Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC restarts suddenly, IE crashes, endless error logs


  • This topic is locked This topic is locked
28 replies to this topic

#1 milkchoc

milkchoc

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 23 November 2008 - 08:33 AM

System auto restarts when first boot up. After restarting, the message "...recovered from a serious error..." with error log to be sent to MS. Sometimes restarting hangs on boot page (showing BIOS info and before Windows logo)

When starting IE7, the home page and subsequent search results are redirected to www.bestfreedailyporn.com

After running Adaware and deleted all findings, as well as running Spybot check with no issues found, my homepage loads up properly again

Please help and advise if there are any malware left in my home pc, thank you!

HJT log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:19, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\TempImages\IEPR.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O3 - Toolbar: speedapps Toolbar - {d9c9a8c9-460d-4343-888e-ae02bcc3ce57} - C:\Program Files\speedapps\tbspee.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IEPR] C:\DOCUME~1\COMPAQ~1\LOCALS~1\TempImages\IEPR.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: SearchIn1Step Service - SearchInOneStep.com, Inc. - C:\Program Files\SearchIn1Step\searchin1.exe

--
End of file - 11371 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:38 PM

Posted 01 December 2008 - 06:34 PM

Hello, milkchoc
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 milkchoc

milkchoc
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 04 December 2008 - 08:01 AM

Hello Billy, thanks for helping.

When I run OTViewIt for the first time, my PC auto-restarted. Then gave me a The system has recovered from a serious error message with error reporting to MS.

Tried running second time: a window popped up with title Windows - No Disk with message Exception Procession Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

I clicked Continue button twice with same message, then clicked Try again with same result. Finally clicked the Cancel button.

Here's the OTViewIt.txt file:

OTViewIt logfile created on: 04/12/2008 20:23:38 - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.76% Memory free
3.35 Gb Paging File | 2.96 Gb Available in Paging File | 88.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 259.46 Gb Total Space | 136.27 Gb Free Space | 52.52% Space Free | Partition Type: NTFS
Drive D: | 38.62 Gb Total Space | 33.43 Gb Free Space | 86.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TANGFAMILYPC
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/04/14 08:12:33 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 13:12:17 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/11/27 19:01:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/11/15 22:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2007/08/28 01:59:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/07/04 07:12:16 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2001/08/07 14:27:44 | 00,049,152 | ---- | M] ( Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\SDPASVC.EXE
[2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2008/04/14 08:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/09/22 01:41:10 | 01,605,740 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[2008/04/14 08:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/11/27 18:38:03 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2005/12/06 13:08:42 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
[2005/11/04 15:05:10 | 00,090,112 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
[2006/09/19 09:07:28 | 00,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
[2008/11/27 19:01:08 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/10/20 23:37:06 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\TempImages\IEPR.exe
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/01/03 22:55:13 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/02/10 07:56:12 | 00,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/12/04 20:17:51 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 13:12:17 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
[2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
[2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/11/27 19:01:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/11/15 22:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2007/08/28 01:59:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Stopped])
[2001/08/07 14:27:44 | 00,049,152 | ---- | M] ( Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\SDPASVC.EXE -- (SDPASVC [Auto | Running])
[2008/10/17 04:11:26 | 00,005,120 | ---- | M] (SearchInOneStep.com, Inc.) -- C:\Program Files\SearchIn1Step\searchin1.exe -- (SearchIn1Step Service [Auto | Stopped])
[2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/08/30 06:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/03/10 05:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2008/08/29 13:12:16 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/04 07:12:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/04/13 08:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2006/04/13 08:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2006/04/13 08:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2008/04/14 02:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/08/28 01:59:00 | 06,811,168 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/07/04 15:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004/08/04 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/08/19 03:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/02/25 12:54:56 | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/04 12:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/03/27 18:19:36 | 10,252,544 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3 [On_Demand | Running])
[2008/04/14 02:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com.sg/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q106&bd=presario&pf=desktop
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q106&bd=presario&pf=desktop

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q106&bd=presario&pf=desktop
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q106&bd=presario&pf=desktop

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com.sg/

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (289561 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
9975 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{d9c9a8c9-460d-4343-888e-ae02bcc3ce57} (HKLM) -- C:\Program Files\speedapps\tbspee.dll (Conduit Ltd.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}" (HKLM) -- C:\Program Files\speedapps\tbspee.dll (Conduit Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D9C9A8C9-460D-4343-888E-AE02BCC3CE57}" (HKLM) -- C:\Program Files\speedapps\tbspee.dll (Conduit Ltd.)

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D9C9A8C9-460D-4343-888E-AE02BCC3CE57}" (HKLM) -- C:\Program Files\speedapps\tbspee.dll (Conduit Ltd.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"FixCamera"=C:\WINDOWS\FixCamera.exe ()
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect ()
"PCDrProfiler"= File not found
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"snpstd3"=C:\WINDOWS\vsnpstd3.exe ()
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
"IEPR"=C:\DOCUME~1\COMPAQ~1\LOCALS~1\TempImages\IEPR.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
"IEPR"=C:\DOCUME~1\COMPAQ~1\LOCALS~1\TempImages\IEPR.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/01/03 22:55:13 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
[2006/02/10 07:56:20 | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
[2006/11/21 14:53:14 | 00,262,944 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: Create Mobile Favorite -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: Create Mobile Favorite... -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/09/23 14:17:08 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Button: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/08/23 21:02:58 | 00,000,706 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Menu: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/08/23 21:02:58 | 00,000,706 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/7.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}: http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab -- CKAVWebScan Object
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{34F12AFD-E9B5-492A-85D2-40FA4535BE83}: http://www.symantec.com/techsupp/activedata/nprdtinf.cab -- AxProdInfoCtl Class
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab -- Windows Live Safety Center Base Module
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- Reg Error: Key does not exist or could not be opened.
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab -- Minesweeper Flags Class

========== (O17) DNS Name Servers ==========

{4F53222B-8539-45CD-B799-FB08CA5E8BA5} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{7273E436-DB66-4460-B05A-9B270F6C0824} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{8003D91E-0C71-4295-8A93-F7E0273C1AE4} (Servers: | Description: 1394 Net Adapter)
{99DE70B9-1F09-4FBB-88D4-E3163C9F2A32} (Servers: | Description: Windows Mobile-based Device)
{B6107643-D815-4685-A3EC-AB00D94D20FE} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/07/04 07:12:16 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/11/10 01:39:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69039024-0552-11dd-9285-00161721cf1c}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69039024-0552-11dd-9285-00161721cf1c}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69039024-0552-11dd-9285-00161721cf1c}\Shell\AutoRun\command]
""=J:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed12c2be-3ba0-11dd-92e5-00161721cf1c}\Shell\AutoRun\command]
""=F:\wdsync.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/12/04 20:17:45 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe
[2008/12/02 18:24:19 | 00,000,000 | -HSD | C] -- C:\found.000
[2008/11/29 14:43:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/21 18:44:56 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2008/11/21 18:40:52 | 00,735,814 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cc_20081121_184029.reg
[2008/11/21 18:33:00 | 02,955,128 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Compaq_Owner\Desktop\ccsetup213.exe
[2008/11/17 20:25:01 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2008/11/17 20:24:47 | 00,001,205 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Windows Mobile® Device Handbook.lnk
[2008/11/17 20:24:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Mobile Device Handbook
[2008/11/12 16:27:24 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/12 16:26:28 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/04 20:20:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/04 20:20:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/04 20:20:08 | 16,090,93120 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/04 20:17:51 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe
[2008/12/04 20:16:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/12/04 20:13:54 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/03 23:10:26 | 30,478,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/03 23:10:26 | 00,077,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/30 22:57:15 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2008/11/30 08:12:02 | 00,138,240 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/27 20:51:08 | 00,483,988 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/27 20:51:08 | 00,411,348 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/27 20:51:08 | 00,065,500 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/23 20:05:56 | 00,289,561 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/23 20:05:35 | 00,289,561 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081123-200556.backup
[2008/11/21 18:41:32 | 00,735,814 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cc_20081121_184029.reg
[2008/11/21 18:33:00 | 02,955,128 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Compaq_Owner\Desktop\ccsetup213.exe
[2008/11/17 20:24:47 | 00,001,205 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Windows Mobile® Device Handbook.lnk
[2008/11/06 20:55:57 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
< End of report >

and the Extra.txt file:

OTViewIt Extras logfile created on: 04/12/2008 20:23:38 - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.76% Memory free
3.35 Gb Paging File | 2.96 Gb Available in Paging File | 88.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 259.46 Gb Total Space | 136.27 Gb Free Space | 52.52% Space Free | Partition Type: NTFS
Drive D: | 38.62 Gb Total Space | 33.43 Gb Free Space | 86.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TANGFAMILYPC
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/01/03 22:55:13 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/02 21:02:16 | 00,582,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/09/09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/01/03 22:55:13 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/04/21 00:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/04/20 21:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/04/20 23:43:46 | 00,087,640 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2006/02/17 00:19:34 | 00,192,512 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2006/02/16 22:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/04/21 00:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2006/02/15 10:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/04/21 00:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2006/02/09 16:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2006/02/09 16:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/04/20 23:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2006/02/19 05:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
File not found -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008/08/29 13:09:48 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2006/11/03 15:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/06/20 01:51:30 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/10/28 17:45:02 | 00,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/02 21:02:16 | 00,582,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/09/09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/09/23 14:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/04 07:12:50 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/09 00:03:44 | 00,064,000 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 17:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/09 00:03:44 | 00,064,000 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/23 14:17:06 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055A0044-64A6-4248-A026-9745C1E9E159}"=Microsoft Encarta Encyclopedia Standard 2005
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}"=SlideShow
"{0ED712EE-1816-4D69-80A8-C65078B24BFE}"=X-Men Creative Studio
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}"=cp_OnlineProjectsConfig
"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}"=c5100_Help
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}"=Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}"=SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}"=PanoStandAlone
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}"=HP Boot Optimizer
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}"=CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{4817189D-1785-4627-A33C-39FD90919300}"=The Sims 2 Pets
"{48B82226-75E3-4E90-92CC-D30F79EA6380}"=Norton Security Scan
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}"=HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}"=The Sims™ 2 Teen Style Stuff
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5D4A033A-A286-44BE-A0F0-B05FAC25D07F}"=Windows Live Beta (all programs)
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}"=The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}"=RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6755A780-599A-11D5-A8D4-00010287680B}"=Panasonic USB R/W Driver for SD Memory Card
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}"=The Sims 2 Family Fun Stuff
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}"=The Sims™ 2 IKEA® Home Stuff
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{78AC782A-C708-4B21-A3A0-ECD4A3284588}"=Windows Live Call
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}"=The Sims 2 Open For Business
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}"=LightScribe 1.4.56.1
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110002467}"=Inspector-Parker
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110074983}"=BeTrapped!
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110075733}"=Chainz
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110099903}"=Magic Inlay
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}"=Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}"=Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11015843}"=Ricochet Lost Worlds
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}"=Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110166840}"=Ballistik
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110176513}"=Feeding Frenzy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110194827}"=Jewel Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}"=Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110250590}"=A Series of Unfortunate Events
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110261550}"=Shape Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}"=Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11028247}"=Cubis Gold 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}"=Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110294723}"=Mah Jong Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110313550}"=Jigsaw 365
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110325350}"=Mah Jong Medley
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110353813}"=Magic Ball 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110375480}"=Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}"=Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110379827}"=Wonderland - Secret Worlds
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}"=Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11042853}"=Tumblebugs
"{8318FEFD-F467-44D6-82B8-129374BFE9B1}"=Opera 9.62
"{8331C3EA-0C91-43AA-A4D4-27221C631139}"=Status
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}"=The Sims™ 2 H&M® Fashion Stuff
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}"=The Sims™ 2 FreeTime
"{8984E374-6C93-427C-A3B9-AD92472FDCA0}"=Windows Live Sign-in Assistant
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}"=DocProc
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}"=The Sims 2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}"=The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}"=Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0014-0000-0000-0000000FF1CE}"=Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{9743AF47-B746-4324-B4C4-512E67D04370}"=Symantec Technical Support Web Controls
"{99052DB7-9592-4522-A558-5417BBAD48EE}"=Microsoft ActiveSync
"{996512CF-F35B-48DE-9291-557FA5316967}"=ScannerCopy
"{9969E257-F5B5-4F48-A45C-12899852383D}"=デコの輪ツール
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}"=The Sims 2 Glamour Life Stuff
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}"=InstantShareDevices
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B1403D7D-C725-4858-AACC-7E5FA2D72859}"=Windows Live Messenger
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}"=cp_PosterPrintConfig
"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}"=C5100
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6286A44-7505-471A-A72B-04EC2DB2F442}"=CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}"=CP_Panorama1Config
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}"=HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}"=HP Photosmart, Officejet and Deskjet 7.0.A
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}"=PhotoGallery
"{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}"=Contacts
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}"=SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}"=TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}"=The Sims™ 2 Seasons
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}"=MarketResearch
"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}"=PC Camera-168
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}"=CP_CalendarTemplates1
"{F157460F-720E-482f-8625-AD7843891E5F}"=InstantShareDevicesMFC
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}"=The Sims™ 2 Bon Voyage
"{F3760724-B29D-465B-BC53-E5D72095BCC4}"=Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}"=The Sims 2 Nightlife
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FB15E224-67C3-491F-9F5C-F257BC418412}"=Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}"=Byki
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}"=DocumentViewer
"7-Zip"=7-Zip 4.57
"AC3Filter"=AC3Filter (remove only)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"AIM_6"=AIM 6
"Audacity_is1"=Audacity 1.2.6
"AVG8Uninstall"=AVG Free 8.0
"AviSynth"=AviSynth 2.5
"Byki Express"=Byki Express
"CCleaner"=CCleaner (remove only)
"ffdshow_is1"=ffdshow [rev 1443] [2007-08-29]
"Free Video to Mp3 Converter_is1"=Free Video to Mp3 Converter version 3.1
"GOM Player"=GOM Player
"HijackThis"=HijackThis 2.0.2
"HP Document Viewer"=HP Document Viewer 7.0
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Photo & Imaging"=HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools"=HP Solution Center 7.0
"HPExtendedCapabilities"=HP Customer Participation Program 7.0
"HPOCR"=OCR Software by I.R.I.S 7.0
"HPOOVClient-5577497 Uninstaller"=Compaq Connections (remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ImTOO PSP Video Converter"=ImTOO PSP Video Converter
"InstallShield_{0ED712EE-1816-4D69-80A8-C65078B24BFE}"=X-Men Creative Studio
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"Kaspersky Online Scanner"=Kaspersky Online Scanner
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MPEG2 Codec(libmpeg2/mad)"=MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PC-Doctor 5 for Windows"=PC-Doctor 5 for Windows
"PROR"=Microsoft Office Professional 2007
"PS2"=PS2
"PSPVideoExpress"=PSP Video Express(remove only)
"Python 2.2.3"=Python 2.2.3
"pywin32-py2.2"=Python 2.2 pywin32 extensions (build 203)
"SearchIn1Step"=SearchInOneStep 1.0 build 154
"Shockwave"=Shockwave
"speedapps Toolbar"=speedapps Toolbar
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"SystemRequirementsLab"=System Requirements Lab
"Uninstall_is1"=Uninstall 1.0.0.1
"VLC media player"=VideoLAN VLC media player 0.8.6f
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows Mobile Device Handbook"=Windows Mobile® Device Handbook
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinGimp-2.0_is1"=GIMP 2.4.6
"WinLiveSuite_Wave3"=Windows Live Beta (all programs)
"Wisdom-soft ScreenHunter 5.0 Free"=Wisdom-soft ScreenHunter 5.0 Free
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD"=XviD MPEG-4 Codec
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Widget Engine"=Yahoo! Widgets
"YInstHelper"=Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:37 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:37 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

[ OSession Events ]
Error - 17/02/2008 01:34:42 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 326 seconds with 180 seconds of active time. This session ended with a crash.

Error - 28/03/2008 09:28:09 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 678 seconds with 660 seconds of active time. This session ended with a crash.

Error - 03/05/2008 01:24:04 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 11216 seconds with 3060 seconds of active time. This session ended with
a crash.

Error - 12/05/2008 06:07:52 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 184 seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/06/2008 09:14:27 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 11546
seconds with 2460 seconds of active time. This session ended with a crash.

Error - 19/06/2008 11:51:47 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2749 seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/11/2008 05:36:45 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 63
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/12/2008 08:14:18 | Computer Name = TANGFAMILYPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SearchIn1Step Service
service to connect.

Error - 04/12/2008 08:20:52 | Computer Name = TANGFAMILYPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SearchIn1Step Service
service to connect.

Error - 04/12/2008 08:21:53 | Computer Name = TANGFAMILYPC | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 8063297e, parameter3
b5c7b8dc, parameter4 00000000.


< End of report >

Finally, GMER's Log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-04 20:47:42
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.14 ----

Process C:\WINDOWS\system32\HPZipm12.exe (*** hidden *** ) 3308

---- EOF - GMER 1.0.14 ----

Thanks again! :thumbsup:

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:38 PM

Posted 04 December 2008 - 05:48 PM

Hello, milkchoc
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]
    [-HKEY_CLASSES_ROOT\CLSID\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{D9C9A8C9-460D-4343-888E-AE02BCC3CE57}"=-
    [HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=-
    [HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{D9C9A8C9-460D-4343-888E-AE02BCC3CE57}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PCDrProfiler"=-
    :files
    C:\Program Files\speedapps
    C:\Program Files\SearchIn1Step
    :services
    SearchIn1Step Service
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • A New OTVIewIt Main.txt
  • A New OTViewIt Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 milkchoc

milkchoc
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 05 December 2008 - 08:33 AM

OTMoveIt3 Log:

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9c9a8c9-460d-4343-888e-ae02bcc3ce57}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D9C9A8C9-460D-4343-888E-AE02BCC3CE57} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9C9A8C9-460D-4343-888E-AE02BCC3CE57}\ not found.
Registry value HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D9C9A8C9-460D-4343-888E-AE02BCC3CE57} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9C9A8C9-460D-4343-888E-AE02BCC3CE57}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
========== FILES ==========
C:\Program Files\speedapps moved successfully.
C:\Program Files\SearchIn1Step moved successfully.
========== SERVICES/DRIVERS ==========
Service SearchIn1Step Service stopped successfully.
Service SearchIn1Step Service deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFA95C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4fc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Opera cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12052008_211651

Files moved on Reboot...
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\WCESLog.log moved successfully.
File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFA95C.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4fc.dat not found!


New OTViewIt Main.txt:

OTViewIt logfile created on: 05/12/2008 21:22:44 - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 64.66% Memory free
3.35 Gb Paging File | 2.93 Gb Available in Paging File | 87.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 259.46 Gb Total Space | 136.35 Gb Free Space | 52.55% Space Free | Partition Type: NTFS
Drive D: | 38.62 Gb Total Space | 33.43 Gb Free Space | 86.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TANGFAMILYPC
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 13:12:17 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/11/27 19:01:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2005/11/15 22:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2007/08/28 01:59:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2001/08/07 14:27:44 | 00,049,152 | ---- | M] ( Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\SDPASVC.EXE
[2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
[2008/07/04 07:12:16 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/14 08:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/04/14 08:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/09/22 01:41:10 | 01,605,740 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[2008/04/14 08:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/11/27 18:38:03 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2005/12/06 13:08:42 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
[2005/11/04 15:05:10 | 00,090,112 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
[2006/09/19 09:07:28 | 00,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
[2008/11/27 19:01:08 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/10/20 23:37:06 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\TempImages\IEPR.exe
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/01/03 22:55:13 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/02/10 07:56:12 | 00,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
[2008/12/04 20:17:51 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 13:12:17 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/05/20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
[2004/10/16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
[2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/11/27 19:01:08 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/11/15 22:23:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2007/08/28 01:59:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Stopped])
[2001/08/07 14:27:44 | 00,049,152 | ---- | M] ( Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\SDPASVC.EXE -- (SDPASVC [Auto | Running])
[2001/05/01 17:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/08/30 06:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/03/10 05:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2008/08/29 13:12:16 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/04 07:12:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/12/04 20:30:03 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2006/04/13 08:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2006/04/13 08:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2006/04/13 08:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2008/04/14 02:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/08/28 01:59:00 | 06,811,168 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/07/04 15:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004/08/04 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/08/19 03:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/02/25 12:54:56 | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/04 12:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/03/27 18:19:36 | 10,252,544 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3 [On_Demand | Running])
[2008/04/14 02:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com.sg/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q106&bd=presario&pf=desktop
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q106&bd=presario&pf=desktop

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q106&bd=presario&pf=desktop
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q106&bd=presario&pf=desktop

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com.sg/

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (289561 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 136136.net
127.0.0.1 www.136136.net
127.0.0.1 163ns.com
127.0.0.1 www.163ns.com
9975 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"FixCamera"=C:\WINDOWS\FixCamera.exe ()
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect ()
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"snpstd3"=C:\WINDOWS\vsnpstd3.exe ()
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
"IEPR"=C:\DOCUME~1\COMPAQ~1\LOCALS~1\TempImages\IEPR.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
"IEPR"=C:\DOCUME~1\COMPAQ~1\LOCALS~1\TempImages\IEPR.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/01/03 22:55:13 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
[2006/02/10 07:56:20 | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
[2006/11/21 14:53:14 | 00,262,944 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: Create Mobile Favorite -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: Create Mobile Favorite... -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/09/23 14:17:08 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Button: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/08/23 21:02:58 | 00,000,706 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Menu: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/08/23 21:02:58 | 00,000,706 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
43 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3709796375-1589296576-2340803681-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/7.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}: http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab -- CKAVWebScan Object
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{34F12AFD-E9B5-492A-85D2-40FA4535BE83}: http://www.symantec.com/techsupp/activedata/nprdtinf.cab -- AxProdInfoCtl Class
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab -- Windows Live Safety Center Base Module
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- Reg Error: Key does not exist or could not be opened.
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab -- Minesweeper Flags Class

========== (O17) DNS Name Servers ==========

{4F53222B-8539-45CD-B799-FB08CA5E8BA5} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{7273E436-DB66-4460-B05A-9B270F6C0824} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{8003D91E-0C71-4295-8A93-F7E0273C1AE4} (Servers: | Description: 1394 Net Adapter)
{99DE70B9-1F09-4FBB-88D4-E3163C9F2A32} (Servers: | Description: Windows Mobile-based Device)
{B6107643-D815-4685-A3EC-AB00D94D20FE} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/07/04 07:12:16 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/11/10 01:39:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69039024-0552-11dd-9285-00161721cf1c}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69039024-0552-11dd-9285-00161721cf1c}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69039024-0552-11dd-9285-00161721cf1c}\Shell\AutoRun\command]
""=J:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed12c2be-3ba0-11dd-92e5-00161721cf1c}\Shell\AutoRun\command]
""=F:\wdsync.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/12/05 21:16:51 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/05 21:13:33 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTMoveIt3.exe
[2008/12/04 20:30:05 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/04 20:30:03 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/04 20:30:03 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/04 20:30:03 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/04 20:30:03 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/04 20:28:39 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2008/12/04 20:17:45 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe
[2008/12/02 18:24:19 | 00,000,000 | -HSD | C] -- C:\found.000
[2008/11/29 14:43:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/21 18:44:56 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2008/11/21 18:40:52 | 00,735,814 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cc_20081121_184029.reg
[2008/11/21 18:33:00 | 02,955,128 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Compaq_Owner\Desktop\ccsetup213.exe
[2008/11/17 20:25:01 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2008/11/17 20:24:47 | 00,001,205 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Windows Mobile® Device Handbook.lnk
[2008/11/17 20:24:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Mobile Device Handbook
[2008/11/12 16:27:24 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/12 16:26:28 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/05 21:22:27 | 00,243,088 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/05 21:18:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/05 21:18:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/05 21:18:45 | 16,090,93120 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/05 21:16:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/12/05 21:13:39 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTMoveIt3.exe
[2008/12/04 21:29:19 | 30,573,709 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/04 20:30:05 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/04 20:30:03 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/04 20:30:03 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/04 20:30:03 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/04 20:29:10 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2008/12/04 20:29:10 | 00,811,008 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe
[2008/12/04 20:28:39 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2008/12/04 20:17:51 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe
[2008/12/04 20:13:54 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/03 23:10:26 | 00,077,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/30 22:57:15 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2008/11/30 08:12:02 | 00,138,240 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/27 20:51:08 | 00,483,988 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/27 20:51:08 | 00,411,348 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/27 20:51:08 | 00,065,500 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/23 20:05:56 | 00,289,561 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/23 20:05:35 | 00,289,561 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081123-200556.backup
[2008/11/21 18:41:32 | 00,735,814 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\cc_20081121_184029.reg
[2008/11/21 18:33:00 | 02,955,128 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Compaq_Owner\Desktop\ccsetup213.exe
[2008/11/17 20:24:47 | 00,001,205 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Windows Mobile® Device Handbook.lnk
[2008/11/06 20:55:57 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
< End of report >


New OTViewIt Extra.txt:

OTViewIt Extras logfile created on: 05/12/2008 21:22:44 - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 64.66% Memory free
3.35 Gb Paging File | 2.93 Gb Available in Paging File | 87.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 259.46 Gb Total Space | 136.35 Gb Free Space | 52.55% Space Free | Partition Type: NTFS
Drive D: | 38.62 Gb Total Space | 33.43 Gb Free Space | 86.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TANGFAMILYPC
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/01/03 22:55:13 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/02 21:02:16 | 00,582,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/09/09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 08:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/01/03 22:55:13 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections
[2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2006/04/21 00:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2006/04/20 21:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2006/04/20 23:43:46 | 00,087,640 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2006/02/17 00:19:34 | 00,192,512 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2006/02/16 22:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2006/04/21 00:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2006/02/15 10:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2006/04/21 00:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2006/02/09 16:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2006/02/09 16:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2006/04/20 23:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2006/02/19 05:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
File not found -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/05/21 04:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008/08/29 13:09:48 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
File not found -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2006/11/03 15:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/06/20 01:51:30 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/10/28 17:45:02 | 00,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
[2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/02 21:02:16 | 00,582,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2008/09/09 00:02:40 | 03,513,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/09/23 14:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/04 07:12:50 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/09 00:03:44 | 00,064,000 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 17:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/09 00:03:44 | 00,064,000 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/23 14:17:06 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055A0044-64A6-4248-A026-9745C1E9E159}"=Microsoft Encarta Encyclopedia Standard 2005
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}"=SlideShow
"{0ED712EE-1816-4D69-80A8-C65078B24BFE}"=X-Men Creative Studio
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}"=cp_OnlineProjectsConfig
"{1A9DEF19-760C-4e01-958F-D9B8E6C61B90}"=c5100_Help
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}"=Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}"=SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}"=PanoStandAlone
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}"=HP Boot Optimizer
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}"=CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{4817189D-1785-4627-A33C-39FD90919300}"=The Sims 2 Pets
"{48B82226-75E3-4E90-92CC-D30F79EA6380}"=Norton Security Scan
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}"=HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}"=The Sims™ 2 Teen Style Stuff
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5D4A033A-A286-44BE-A0F0-B05FAC25D07F}"=Windows Live Beta (all programs)
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}"=The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}"=RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6755A780-599A-11D5-A8D4-00010287680B}"=Panasonic USB R/W Driver for SD Memory Card
"{68763C27-235D-4165-A961-FDEA228CE504}"=AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}"=The Sims 2 Family Fun Stuff
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}"=The Sims™ 2 IKEA® Home Stuff
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}"=Readme
"{78AC782A-C708-4B21-A3A0-ECD4A3284588}"=Windows Live Call
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}"=The Sims 2 Open For Business
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}"=ProductContextNPI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}"=LightScribe 1.4.56.1
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110002467}"=Inspector-Parker
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110074983}"=BeTrapped!
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110075733}"=Chainz
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110099903}"=Magic Inlay
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}"=Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}"=Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11015843}"=Ricochet Lost Worlds
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}"=Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110166840}"=Ballistik
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110176513}"=Feeding Frenzy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110194827}"=Jewel Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}"=Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110250590}"=A Series of Unfortunate Events
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110261550}"=Shape Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}"=Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11028247}"=Cubis Gold 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}"=Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110294723}"=Mah Jong Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110313550}"=Jigsaw 365
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110325350}"=Mah Jong Medley
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110353813}"=Magic Ball 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110375480}"=Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}"=Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110379827}"=Wonderland - Secret Worlds
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}"=Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11042853}"=Tumblebugs
"{8318FEFD-F467-44D6-82B8-129374BFE9B1}"=Opera 9.62
"{8331C3EA-0C91-43AA-A4D4-27221C631139}"=Status
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}"=The Sims™ 2 H&M® Fashion Stuff
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}"=The Sims™ 2 FreeTime
"{8984E374-6C93-427C-A3B9-AD92472FDCA0}"=Windows Live Sign-in Assistant
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}"=DocProc
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}"=The Sims 2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}"=The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}"=Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0014-0000-0000-0000000FF1CE}"=Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{9743AF47-B746-4324-B4C4-512E67D04370}"=Symantec Technical Support Web Controls
"{99052DB7-9592-4522-A558-5417BBAD48EE}"=Microsoft ActiveSync
"{996512CF-F35B-48DE-9291-557FA5316967}"=ScannerCopy
"{9969E257-F5B5-4F48-A45C-12899852383D}"=デコの輪ツール
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}"=The Sims 2 Glamour Life Stuff
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}"=InstantShareDevices
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B1403D7D-C725-4858-AACC-7E5FA2D72859}"=Windows Live Messenger
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}"=cp_PosterPrintConfig
"{B3B9BC18-2A09-4728-9B46-12E85FF3F628}"=C5100
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6286A44-7505-471A-A72B-04EC2DB2F442}"=CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}"=CP_Panorama1Config
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}"=HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}"=HP Photosmart, Officejet and Deskjet 7.0.A
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}"=PhotoGallery
"{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}"=Contacts
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}"=SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}"=TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}"=The Sims™ 2 Seasons
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}"=MarketResearch
"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}"=PC Camera-168
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}"=CP_CalendarTemplates1
"{F157460F-720E-482f-8625-AD7843891E5F}"=InstantShareDevicesMFC
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}"=The Sims™ 2 Bon Voyage
"{F3760724-B29D-465B-BC53-E5D72095BCC4}"=Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}"=Fax_CDA
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}"=The Sims 2 Nightlife
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FB15E224-67C3-491F-9F5C-F257BC418412}"=Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}"=NewCopy_CDA
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}"=Byki
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}"=DocumentViewer
"7-Zip"=7-Zip 4.57
"AC3Filter"=AC3Filter (remove only)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"AIM_6"=AIM 6
"Audacity_is1"=Audacity 1.2.6
"AVG8Uninstall"=AVG Free 8.0
"AviSynth"=AviSynth 2.5
"Byki Express"=Byki Express
"CCleaner"=CCleaner (remove only)
"ffdshow_is1"=ffdshow [rev 1443] [2007-08-29]
"Free Video to Mp3 Converter_is1"=Free Video to Mp3 Converter version 3.1
"GOM Player"=GOM Player
"HijackThis"=HijackThis 2.0.2
"HP Document Viewer"=HP Document Viewer 7.0
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Photo & Imaging"=HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools"=HP Solution Center 7.0
"HPExtendedCapabilities"=HP Customer Participation Program 7.0
"HPOCR"=OCR Software by I.R.I.S 7.0
"HPOOVClient-5577497 Uninstaller"=Compaq Connections (remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ImTOO PSP Video Converter"=ImTOO PSP Video Converter
"InstallShield_{0ED712EE-1816-4D69-80A8-C65078B24BFE}"=X-Men Creative Studio
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"Kaspersky Online Scanner"=Kaspersky Online Scanner
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MPEG2 Codec(libmpeg2/mad)"=MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PC-Doctor 5 for Windows"=PC-Doctor 5 for Windows
"PROR"=Microsoft Office Professional 2007
"PS2"=PS2
"PSPVideoExpress"=PSP Video Express(remove only)
"Python 2.2.3"=Python 2.2.3
"pywin32-py2.2"=Python 2.2 pywin32 extensions (build 203)
"SearchIn1Step"=SearchInOneStep 1.0 build 154
"Shockwave"=Shockwave
"speedapps Toolbar"=speedapps Toolbar
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"SystemRequirementsLab"=System Requirements Lab
"Uninstall_is1"=Uninstall 1.0.0.1
"VLC media player"=VideoLAN VLC media player 0.8.6f
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows Mobile Device Handbook"=Windows Mobile® Device Handbook
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinGimp-2.0_is1"=GIMP 2.4.6
"WinLiveSuite_Wave3"=Windows Live Beta (all programs)
"Wisdom-soft ScreenHunter 5.0 Free"=Wisdom-soft ScreenHunter 5.0 Free
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD"=XviD MPEG-4 Codec
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Widget Engine"=Yahoo! Widgets
"YInstHelper"=Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:34 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:37 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 02/12/2008 11:04:37 | Computer Name = TANGFAMILYPC | Source = nview_info | ID = 11141121
Description =

Error - 05/12/2008 09:12:15 | Computer Name = TANGFAMILYPC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/12/2008 09:12:20 | Computer Name = TANGFAMILYPC | Source = Application Hang | ID = 1001
Description = Fault bucket 939517030.

[ OSession Events ]
Error - 17/02/2008 01:34:42 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 326 seconds with 180 seconds of active time. This session ended with a crash.

Error - 28/03/2008 09:28:09 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 678 seconds with 660 seconds of active time. This session ended with a crash.

Error - 03/05/2008 01:24:04 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 11216 seconds with 3060 seconds of active time. This session ended with
a crash.

Error - 12/05/2008 06:07:52 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 184 seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/06/2008 09:14:27 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 11546
seconds with 2460 seconds of active time. This session ended with a crash.

Error - 19/06/2008 11:51:47 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2749 seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/11/2008 05:36:45 | Computer Name = TANGFAMILYPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 63
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/12/2008 09:31:24 | Computer Name = TANGFAMILYPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SearchIn1Step Service
service to connect.

Error - 04/12/2008 09:35:46 | Computer Name = TANGFAMILYPC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 210.24.225.23 on
the Network Card with network address 00161721CF1C.

Error - 04/12/2008 09:36:23 | Computer Name = TANGFAMILYPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SearchIn1Step Service
service to connect.

Error - 04/12/2008 09:48:20 | Computer Name = TANGFAMILYPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SearchIn1Step Service
service to connect.

Error - 05/12/2008 09:08:52 | Computer Name = TANGFAMILYPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SearchIn1Step Service
service to connect.


< End of report >

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:38 PM

Posted 05 December 2008 - 04:02 PM

Hello, milkchoc

That's looking much better. How are things running?

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 milkchoc

milkchoc
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 06 December 2008 - 04:26 AM

Hello Billy,

When I tried to download the java update, my browser tried to open the LINK REMOVED site again...

2nd try ok, followed by deleting the old java versions as instructed and reboot.

Installed JRE Version 11. Ran ESET OnlineScan with No threats found.

Here is the ESET onlineScan Log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3668 (20081206)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=62581d494d101942889cee7514178e7b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-06 08:47:05
# local_time=2008-12-06 04:47:05 (+0800, Malay Peninsula Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=403722
# found=0
# scan_time=4909

Thanks for your help! :thumbsup:

EDIT: Removed hot link. ~ Billy3

Edited by Billy O'Neal, 06 December 2008 - 01:57 PM.


#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:38 PM

Posted 06 December 2008 - 05:06 PM

Hello, milkchoc

Hmm... any symptoms remain other than the redirect?

We Need to Verify your DNS Configuration
  • Please download DNSCheck and save it to your desktop.
  • Double click Posted Image on your desktop.
  • Follow the on-screen instructions. When done, a log will open, and be saved to the desktop.
  • Please copy and paste that log in your next reply.
In your next reply, please include the following:
  • DNSCheck's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 milkchoc

milkchoc
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 06 December 2008 - 11:52 PM

Hello Billy,

When booting up PC, it went as far as displaying the full desktop and icons, then restarted by itself. went into automatic CHKDSK but found nothing and then boots up normally.

Read your post, downloaded DNSCheck exit IE7. Ran DNSCheck.

Restart IE7 and typed in Forum page address. Got message Internet Explorer cannot open http://www.bleepingcomputer.com/forums/, Operation Aborted...

Pressed Refresh, page loaded ok. Log in and now posting this reply.

Here is the DNSCheckLog:

DNSCheck v.0.8.13
Checking No-Exist Redirector
Fake name: tnoqeachmilsljllsmhy.com
Fails to forward resolve. -- OK!
Checking site: google.com
Fails NSLOOKUP forward resolution. -- WARNING!
DNSAPI returns:
209.85.171.100: resolves to cg-in-f100.google.com -- OK!
72.14.205.100: resolves to qb-in-f100.google.com -- OK!
74.125.45.100: resolves to yx-in-f100.google.com -- OK!
Checking site: yahoo.com
Fails NSLOOKUP forward resolution. -- WARNING!
DNSAPI returns:
206.190.60.37: resolves to w2.rc.vip.re4.yahoo.com -- OK!
68.180.206.184: resolves to w2.rc.vip.sp1.yahoo.com -- OK!
Checking site: bleepingcomputer.com
Fails NSLOOKUP forward resolution. -- WARNING!
DNSAPI returns:
208.43.87.2: resolves to www.bleepingcomputer.com -- OK!
Checking site: geekstogo.com
Fails NSLOOKUP forward resolution. -- WARNING!
DNSAPI returns:
208.43.44.138: resolves to geek15.geekstogo.com -- OK!
Checking site: malwarebytes.org
Fails NSLOOKUP forward resolution. -- WARNING!
DNSAPI returns:
69.162.79.74: resolves to alpha.malwarebytes.org -- OK!

One other thing I also noticed is my AVG Anti-Virus Free Edition is always showing an Exclamation Mark on the taskbar icon, and when I right-click and select Update, it gives the message "Update was finished successfully. The update requires restart". I tried restarting but the same condition appears. I think it is not updating the system anyway. The Exclamation Mark situation has been around before I started this thread, and the re-boot required from last week...Do you suggest uninstalling and Re-install AVG (or use another anti-virus program such as Avast)?

Many thanks for your advice. :thumbsup:

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:38 PM

Posted 07 December 2008 - 01:16 PM

Hello, milkchoc
I've personally had problems with AVG as of late. I recomend Avira from here:
http://free-av.com

Looks like we need to take a more in-depth look here.

Please ensure the log is attached to your next post because it will be too long to post :thumbsup:

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Under Rootkit Search click Yes
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).
Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.

In your next reply, please include the following:
  • OTScanIt.txt (Attached)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 milkchoc

milkchoc
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 07 December 2008 - 09:48 PM

Hello Billy,

Downloaded and ran ATF cleaner on Main & Opera.

Downloaded and ran OTScanIt2.exe, attached is the log file

Thanks! :thumbsup:

Attached Files



#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:38 PM

Posted 07 December 2008 - 10:18 PM

Alright.. please hold on a bit. There are some oddities in that log that I want to get some other, more experienced, eyeballs on.

Stay tuned!

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:38 PM

Posted 08 December 2008 - 09:53 PM

Hello, milkchoc
You may have a SmitFraud variant. I need to gather some more information. Please follow these instructions:
  • Please download SmitfraudFix, and save it to your desktop.
  • Double-click SmitfraudFix.exe, on your desktop.
  • Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
  • Please copy/paste the content of that report into your next reply.
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Look here for more details.

In your next reply, please include the following:
  • SmitFraudFix's Rapport.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 milkchoc

milkchoc
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 09 December 2008 - 09:24 AM

Hello Billy,

When starting IE7 and loading the Forum main page, still receive message: Internet Explorer cannot open http://www.bleepingcomputer.com/forums/, Operation Aborted... but the page seemed to have loaded ok. I press F5 and the message did not appear again.


Here is the Rapport.txt file:

SmitFraudFix v2.381

Scan done at 22:15:45.60, 09/12/2008
Run from C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\TempImages\IEPR.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4F53222B-8539-45CD-B799-FB08CA5E8BA5}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7273E436-DB66-4460-B05A-9B270F6C0824}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4F53222B-8539-45CD-B799-FB08CA5E8BA5}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7273E436-DB66-4460-B05A-9B270F6C0824}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4F53222B-8539-45CD-B799-FB08CA5E8BA5}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7273E436-DB66-4460-B05A-9B270F6C0824}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4F53222B-8539-45CD-B799-FB08CA5E8BA5}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7273E436-DB66-4460-B05A-9B270F6C0824}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Thanks! :thumbsup:

Edited by milkchoc, 10 December 2008 - 01:39 AM.


#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:01:38 PM

Posted 09 December 2008 - 05:41 PM

Hello, milkchoc
I suspect a DNS Hijacker is Involved
  • Please reboot your computer in Safe Mode
  • Once in Safe Mode, double-click SmitfraudFix.exe
  • Select option #5 - Search and clean DNS Hijack by typing 5 and press "Enter".
  • A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

In your next reply, please include the following:
  • SmitFraudFix's Rapport.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users