Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Sysmgr.exe" I think i removed it but i dunno..


  • This topic is locked This topic is locked
5 replies to this topic

#1 SbrbnGangsta

SbrbnGangsta

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 25 November 2008 - 09:13 PM

A prog called sysmgr.exe i read online and used SDfix in safe mode after i disable system restore then fixed the registy values (I think) and the pop ups have stopped but i still dunno if its gone or w/e. Every time the IE would open and the site would come up and my firewall would ask to block somethings like 028.exe or 082.exe everytime. It hastn happened since i followed instructions.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Donna at 2008-11-25 17:55:42
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (16%) free of 76 GB
Total RAM: 511 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:55 PM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Donna\Desktop\RSIT.exe
C:\Program Files\trend micro\Donna.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKCU\..\Run: [12CFG94-z641-2SF-N31P-5M1ER6H6L1] C:\RECYCLER\S-1-5-21-3570885621-7942336168-133113875-2415\winigon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm860YYUS
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6982 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QOELOADER"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe [2008-04-05 6656]
"CaAvTray"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe [2008-04-05 230952]
"CAVRID"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe [2008-04-05 185896]
"Zone Labs Client"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe [2005-06-03 943880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"12CFG94-z641-2SF-N31P-5M1ER6H6L1"=C:\RECYCLER\S-1-5-21-3570885621-7942336168-133113875-2415\winigon.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-09-16 289088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\WINDOWS\system32\qttask.exe [2008-04-05 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
C:\WINDOWS\vsnp2std.exe [2006-09-15 675840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
C:\PROGRA~1\Belkin\USBF5D~1\WIRELE~1\BELKIN~1.EXE -T []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-10-11 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\ijji\ENGLISH\u_sf.exe"="C:\ijji\ENGLISH\u_sf.exe:*:Enabled:<ijji Downloader>"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\WINDOWS\Downloaded Program Files\PLauncher.exe"="C:\WINDOWS\Downloaded Program Files\PLauncher.exe:*:Enabled:PLauncher Application"
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe"="C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe"
"C:\Program Files\BYOND\bin\byond.exe"="C:\Program Files\BYOND\bin\byond.exe:*:Enabled:byond"
"C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe"="C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-11-25 17:56:00 ----D---- C:\Program Files\trend micro
2008-11-25 17:55:42 ----D---- C:\rsit
2008-11-25 02:18:42 ----A---- C:\WINDOWS\system32\msvcrt2.dll
2008-11-22 12:25:07 ----D---- C:\WINDOWS\ERUNT
2008-11-22 12:08:34 ----D---- C:\SDFix
2008-11-12 03:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:24:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 17:10:57 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-11-03 00:13:01 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-03 00:13:01 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-03 00:13:01 ----A---- C:\WINDOWS\system32\java.exe
2008-11-03 00:13:01 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-02 15:13:25 ----D---- C:\WINDOWS\Minidump
2008-11-01 13:59:45 ----D---- C:\Documents and Settings\Donna\Application Data\Design Science

======List of files/folders modified in the last 1 months======

2008-11-25 17:56:00 ----RD---- C:\Program Files
2008-11-25 16:00:17 ----D---- C:\WINDOWS\Prefetch
2008-11-25 16:00:14 ----D---- C:\WINDOWS\Temp
2008-11-25 15:51:38 ----D---- C:\WINDOWS\CAVTemp
2008-11-25 15:19:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-25 04:20:11 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-25 03:50:53 ----SHD---- C:\RECYCLER
2008-11-25 03:02:26 ----SHD---- C:\System Volume Information
2008-11-25 03:02:26 ----D---- C:\WINDOWS\system32\Restore
2008-11-25 02:29:00 ----D---- C:\WINDOWS\system32
2008-11-25 01:50:28 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-11-24 18:25:59 ----D---- C:\WINDOWS\Internet Logs
2008-11-24 01:24:17 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-11-22 22:47:03 ----D---- C:\WINDOWS\network diagnostic
2008-11-22 12:33:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-22 12:25:07 ----D---- C:\WINDOWS
2008-11-22 12:15:11 ----D---- C:\Documents and Settings
2008-11-14 07:48:39 ----HD---- C:\WINDOWS\inf
2008-11-14 07:46:43 ----D---- C:\WINDOWS\Help
2008-11-12 03:24:58 ----D---- C:\WINDOWS\system32\drivers
2008-11-12 03:24:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:24:44 ----A---- C:\WINDOWS\imsins.BAK
2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 00:12:34 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-04-05 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-04-05 15735]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-04-05 21031]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-04-05 26787]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-04-05 15478]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2005-06-03 279656]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-07-11 19200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-11 1777152]
R3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-10 402944]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-05-03 12039680]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-04-05 108360]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys []
S2 npkcrypt;npkcrypt; \??\C:\Nexon\Mabinogi\npkcrypt.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Donna\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva189;XDva189; \??\C:\WINDOWS\system32\XDva189.sys []
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys []
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-11 430080]
R2 CAISafe;CAISafe; C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe [2008-04-05 259624]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-03 152984]
R2 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2003-01-05 66872]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe [2008-04-05 202280]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2005-06-03 1210112]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-10-11 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-11-25 18:08:01

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\S3\S3\S3.isu"
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACD FotoSlate Plug-in-->C:\PROGRA~1\ACDSYS~1\PlugIns\\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\PlugIns\\INSTALL.LOG
ACDSee 4.0 Service Release 1-->MsiExec.exe /X{CD125857-F6CF-4452-8235-AEEE845CDAC4}
ACDSee 4.0-->MsiExec.exe /I{92605735-AAFB-47F7-A67D-17ED129EFF9C}
ACE Mega CoDecS Pack-->"C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\Setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{2390AB2C-FBE5-46DA-9332-D7DDB92B2A94}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Bejeweled 1.23-->C:\WINDOWS\UnGins.exe "C:\Program Files\PopCap Games\Bejeweled\install.log"
Build Your Own Net Dream (remove only)-->C:\Program Files\BYOND\Uninst.exe
CA eTrust Internet Security Suite-->"C:\Program Files\CA\eTrust Internet Security Suite\cauninst.exe" /u
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
DAEMON Tools-->MsiExec.exe /I{2DF9A978-DEA1-4433-805D-66790FC28C62}
Delta Force Land Warrior-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NovaLogic\Delta Force Land Warrior\Uninst.isu"
DivX 5.0.2 Pro Bundle-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Hellgate: London-->MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iolo technologies' System Mechanic-->C:\PROGRA~1\iolo\SYSTEM~1\Uninstall.exe
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
MathType 4-->"C:\Program Files\MathType\Dssetup.exe" -R
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Plus! for Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Nero 7 Demo-->MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Soldier Front-->"C:\Program Files\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
USB2.0 PC Camera (SN9C201&202)-->C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zip995-->C:\Program Files\Zip995\thinsetup.exe - uninstall

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: eTrust EZ Antivirus
FW: eTrust Personal Firewall Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=10
"HellgateEnv"=C:\Program Files\Flagship Studios\Hellgate London\

-----------------EOF-----------------
Posted Image

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:31 PM

Posted 01 December 2008 - 06:39 PM

Hello, SbrbnGangsta
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 SbrbnGangsta

SbrbnGangsta
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 02 December 2008 - 02:37 AM

OTvieit.txt:
OTViewIt logfile created on: 12/1/2008 10:53:10 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Donna\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 305.78 Mb Available Physical Memory | 59.78% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 20.90 Gb Free Space | 28.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 319.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 298.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS


Computer Name: DONNA-36E87216E
Current User Name: Donna
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/10/11 15:37:22 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/10/11 15:37:22 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/04/05 12:40:31 | 00,259,624 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\iSafe.exe
[2008/11/03 00:12:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/08/02 10:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe
[2003/01/05 02:04:12 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2005/06/03 02:43:04 | 01,210,112 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/04/05 12:40:26 | 00,006,656 | ---- | M] (Qurb, Inc.) -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
[2008/04/05 12:40:31 | 00,230,952 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
[2008/04/05 12:40:31 | 00,185,896 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRid.exe
[2005/06/03 02:39:42 | 00,943,880 | ---- | M] (Computer Associates) -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
[2008/04/05 12:40:31 | 00,202,280 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
[2008/08/22 21:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/01 22:48:47 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donna\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/23 22:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/10/11 15:37:22 | 00,430,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/10/11 19:05:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/04/05 12:40:31 | 00,259,624 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\iSafe.exe -- (CAISafe [Auto | Running])
[2007/10/23 22:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/11/03 00:12:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/08/02 10:33:50 | 00,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc [Auto | Running])
[2003/01/05 02:04:12 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2008/04/05 12:40:31 | 00,202,280 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe -- (VETMSGNT [Auto | Running])
[2005/06/03 02:43:04 | 01,210,112 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2007/10/25 13:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 17:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/02/23 12:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running])
[2004/02/24 08:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
[2004/06/21 13:53:20 | 00,626,204 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/04/13 10:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2005/07/11 08:10:11 | 00,019,200 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
[2006/10/11 15:43:54 | 01,777,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/11/10 09:54:56 | 00,402,944 | ---- | M] (Belkin Corporation) -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin) [On_Demand | Running])
[2005/05/03 07:34:02 | 00,027,392 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
[2005/04/21 03:40:36 | 00,010,624 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
[2005/04/12 00:41:20 | 00,004,608 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2003/09/25 20:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Stopped])
[2003/10/02 01:16:48 | 00,119,552 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\pnpshark.sys -- (pnpshark [Boot | Running])
[2006/02/28 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/08/03 14:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/05/03 13:45:10 | 12,039,680 | ---- | M] () -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD [On_Demand | Running])
[2003/09/27 12:37:16 | 00,005,504 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\st3shark.sys -- (st3shark [Boot | Running])
[2008/04/13 10:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [Boot | Running])
[2008/04/13 10:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
[2008/04/13 10:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
[2008/04/05 12:40:30 | 00,021,031 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\Vet-Filt.sys -- (VET-FILT [System | Running])
[2008/04/05 12:40:30 | 00,015,478 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\Vet-Rec.sys -- (VET-REC [System | Running])
[2008/04/05 12:40:44 | 00,108,360 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\VetEBoot.sys -- (VETEBOOT [On_Demand | Running])
[2008/04/05 12:40:44 | 00,879,832 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\VetEFile.sys -- (VETEFILE [System | Running])
[2008/04/05 12:40:30 | 00,015,735 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\VetFDDNT.sys -- (VETFDDNT [System | Running])
[2008/04/05 12:40:49 | 00,026,787 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])
[2003/07/02 01:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2005/06/03 02:42:52 | 00,279,656 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2003/08/04 12:29:08 | 00,006,912 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vulfnth.sys -- (vulfnths [On_Demand | Running])
[2003/08/04 12:29:32 | 00,011,392 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\vulfntr.sys -- (vulfntrs [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com/
"Default_Search_URL"=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.yahoo.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"CaAvTray"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" (Computer Associates International, Inc.)
"CAVRID"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" (Computer Associates International, Inc.)
"QOELOADER"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe" (Qurb, Inc.)
"Zone Labs Client"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe (Computer Associates)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"12CFG94-z641-2SF-N31P-5M1ER6H6L1"=C:\RECYCLER\S-1-5-21-3570885621-7942336168-133113875-2415\winigon.exe File not found
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H File not found

[HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"12CFG94-z641-2SF-N31P-5M1ER6H6L1"=C:\RECYCLER\S-1-5-21-3570885621-7942336168-133113875-2415\winigon.exe File not found
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H File not found

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"=Narrator.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2000/01/21 00:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found

[HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2007/12/12 14:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}: http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab -- Reg Error: Key does not exist or could not be opened.
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}: http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab -- CDownloadCtrl Object
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}: http://www.acclaim.com/cabs/acclaim_v5.cab -- GameLauncher Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_12
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

========== (O17) DNS Name Servers ==========

{17FF207F-926A-473C-BD95-CB553EF19505} (Servers: | Description: )
{529D8B82-781C-4142-9FC7-BB62FF03E363} (Servers: | Description: Belkin Wireless G USB Network Adapter)
{81B37C93-8493-4DA1-BB7A-04CE38C26BE6} (Servers: | Description: Belkin Wireless G USB Network Adapter)
{F2AC7B9C-74D0-42B3-BB95-51BC72E1A3B9} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2003/01/02 00:31:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[autorun] | open=aoesetup.exe /autorun | icon=48256.ico | | shell\setup=Install Age of Empires II | shell\setup\command=aoesetup.exe /autorun | | shell\zone=Install Internet Gaming Zone | shell\zone\command=goodies\mszone\zoneA600.exe | | shell\directx=Install DirectX 6.1 | shell\directx\command=DirectX\dxsetup.exe | | shell\dplay=Install DirectPlay 6.1a | shell\dplay\command=DirectX\dplay61a.exe | | shell\dxdiag=Install Adobe Acrobat Reader | shell\dxdiag\command=goodies\ar40eng.exe | | shell\log=Log Machine Configuration | shell\log\command=goodies\machine\machine.exe -l | | shell\machine=View Machine Configuration | shell\machine\command=goodies\machine\machine.exe | | shell\dxinfo=View DirectX Information | shell\dxinfo\command=goodies\DirectX\dxinfo.exe | | shell\dxtool=Run DirectX Tool | shell\dxtool\command=goodies\DirectX\dxtool.exe | | shell\dxtest=Run DirectX Diagnostic | shell\dxtest\command=DirectX\dxdiag.exe | ]
[1999/09/02 11:48:08 | 00,000,914 | R--- | M] () -- H:\AUTORUN.INF -- [ CDFS ]

AUTORUN.INF [[autorun] | open=aocsetup.exe /autorun | icon=age2x.ico | | shell\setup=Install Age of Empires II - The Conquerors Expansion | shell\setup\command=aocsetup.exe /autorun | | shell\zone=Install MSN Gaming Zone | shell\zone\command=goodies\mszone\zonea660.exe | | shell\adobe=Install Adobe Acrobat Reader | shell\adobe\command=goodies\ar405eng.exe | | shell\log=Log Machine Configuration | shell\log\command=goodies\machine\machine.exe -l | | shell\machine=View Machine Configuration | shell\machine\command=goodies\machine\machine.exe | | ]
[2000/05/31 23:39:56 | 00,000,524 | R--- | M] () -- I:\AUTORUN.INF -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2008/12/01 22:48:45 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Donna\Desktop\OTViewIt.exe
[2008/11/29 16:59:03 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/11/29 16:57:40 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/11/28 23:52:59 | 84,285,018 | ---- | C] () -- C:\Documents and Settings\Donna\My Documents\rawr.reg
[2008/11/28 23:50:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
[2008/11/28 22:22:54 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2008/11/28 22:22:52 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2008/11/28 22:22:51 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2008/11/28 22:22:50 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2008/11/28 22:22:49 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2008/11/28 22:22:47 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2008/11/28 22:22:46 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2008/11/28 22:22:45 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2008/11/28 22:22:44 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2008/11/28 22:22:42 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2008/11/28 22:22:41 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2008/11/28 22:22:40 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2008/11/28 22:22:39 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2008/11/28 22:22:38 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2008/11/28 22:22:37 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2008/11/28 22:22:36 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2008/11/28 22:22:35 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2008/11/28 22:22:34 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2008/11/28 22:22:33 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2008/11/28 22:22:32 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2008/11/28 22:22:21 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2008/11/28 22:21:54 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2008/11/28 22:21:53 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2008/11/28 22:21:52 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2008/11/28 22:21:47 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2008/11/28 22:21:46 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2008/11/28 22:21:45 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2008/11/28 22:21:43 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2008/11/28 22:21:42 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2008/11/28 22:21:40 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2008/11/28 22:21:39 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2008/11/28 22:21:38 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2008/11/28 22:21:37 | 00,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2008/11/28 22:21:35 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2008/11/28 22:21:35 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2008/11/28 22:21:32 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2008/11/28 22:21:31 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2008/11/28 22:21:30 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2008/11/28 22:21:29 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2008/11/28 22:21:28 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2008/11/28 22:21:27 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2008/11/28 22:21:26 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2008/11/28 22:21:25 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2008/11/28 22:21:22 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2008/11/28 22:21:17 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2008/11/28 22:21:14 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2008/11/28 22:21:10 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2008/11/28 22:21:09 | 00,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2008/11/28 22:21:08 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2008/11/28 22:21:06 | 00,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2008/11/28 22:20:58 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2008/11/28 22:20:56 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2008/11/28 22:20:55 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2008/11/28 22:20:51 | 00,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2008/11/28 22:20:50 | 00,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2008/11/28 22:20:49 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2008/11/28 22:20:45 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2008/11/28 22:16:57 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2008/11/28 22:16:56 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2008/11/28 22:16:55 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2008/11/28 22:16:54 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2008/11/28 22:16:54 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2008/11/28 22:16:53 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2008/11/28 22:16:52 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2008/11/28 22:16:51 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2008/11/28 22:16:49 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2008/11/28 22:16:48 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2008/11/28 22:16:45 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2008/11/28 22:16:44 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2008/11/28 22:16:43 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2008/11/28 22:16:42 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2008/11/28 22:16:42 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2008/11/28 22:16:41 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2008/11/28 22:16:40 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2008/11/28 22:16:39 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2008/11/28 22:16:38 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2008/11/28 22:16:36 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2008/11/28 22:16:12 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2008/11/25 17:56:00 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/11/25 17:55:42 | 00,000,000 | ---D | C] -- C:\rsit
[2008/11/24 23:24:10 | 00,050,176 | ---- | C] () -- C:\Documents and Settings\Donna\My Documents\fix.doc
[2008/11/22 12:33:43 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/22 12:25:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/22 12:08:34 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/22 11:50:59 | 00,589,824 | ---- | C] () -- C:\Documents and Settings\Donna\My Documents\Common problems.doc
[2008/11/18 21:23:25 | 00,825,856 | ---- | C] () -- C:\Documents and Settings\Donna\My Documents\Donnas project.doc
[2008/11/12 03:19:42 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/12 03:18:56 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/09 17:10:57 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/11/02 15:13:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2008/12/01 22:48:47 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donna\Desktop\OTViewIt.exe
[2008/12/01 18:32:18 | 00,000,890 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/12/01 18:31:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/01 18:31:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/01 18:31:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/01 14:02:28 | 04,766,908 | -H-- | M] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\IconCache.db
[2008/11/29 20:28:25 | 00,397,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/29 20:28:24 | 00,059,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/29 16:59:04 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/11/29 04:56:43 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/11/28 23:53:09 | 84,285,018 | ---- | M] () -- C:\Documents and Settings\Donna\My Documents\rawr.reg
[2008/11/25 03:30:21 | 00,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/25 02:13:55 | 00,025,352 | ---- | M] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/24 23:32:36 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2008/11/24 23:24:11 | 00,050,176 | ---- | M] () -- C:\Documents and Settings\Donna\My Documents\fix.doc
[2008/11/24 01:24:17 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/24 01:22:44 | 00,088,576 | ---- | M] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/22 12:33:44 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/22 11:51:00 | 00,589,824 | ---- | M] () -- C:\Documents and Settings\Donna\My Documents\Common problems.doc
[2008/11/21 16:26:46 | 00,825,856 | ---- | M] () -- C:\Documents and Settings\Donna\My Documents\Donnas project.doc
[2008/11/12 03:24:44 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/09 17:10:57 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/11/03 16:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

Extras:
OTViewIt Extras logfile created on: 12/1/2008 10:53:10 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Donna\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 305.78 Mb Available Physical Memory | 59.78% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 20.90 Gb Free Space | 28.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 319.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 298.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DONNA-36E87216E
Current User Name: Donna
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
File not found -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\ijji\ENGLISH\u_sf.exe:*:Enabled:<ijji Downloader>
[2003/01/13 11:57:21 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
File not found -- C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
File not found -- C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
File not found -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/09/16 20:03:52 | 00,289,088 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
File not found -- C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
[2008/09/04 17:29:02 | 00,579,032 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\PLauncher.exe:*:Enabled:PLauncher Application
[2003/01/18 09:49:55 | 00,787,904 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe
[2008/09/16 14:23:22 | 00,757,760 | ---- | M] () -- C:\Program Files\BYOND\bin\byond.exe:*:Enabled:byond
File not found -- C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\VetRedir.dll (Computer Associates International, Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 16:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 16:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 16:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Professional
"{1DCC7418-2089-4BDD-B321-3771956160FC}"=ijji Auto Installer
"{2390AB2C-FBE5-46DA-9332-D7DDB92B2A94}"=ATI Catalyst Control Center
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}"=ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{2DF9A978-DEA1-4433-805D-66790FC28C62}"=DAEMON Tools
"{3248F0A8-6813-11D6-A77B-00B0D0150120}"=J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}"=USB2.0 PC Camera (SN9C201&202)
"{84B2CF01-194D-2284-B313-F2E0D78D1033}"=Nero 7 Demo
"{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}"=Soldier Front
"{92605735-AAFB-47F7-A67D-17ED129EFF9C}"=ACDSee 4.0
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}"=AGEIA PhysX v7.11.13
"{9862B19F-4CAD-4EED-920F-2F378D84393F}"=ATI Parental Control & Encoder
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}"=Hellgate: London
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}"=AVIVO Codecs
"{CD125857-F6CF-4452-8235-AEEE845CDAC4}"=ACDSee 4.0 Service Release 1
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}"=Microsoft Plus! for Windows XP
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1"=ACE Mega CoDecS Pack
"ACD FotoSlate Plug-in"=ACD FotoSlate Plug-in
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Age of Empires 2.0"=Microsoft Age of Empires II
"Age of Empires Gold 1.0"=Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0"=Microsoft Age of Empires II: The Conquerors Expansion
"All ATI Software"=ATI - Software Uninstall Utility
"AnyDVD"=AnyDVD
"ATI Display Driver"=ATI Display Driver
"Bejeweled 1.23"=Bejeweled 1.23
"Build Your Own Net Dream"=Build Your Own Net Dream (remove only)
"CloneCD"=CloneCD
"CloneDVD2"=CloneDVD2
"Delta Force Land Warrior"=Delta Force Land Warrior
"DivX 5.0.2 Pro Bundle"=DivX 5.0.2 Pro Bundle
"DSMT4"=MathType 4
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Shrink_is1"=DVD Shrink 3.2
"eTrust Suite Personal"=CA eTrust Internet Security Suite
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InterActual Player"=InterActual Player
"iolo technologies' System Mechanic"=iolo technologies' System Mechanic
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Pdf995"=Pdf995
"Registry Mechanic_is1"=Registry Mechanic 8.0
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Mail"=Yahoo! Internet Mail
"Zip995"=Zip995

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-861567501-616249376-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA"=DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2008 12:26:41 AM | Computer Name = DONNA-36E87216E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/26/2008 11:17:02 PM | Computer Name = DONNA-36E87216E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2008 1:41:07 AM | Computer Name = DONNA-36E87216E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2008 1:41:09 AM | Computer Name = DONNA-36E87216E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/28/2008 11:31:52 PM | Computer Name = DONNA-36E87216E | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x00000001.

Error - 11/29/2008 1:42:54 AM | Computer Name = DONNA-36E87216E | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt
and has been copied to "C:\WINDOWS\Internet Logs\xDB20E.tmp". File "C:\WINDOWS\Internet
Logs\IAMDB.RDB" was corrupt and has been deleted.

Error - 11/29/2008 1:42:54 AM | Computer Name = DONNA-36E87216E | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt,
restoring from backup "C:\WINDOWS\Internet Logs\BACKUP.RDB".

Error - 11/29/2008 1:42:55 AM | Computer Name = DONNA-36E87216E | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\DONNA-36E87216E.ldb"
was corrupt and has been copied to "C:\WINDOWS\Internet Logs\xDB20F.tmp". File
"C:\WINDOWS\Internet Logs\DONNA-36E87216E.ldb" was corrupt and has been deleted.

Error - 11/29/2008 10:50:48 PM | Computer Name = DONNA-36E87216E | Source = MsiInstaller | ID = 11706
Description = Product: Hellgate: London -- Error 1706. An installation package for
the product Hellgate: London cannot be found. Try the installation again using
a valid copy of the installation package 'HGL_x86.msi'.

Error - 12/2/2008 2:50:29 AM | Computer Name = DONNA-36E87216E | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.20.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/1/2008 8:04:19 AM | Computer Name = DONNA-36E87216E | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00173FFF04A9. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/1/2008 9:31:58 AM | Computer Name = DONNA-36E87216E | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00173FFF04A9. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/1/2008 9:39:29 AM | Computer Name = DONNA-36E87216E | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00173FFF04A9. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/1/2008 11:22:14 AM | Computer Name = DONNA-36E87216E | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00173FFF04A9. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/1/2008 12:37:18 PM | Computer Name = DONNA-36E87216E | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00173FFF04A9. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/1/2008 1:09:51 PM | Computer Name = DONNA-36E87216E | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00173FFF04A9. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/1/2008 1:34:53 PM | Computer Name = DONNA-36E87216E | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00173FFF04A9. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/1/2008 10:31:52 PM | Computer Name = DONNA-36E87216E | Source = Service Control Manager | ID = 7000
Description = The AEGIS Protocol (IEEE 802.1x) v3.2.0.3 service failed to start
due to the following error: %%2

Error - 12/1/2008 10:31:52 PM | Computer Name = DONNA-36E87216E | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 12/1/2008 10:36:26 PM | Computer Name = DONNA-36E87216E | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{529D8B82-781C-4142-9FC7-BB62FF03E363}. The
backup browser is stopping.


< End of report >

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-01 23:37:21
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xAA86536D]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xAA878E90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xAA878DC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xAA878F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xAA8787B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xAA879080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xAA8791C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xAA878CE0]

INT 0xB4 ? FEA6FDD4

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AA868FF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AA869270] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AA8693D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AA869160] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AA869160] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AA868FF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AA869270] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AA8693D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AA868FF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AA869160] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AA8693D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AA869270] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA8693D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA869270] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA868FF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [AA8848F0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA869160] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA868FF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA869270] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA8693D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AA868FF0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AA869160] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AA8693D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AA869270] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Cdrom \Device\CdRom0 8333D120
Device \Driver\Cdrom \Device\CdRom1 8333D120
Device \Driver\atapi \Device\Ide\IdePort0 8333F510
Device \Driver\atapi \Device\Ide\IdePort1 8333F510
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 8333F510
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8333F510
Device \Driver\Cdrom \Device\CdRom2 8333D120
Device \Driver\Cdrom \Device\CdRom3 8333D120
Device \Driver\Cdrom \Device\CdRom4 8333D120
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target2Lun0 82DD1AC0
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 82DD1AC0
Device \Driver\st3shark \Device\Scsi\st3shark1 82DD1AC0
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target3Lun0 82DD1AC0
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 82DD1AC0

---- Modules - GMER 1.0.14 ----

Module _________ F8441000-F8459000 (98304 bytes)

---- EOF - GMER 1.0.14 ----

There all done! and thank you bill for taking your time to help me out :]
Posted Image

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:31 PM

Posted 02 December 2008 - 07:25 PM

Hello, SbrbnGangsta
Thanks for the PM... in the future though you only need to send a PM if you've been waiting at least a day. Please be advised that I am a high school student. I cannot usually get home and answer things until 7 or 8 at night. I'm sorry for any inconvinence.

Those logs appear clean. Are you still having problems?

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 SbrbnGangsta

SbrbnGangsta
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 03 December 2008 - 12:34 AM

Thanks for the help, currently no i am no longer having problems and i have installed the new java. I think i might have messed up somethings in my registry when i fixed the errors from the worms? and since ive had it my internet connection has been a little bit unstable..?
Posted Image

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:31 PM

Posted 04 December 2008 - 06:06 PM

Hello, SbrbnGangsta

Thanks for the help, currently no i am no longer having problems and i have installed the new java. I think i might have messed up somethings in my registry when i fixed the errors from the worms? and since ive had it my internet connection has been a little bit unstable..?


No idea to be honest.

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users