:\Documents and Settings\Bob!\My Documents\Shared Documents.lnk
[2008/11/17 18:15:12 | 00,610,985 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2008/11/16 21:28:41 | 00,007,680 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\All Users\Documents\Thumbs.db:encryptable
[2008/11/15 21:24:17 | 00,030,720 | -HS- | M] () -- C:\Documents and Settings\Bob!\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Bob!\Desktop\Thumbs.db:encryptable
[2008/11/15 17:10:14 | 00,131,066 | ---- | M] () -- C:\WINDOWS\System32\DellPM.ini
[2008/11/14 21:24:55 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/11/04 00:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/28 22:36:00 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2008/10/28 22:36:00 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2008/10/28 22:35:58 | 00,815,104 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/10/28 22:35:58 | 00,802,816 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/10/28 22:35:56 | 00,684,032 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2008/10/28 22:35:50 | 00,729,088 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax
< End of report >


OTViewIt Log 2 - Extras.txt:

OTViewIt Extras logfile created on: 25/11/2008 22:03:49 - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Bob!\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.20% Memory free
3.85 Gb Paging File | 3.03 Gb Available in Paging File | 78.81% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 928.16 Gb Total Space | 715.64 Gb Free Space | 77.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7.46 Gb Total Space | 6.83 Gb Free Space | 91.52% Space Free | Partition Type: NTFS

Computer Name: BOBSBEAST
Current User Name: Bob!
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 10:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 10:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 12:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 16:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2008/04/23 14:46:32 | 26,150,480 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9
[2008/04/16 16:35:22 | 25,667,160 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10
[2008/02/22 10:08:44 | 00,619,144 | ---- | M] (Ubisoft) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update
[2008/07/29 16:03:02 | 09,721,088 | ---- | M] (Gas Powered Games) -- C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander
[2005/09/16 09:00:18 | 06,448,640 | ---- | M] (Gas Powered Games) -- C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable
[2007/08/07 16:22:12 | 09,710,464 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III
[2007/08/07 08:22:10 | 09,684,872 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs
[2008/03/21 13:46:14 | 09,725,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties
[2008/08/12 17:19:02 | 21,741,864 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [PNRP Cloud Namespace Provider] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [PNRP Name Namespace Provider] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 08:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/08/12 17:19:02 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}"=Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0931965F-6956-4AAA-AEC9-0D3BF28488F8}"=MSDN Library - January 2006
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1"=Driver Sweeper 1.5.5
"{0ED47137-C071-46CC-A243-E5E33271E10E}"=Windows Live Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}"=Dell Picture Studio - Dell Image Expert
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}"=Microsoft FrontPage Client - English
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}"=Sound Blaster X-Fi
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}"=Microsoft Visual J# .NET Redistributable Package 1.1
"{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}"=Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}"=Adobe Extension Manager CS3
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}"=Rome - Total War - Gold Edition
"{2F353D44-73BB-4971-B31D-F7642E9E9531}"=Macromedia Flash MX 2004
"{31D95937-B237-405D-920C-A3EF4E482395}"=Supreme Commander - Forged Alliance
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}"=Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}"=MVision
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}"=Adobe Setup
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}"=ccCommon
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1"=Classic Menu 3.x for Office 2007
"{448E2D77-E504-4221-B2C2-93646B344729}"=Mouse Suite for Desktop Computers
"{48185814-A224-447A-81DA-71BD20580E1B}"=Norton Internet Security
"{4837718C-5B6E-4496-B283-FFFB5A937825}"=ABBYY PDF Transformer 1.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}"=Norton Internet Security
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5DE1B7CF-7429-40CA-987F-6BEE09B63787}"=Prime95
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{65183D0F-C0DC-4D38-AD9F-C4C5A1CC931A}"=Symantec Real Time Storage Protection Component
"{68A35043-C55A-4237-88C9-37EE1C63ED71}"=Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6C1804BC-094F-431A-BEA5-37A837958029}"=Rome - Total War - Alexander
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6F69C969-2942-4E7B-B594-75B37664B8BA}"=NVIDIA System Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}"=Age of Empires III
"{75983B66-804C-40D1-BA13-64DAF652A6F1}"=Medieval II Total War : Kingdoms : Americas
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}"=Medieval II Total War : Kingdoms : Teutonic
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}"=Camtasia Studio 5
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA Performance
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}"=3DMark06
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{830D8CBD-C668-49e2-A969-C2C2106332E0}"=Norton AntiVirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8CFA9151-6404-409A-AF22-4632D04582FD}"=Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8ED2ECA4-4921-4A06-A8AA-FC7992252B5B}"=SymNet
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-0026-0000-0000-0000000FF1CE}"=Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}"=Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}"=Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{DA3B8FC6-8B1D-447A-A5EE-B226DCC10662}"=Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}"=Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{939740B5-0064-4779-854A-8C1086181C05}"=Macromedia FreeHand MXa
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}"=Norton Protection Center
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5}"=Enter The Matrix
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}"=Dungeon Siege 2 Broken World
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager
"{A7E07C2B-2220-4415-87E3-784D5814BC93}"=NVIDIA PhysX v8.09.04
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}"=Spelling Dictionaries Support For Adobe Reader 9
"{ADE4E72B-35C4-41DD-99B7-A30722FF01A4}"=PhoeniX WorX Client
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}"=MSRedist
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BEF726DD-4037-4214-8C6A-E625C02D2870}"=Logitech Audio Echo Cancellation Component
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}"=Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2
"{C194D333-B84A-4BB7-B35E-060732D98DC4}"=GPGNet
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}"=Age of Empires III - The Asian Dynasties
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}"=Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}"=Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}"=32 bit Windows Card Reader Driver
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}"=Medieval II Total War : Kingdoms : Britannia
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}"=Broadcom Gigabit Integrated Controller
"{D45EC259-4A19-4656-B588-C2C360DD18EA}"=Half-Life® 2
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}"=Visual Studio.NET Baseline - English
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E05F0409-0E9A-48A1-AC04-E35E3033604A}"=Visual Studio .NET Enterprise Architect 2003 - English
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton Internet Security
"{E583ED6F-BD99-4066-A420-C815BF692B69}"=Macromedia Fireworks MX 2004
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton Internet Security
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}"=NVIDIA System Monitor
"{EA516024-D84D-41F1-814F-83175A6188F2}"=Logitech Video Enumerator
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}"=Adobe Dreamweaver CS3
"{F4DB525F-A986-4249-B98B-42A8066251CA}"=AV
"{F95B340A-67A5-419C-843B-949406A357D2}"=MSDN Library - October 2003
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}"=User Profile Hive Cleanup Service
"0000CustomCampaignMod2_is1"=Medieval II - Custom Campaign Mod 2
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_435a6af7459cb02a9c1138113a26e93"=Adobe Dreamweaver CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Age of Empires 2.0"=Microsoft Age of Empires II
"Age of Empires Gold 1.0"=Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0"=Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0"=Age of Mythology
"Age of Mythology Expansion Pack 1.0"=Age of Mythology - The Titans Expansion
"ATITool"=ATITool Overclocking Utility
"Audacity_is1"=Audacity 1.2.6
"BitTornado"=BitTornado 0.3.17
"BlueJ_is1"=BlueJ 1.3.5
"BT Yahoo! Applications"=BT Yahoo! Applications
"CCleaner"=CCleaner (remove only)
"Dark Reign 2"=Dark Reign 2
"Driver Cleaner Pro"=DH Driver Cleaner Professional Edition
"Dungeon Siege Legends of Aranna 1.0"=Dungeon Siege Legends of Aranna
"Dungeon Siege Legends of Aranna Bonus Pack 1.0"=Dungeon Siege Legends of Aranna Bonus Pack
"Dungeon Siege: Yesterhaven"=Dungeon Siege: Yesterhaven
"DungeonSiege2"=Dungeon Siege 2
"File Shredder_is1"=File Shredder 2.0
"GameSpy Arcade"=GameSpy Arcade
"GetRight_is1"=GetRight
"GoldWave v5.25"=GoldWave v5.25
"Ground Control"=Ground Control
"Guild Wars"=Guild Wars
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}"=Age of Empires III - The WarChiefs
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}"=NVIDIA System Update
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}"=Age of Empires III
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA Performance
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}"=Age of Empires III - The Asian Dynasties
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}"=NVIDIA System Monitor
"Java Media Framework 2.1.1e"=Java Media Framework 2.1.1e
"JCreator LE_is1"=JCreator LE 3.10
"Jeff Wayne's 'The War Of The Worlds'"=Jeff Wayne's 'The War Of The Worlds'
"jGRASP"=jGRASP
"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)
"Measurement Services Client"=Futuremark Measurement Services Client
"MechCommander2 1.0"=Microsoft MechCommander 2
"MechWarrior Black Knight"=MechWarrior Black Knight
"MechWarrior Vengeance"=MechWarrior Vengeance
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package"=Microsoft Visual J# 2.0 Redistributable Package
"mIRC"=mIRC
"Mozilla Firefox (3.0.1)"=Mozilla Firefox (3.0.1)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"QcDrv"=Logitech® Camera Driver
"RealPlayer 6.0"=RealPlayer
"Registry Mechanic_is1"=Registry Mechanic 8.0
"RivaTuner"=RivaTuner v2.06
"Sandboxie"=Sandboxie 3.30
"Shockwave"=Shockwave
"Shogun Total War - Warlord Edition"=Shogun - Total War - Warlord Edition
"Sierra Utilities"=Sierra Utilities
"SpywareBlaster_is1"=SpywareBlaster 4.1
"Steam App 10"=Counter-Strike
"Steam App 130"=Half-Life: Blue Shift
"Steam App 17500"=Zombie Panic! Source
"Steam App 17510"=Age of Chivalry
"Steam App 17520"=Synergy
"Steam App 17530"=D.I.P.R.I.P. Warm Up
"Steam App 17700"=Insurgency
"Steam App 20"=Team Fortress Classic
"Steam App 220"=Half-Life 2
"Steam App 280"=Half-Life: Source
"Steam App 30"=Day of Defeat
"Steam App 300"=Day of Defeat: Source
"Steam App 320"=Half-Life 2: Deathmatch
"Steam App 340"=Half-Life 2: Lost Coast
"Steam App 3482"=Peggle Deluxe Demo
"Steam App 3483"=Peggle Extreme
"Steam App 360"=Half-Life Deathmatch: Source
"Steam App 380"=Half-Life 2: Episode One
"Steam App 40"=Deathmatch Classic
"Steam App 400"=Portal
"Steam App 420"=Half-Life 2: Episode Two
"Steam App 440"=Team Fortress 2
"Steam App 50"=Opposing Force
"Steam App 60"=Ricochet
"Swat2"=Police Quest: SWAT2
"SystemRequirementsLab"=System Requirements Lab
"TAE Version 1"=TAE Version 1
"Total Annihilation"=Total Annihilation
"Total Annihilation - Battle Tactics"=Total Annihilation - Battle Tactics
"Total Annihilation - Core Contingency"=Total Annihilation - Core Contingency
"Tweak UI 2.10"=Tweak UI
"ULTIMATER"=Microsoft Office Ultimate 2007
"Visual Studio .NET Enterprise Architect 2003 - English"=Microsoft Visual Studio .NET Enterprise Architect 2003 - English
"War of the Ring"=War of the Ring™
"WebDesigner"=Microsoft Expression Web
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions"=Adobe Digital Editions
"jEdit 4.0"=jEdit Version 4.0
"rosecppd"=Rational Rose C++ Demo 4.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1659004503-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions"=Adobe Digital Editions
"jEdit 4.0"=jEdit Version 4.0
"rosecppd"=Rational Rose C++ Demo 4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/11/2008 14:59:31 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 2.4.2416.0, faulting module
unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 23/11/2008 22:16:39 | Computer Name = BOBSBEAST | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8227.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/11/2008 20:07:50 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.14.14536, faulting module
unknown, version 0.0.0.0, fault address 0x001460e7.

Error - 24/11/2008 20:10:12 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 24/11/2008 20:10:39 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 24/11/2008 20:20:41 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.14.14536, faulting module
unknown, version 0.0.0.0, fault address 0x001460e7.

Error - 24/11/2008 20:22:24 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 24/11/2008 21:50:59 | Computer Name = BOBSBEAST | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 cocreateinstance(updateservicemanager),
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 24/11/2008 21:51:08 | Computer Name = BOBSBEAST | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 cocreateinstance(updateservicemanager),
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 24/11/2008 23:35:54 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module
msidcrl40.dll, version 5.0.742.2, fault address 0x000beeb0.

[ Application Events ]
Error - 23/11/2008 14:59:31 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 2.4.2416.0, faulting module
unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 23/11/2008 22:16:39 | Computer Name = BOBSBEAST | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8227.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/11/2008 20:07:50 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.14.14536, faulting module
unknown, version 0.0.0.0, fault address 0x001460e7.

Error - 24/11/2008 20:10:12 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 24/11/2008 20:10:39 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 24/11/2008 20:20:41 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.14.14536, faulting module
unknown, version 0.0.0.0, fault address 0x001460e7.

Error - 24/11/2008 20:22:24 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x000960e7.

Error - 24/11/2008 21:50:59 | Computer Name = BOBSBEAST | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 cocreateinstance(updateservicemanager),
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 24/11/2008 21:51:08 | Computer Name = BOBSBEAST | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80004002, P2 cocreateinstance(updateservicemanager),
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

Error - 24/11/2008 23:35:54 | Computer Name = BOBSBEAST | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module
msidcrl40.dll, version 5.0.742.2, fault address 0x000beeb0.

[ System Events ]
Error - 17/11/2008 17:51:02 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17/11/2008 17:52:19 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17/11/2008 17:54:19 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17/11/2008 17:54:26 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17/11/2008 17:55:28 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17/11/2008 17:55:42 | Computer Name = BOBSBEAST | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 17/11/2008 17:56:39 | Computer Name = BOBSBEAST | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 17/11/2008 17:58:07 | Computer Name = BOBSBEAST | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 17/11/2008 18:07:58 | Computer Name = BOBSBEAST | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 17/11/2008 18:08:29 | Computer Name = BOBSBEAST | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd


< End of report >


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:53, on 25/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\acs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gamefaqs.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1219798769859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219984652437
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) - http://www.yougamers.com/systeminfo/MSC3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-556 Wireless N PCIe Desktop Adapter\acs.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 12184 bytes

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 25 November 2008 - 07:07 PM

Hello Bob.

Log looks good.

One point leads me to believe it is not malware:

[2008/11/14 21:24:55 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\ndisprot.sys -- (Ndisprot [On_Demand | Stopped])

A malware file will always be set to run automatically. Doesn't make sense to wait for you to start it.

Unless there is definative evidence that this file is bad, we will leave it be.

Before we get to fixing some of the things in the "bad" section. Let's uninstall ComboFix.

Uninstall ComboFix
Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Resets clock settings to standard format.
  • Hide file extensions and hidden/system files.
  • Clear System Restore cache and creates new restore point.

Please tell me what issues you have right now, if it has changed.

With Regards,
The Panda

#14 Bob!

Bob!
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 25 November 2008 - 07:25 PM

Done, cheers, thats cleared up all the combofix folders and so on.

And hmm yeah I guess with that file. Still seems VERY strange it was created right in the midist of the infection though, I'm sure I didn't do anything around then that should have created any driver files and so on, so please keep trying to check that one out.

Just these points to address now from what I can tell:

The Bad:
  • USB and CDs now no longer autoplay, even though its set to prompt. (Would like to fix this first)
  • Windows Media still has the FaroLatino thing in right click menu and "online stores" section, (mentioned in second post, I'm sure that didn't used to be there before) - Screenshot
    Edit: I think this might have actually been legit, as I went to the Online stores page and clicked on Msn Music, and that now shows in the right click menu instead.
  • System Event log still not working. (Could possibly be fixed through a repair reinstall. Application event log and so on seems fine though)
  • Security Centre Service in control panel not active. (could be because not ran windows update properly yet, repair reinstall might also fix)

Edited by Bob!, 25 November 2008 - 08:13 PM.


#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 AM

Posted 25 November 2008 - 08:42 PM

Hello.


USB and CDs now no longer autoplay, even though its set to prompt.

Let's backup the registry first.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt


To Modify these Registry Settings, Use Regedit (start>run "regedit") and navigate to the following Key:

HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Policies
Explorer
"NoDriveTypeAutoRun"

The default value for the setting is 95 0 0 0. Change the first byte to 91.
---

Security Centre Service in control panel not active

Click on your Start Menu>Run> "services.msc"

Select Security Center. Change the startup to Automatic.

I'm not too sure about how to fix the Event Logs.

Tell me how it went.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users