Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection, My HijackThis log


  • This topic is locked This topic is locked
54 replies to this topic

#1 yyoo223

yyoo223

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 30 November 2008 - 02:08 PM

Hi. My sister used my computer and once I came back on, the computer was really slow with lots of pop ups. I ran couple different virus scanners(Nod32, AVG) and I have removed several viruses. I also ran combofix(I should have asked someone earlier before doing this, but I was just desperate to fix the computer). After rebooting, it loads up to my wallpaper and stops. I need to manually open explorer.exe through the task manager. Occasionally, AVG states that a threat has been detected called "Trojan Horse Vundo.AV" which I cannot remove. I have no clue what to do in order to get my desktop to load automatically and pop ups to stop coming out. Here is my logs from RSIT.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Compaq_Owner at 2008-11-30 13:51:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 32 GB (17%) free of 184 GB
Total RAM: 702 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:39 PM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\userinit.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\SYSTEM32\PRISMSVR.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11F10977-1D14-4EB8-9CD6-804B9D06B9E0} - (no file)
O2 - BHO: {b666410a-e871-6028-ea04-ca8b566063b4} - {4b360665-b8ac-40ae-8206-178ea014666b} - C:\WINDOWS\system32\iixvvb.dll
O2 - BHO: (no name) - {6CAB59B4-55A3-4737-9FD5-B93C6430BF77} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\khfEVPIa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n019p/EN/install/gtdownlr.cab
O16 - DPF: {25794D3C-E2F0-40B8-9C11-F38DC1908633} (Maildropfile Control) - http://activexdown.paran.com/paranactivex/...oadlauncher.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BA2D9665-D672-446F-98F4-E3E41FA12A01} (PCAObj Class) - http://www.mypccenter.com/PCA.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Risk\Images\armhelper.ocx
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O16 - DPF: {FCD61199-E187-4ADD-88E5-9AF238486D11} (CPPMediaCtrl Object) - http://www.tvzoa.com/player/forceplayer.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: bidqye.dll,avgrsstx.dll
O20 - Winlogon Notify: khfEVPIa - C:\WINDOWS\SYSTEM32\khfEVPIa.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries Ltd. - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16668 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F10977-1D14-4EB8-9CD6-804B9D06B9E0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b360665-b8ac-40ae-8206-178ea014666b}]
C:\WINDOWS\system32\iixvvb.dll [2008-11-29 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CAB59B4-55A3-4737-9FD5-B93C6430BF77}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\khfEVPIa.dll [2008-11-29 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-05 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-07 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-09-11 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-05 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-01-24 544768]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-08-24 949376]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-01-08 451896]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-01-18 451896]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-30 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-20 68856]
"Google Update"=C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [2005-07-12 473928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-04-01 3587120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2005-10-26 811008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="bidqye.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfEVPIa]
C:\WINDOWS\system32\khfEVPIa.dll [2008-11-29 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PRISMAPI.DLL]
C:\WINDOWS\system32\PRISMAPI.DLL [2005-12-22 450646]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"=C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2005-06-24 101080]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\khfEVPIa.dll [2008-11-29 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\mlJCSLFX

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\ijji\ENGLISH\GUNSTER.exe"="C:\ijji\ENGLISH\GUNSTER.exe:*:Enabled:Gunster"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abdf7945-8487-11db-8985-0014a505f298}]
shell\AutoRun\command - 32.com
shell\explore\command - 32.com
shell\open\command - 32.com


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-11-30 13:51:16 ----D---- C:\rsit
2008-11-30 13:13:28 ----A---- C:\WINDOWS\gmer.ini
2008-11-30 13:13:25 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-30 13:13:25 ----A---- C:\WINDOWS\gmer.dll
2008-11-30 13:13:24 ----A---- C:\WINDOWS\gmer.exe
2008-11-30 02:47:36 ----D---- C:\Program Files\Trend Micro
2008-11-30 00:26:12 ----D---- C:\Program Files\Lavasoft
2008-11-30 00:26:10 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-30 00:25:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-29 23:46:50 ----A---- C:\WINDOWS\system32\VundoFixSVC.exe
2008-11-29 22:46:33 ----D---- C:\VundoFix Backups
2008-11-29 22:46:33 ----A---- C:\VundoFix.txt
2008-11-29 22:11:00 ----SHD---- C:\RECYCLER
2008-11-29 19:27:10 ----HD---- C:\$AVG8.VAULT$
2008-11-29 19:23:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-29 19:23:18 ----D---- C:\Program Files\AVG
2008-11-29 19:23:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-29 17:06:13 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-29 16:59:01 ----D---- C:\WINDOWS\temp
2008-11-29 16:58:44 ----A---- C:\ComboFix.txt
2008-11-29 16:55:15 ----A---- C:\WINDOWS\system32\iixvvb.dll
2008-11-29 16:55:12 ----A---- C:\WINDOWS\system32\eaplqhbh.dll
2008-11-29 16:51:35 ----ASH---- C:\WINDOWS\system32\XFLSCJlm.ini2
2008-11-29 16:51:27 ----ASH---- C:\WINDOWS\system32\XFLSCJlm.ini
2008-11-29 16:27:29 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-29 15:57:11 ----A---- C:\WINDOWS\zip.exe
2008-11-29 15:57:11 ----A---- C:\WINDOWS\VFIND.exe
2008-11-29 15:57:11 ----A---- C:\WINDOWS\SWREG.exe
2008-11-29 15:57:11 ----A---- C:\WINDOWS\sed.exe
2008-11-29 15:57:11 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-29 15:57:11 ----A---- C:\WINDOWS\grep.exe
2008-11-29 15:57:11 ----A---- C:\WINDOWS\fdsv.exe
2008-11-29 15:57:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-29 15:57:10 ----A---- C:\WINDOWS\SWSC.exe
2008-11-29 15:57:02 ----D---- C:\WINDOWS\ERDNT
2008-11-29 15:57:02 ----D---- C:\Qoobox
2008-11-29 01:05:12 ----A---- C:\WINDOWS\system32\63e38d08-.txt
2008-11-29 00:56:12 ----A---- C:\WINDOWS\system32\qoMffExU.dll
2008-11-29 00:56:09 ----A---- C:\WINDOWS\system32\khfEVPIa.dll
2008-11-21 22:56:46 ----A---- C:\WINDOWS\system32\PubPlugin.dll
2008-11-21 22:21:10 ----D---- C:\Program Files\iPod
2008-11-21 22:20:59 ----D---- C:\Program Files\iTunes
2008-11-21 22:20:59 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 22:18:43 ----D---- C:\Program Files\QuickTime
2008-11-21 22:18:21 ----D---- C:\Program Files\Apple Software Update
2008-11-21 22:17:46 ----D---- C:\Program Files\Common Files\Apple
2008-11-21 22:17:46 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-13 00:33:58 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2008-11-11 22:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 22:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 22:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-11-30 13:51:05 ----D---- C:\WINDOWS\Prefetch
2008-11-30 13:20:18 ----D---- C:\WINDOWS
2008-11-30 13:18:14 ----D---- C:\WINDOWS\system32\ias
2008-11-30 13:17:48 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2008-11-30 13:15:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 13:13:25 ----D---- C:\WINDOWS\system32\drivers
2008-11-30 02:47:36 ----D---- C:\Program Files
2008-11-30 02:09:00 ----D---- C:\Documents and Settings
2008-11-30 02:08:59 ----D---- C:\WINDOWS\system32
2008-11-30 01:54:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-30 00:27:00 ----SHD---- C:\WINDOWS\Installer
2008-11-30 00:26:56 ----SHD---- C:\Config.Msi
2008-11-30 00:25:12 ----D---- C:\Program Files\Common Files
2008-11-29 16:50:46 ----A---- C:\WINDOWS\system.ini
2008-11-29 16:06:05 ----D---- C:\WINDOWS\system32\config
2008-11-29 16:02:41 ----D---- C:\WINDOWS\AppPatch
2008-11-29 16:01:10 ----D---- C:\WINDOWS\Tasks
2008-11-27 16:41:13 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-11-21 22:56:46 ----D---- C:\WINDOWS\Downloaded Program Files
2008-11-21 22:21:42 ----HD---- C:\WINDOWS\inf
2008-11-21 22:21:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-21 22:20:05 ----D---- C:\Program Files\Bonjour
2008-11-21 22:18:41 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-21 22:15:47 ----D---- C:\Program Files\FlashGet
2008-11-18 06:55:36 ----D---- C:\WINDOWS\system32\dllcache
2008-11-17 22:46:19 ----D---- C:\WINDOWS\Help
2008-11-13 00:39:35 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Skype
2008-11-12 20:16:30 ----D---- C:\Program Files\POMQMV3
2008-11-11 22:25:21 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-11 22:25:19 ----A---- C:\WINDOWS\imsins.BAK
2008-11-11 22:24:38 ----D---- C:\WINDOWS\WinSxS
2008-11-06 22:50:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-29 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-29 26824]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-30 85969]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-08-24 15424]
R1 SSHDRV76;SSHDRV76; \??\C:\WINDOWS\system32\drivers\SSHDRV76.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-10-11 20747]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-08-24 512096]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-01-11 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-01-11 18048]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-01-08 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-01-08 25272]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-16 1918464]
R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
R3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-11-11 353728]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-07-07 223128]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-25 923863]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 uscbs109;uscbs109; C:\WINDOWS\system32\DRIVERS\uscbs109.sys [2005-03-21 8672]
R3 uscsc109;uscsc109; C:\WINDOWS\system32\DRIVERS\uscsc109.sys [2005-03-21 102336]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
S3 BIOSCHK;BIOSCHK; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\TIIC7.tmp\disk1\BIOSCHK.SYS []
S3 brfilt;Brother MFC Filter Driver; C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 2944]
S3 BrSerWDM;Brother Serial driver; C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2003-03-13 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 10368]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver; C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-06-12 98304]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 XDva014;XDva014; \??\C:\WINDOWS\system32\XDva014.sys []
S3 XDva020;XDva020; \??\C:\WINDOWS\system32\XDva020.sys []
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\system32\XTrapD12.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-16 434176]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-25 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-01-08 451896]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-08-24 552064]
R2 PRISMSVC;PRISMSVC; C:\WINDOWS\system32\PRISMSVC.EXE [2005-12-22 61526]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-13 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-23 138168]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-01-18 12800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-30 13:51:43

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
9Dragons-->MsiExec.exe /I{EB0508A0-162A-4996-85A1-00C07D33445A}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{7989FC0E-85EC-4C8D-AD5C-3FD1398261A7}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoIt v3.2.0.1-->C:\Program Files\AutoIt3\Uninstall.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Barnyard Invasion from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\53474592-01BC-4338-8647-FE350957D912\Uninstall.exe"
Bejeweled 2 Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D84AC71A-75E8-4709-8BA5-4B46EAC00C5E\Uninstall.exe"
Big Kahuna Reef from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9421EC3B-DD11-4A1D-B299-6E00CBFD0313\Uninstall.exe"
Blackhawk Striker 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\Uninstall.exe"
Blasterball 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Blasterball 2 Holidays from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D06AB82F-D68E-405A-9886-AB8804291B6D\Uninstall.exe"
Boggle Supreme from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bookworm Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E618FC78-EE4F-4243-8409-078EB5E0B1F6\Uninstall.exe"
Bounce Symphony from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
Canon i80-->C:\WINDOWS\system32\CNMCP5u.exe "-PRINTERNAMECanon i80" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i80 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i80 Installer\Inst2\cnmi0409.dll"
Compaq Connections (remove only)-->C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
Compaq Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cool Edit Pro 2.1-->C:\Program Files\coolpro2\cep2unin.exe
Crystal Maze from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\Uninstall.exe"
Cube Construct 1.0-->"C:\Program Files\Cube Construct\unins000.exe"
Digby's Donuts from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3DB5E24E-D0CE-437E-96BB-35E09A45B800\Uninstall.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVDforger 0.6.2 alpha-->"C:\Program Files\DVDforger\uninst\unins000.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
EAX™ Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX™ Unified (SHELL)\Uninst.isu"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Excel OM 3-->C:\PROGRA~1\ExcelOM3\UNWISE.EXE C:\PROGRA~1\ExcelOM3\INSTALL.LOG
FATE Demo from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\EC103FAC-9610-4651-BD68-CCEA97C7AB02\Uninstall.exe"
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
Flip Words from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\220B08B4-42B6-4452-A646-5646B6CB8063\Uninstall.exe"
Free WMA to MP3 Converter 1.16-->"C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
FreeStyle Street Basketball™-->C:\Program Files\InstallShield Installation Information\{E192E363-0D29-4D22-B034-F2E457CC0660}\setup.exe -runfromtemp -l0x0009 -removeonly
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
GangLand-->C:\WINDOWS\unvise32.exe C:\Program Files\MediaMobsters\uninstal.log
Gangsters 2-->"C:\Program Files\Eidos Interactive\Hothouse Creations\Gangsters 2\Autorun.exe" /Uninstall
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{108921F0-2DDB-3C3D-A02D-CC18285F514C}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Grand Chase-->C:\Ntreev\Grand Chase\uninst.exe
Half-Life: Counter-Strike-->C:\Sierra\COUNTE~1\UNWISE.EXE C:\Sierra\COUNTE~1\INSTALL.LOG
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Insaniquarium Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5AF1DD17-7B06-45EF-8592-2E524E458BAB\Uninstall.exe"
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jewel Quest from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\2FC85AE2-A516-46DC-9622-BEE432D2276B\Uninstall.exe"
Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D49B246D-8050-458F-AB0C-81D3D28D0F02}\setup.exe"
Mah Jong Quest from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\422C7575-C10D-4795-87FA-9972765379E6\Uninstall.exe"
MapleStory-->MsiExec.exe /I{6918E1F4-0988-433C-A418-CC0BF87A7A2B}
Max Payne 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft AntiSpyware-->MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mobile Ringtone Converter 2.3.24-->"C:\Program Files\MRConverter\unins000.exe"
Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Network Magic-->C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX-->"C:\Program Files\Eset\unins000.exe"
Office 2003 Tour-->MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}
PC-Doctor 5 for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Poker Tracker Version 2.13.01a-->"C:\Program Files\Poker Tracker V2\unins000.exe"
Polar Bowler from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
Polar Golfer from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe"
POM-QM for Windows (Version 3)-->C:\PROGRA~1\POMQMV3\UNWISE.EXE C:\PROGRA~1\POMQMV3\INSTALL.LOG
Port Royale 2-->C:\Program Files\Ascaron Entertainment\Port Royale 2\Uninstall.exe
PowerMenu 1.51-->C:\Program Files\PowerMenu\Uninst.exe
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Puzzle Express from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E1A0F769-A43A-4DDB-9F73-12791E453557\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickBooks Premier Edition 2006-->msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="superpro" QBFULLNAME="QuickBooks Premier Edition 2006" ADDREMOVE=1
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime Alternative 1.76-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove DivX Codec-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\UninstalDivXCodec.log
Remove WeatherBug Installer-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c c:\hp\bin\wbug\clean.bat
Ricochet Lost Worlds from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\52AEBC18-F252-4B0C-B3E1-724537D9F873\Uninstall.exe"
Risk II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0EE11800-A1BD-11D3-BFEB-005004AF2D32}\setup.exe" -l0x0009
Risk WarZone Client-->C:\PROGRA~1\WarZone\UNWISE.EXE C:\PROGRA~1\WarZone\INSTALL.LOG
SCRABBLE Blast from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\4A750179-4CAB-4A94-911D-36ECBC64B6B2\Uninstall.exe"
SCRABBLE from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\FA6A73EB-40AB-4B58-851D-3892B3C10EF6\Uninstall.exe"
SCRABBLE Rack Attack from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\AC542946-E8F0-4163-9902-A1DCB02E327F\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shrek 2 Ogre Bowler from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9\Uninstall.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slingo Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9\Uninstall.exe"
Slyder from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\Uninstall.exe"
Softnyx Launcher-->"C:\Program Files\Softnyx\Launcher\unins000.exe"
Solid State ION Internet Explorer Plugin-->C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\soliduninstall.exe /Uninstall activex
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Street Wars-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Studio 3\Street Wars\Uninst.isu"
Super Granny from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\Uninstall.exe"
Swarm from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B8DC3DBE-D64E-4EE3-8211-8BCAD6CD3D56\Uninstall.exe"
Texas Calculatem 4 with "AutoRead"-->"C:\Program Files\TexasCalculatem\unins000.exe"
The Guild 2-->C:\WINDOWS\unvise32.exe C:\Program Files\The Guild 2\uninstal.log
Tradewinds from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe"
Universal SCSI Controller-->MsiExec.exe /I{35A501AD-C538-4286-9A45-AAF5514A482D}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
USB 2.0 Wireless LAN Card Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\setup.exe" -l0x9 -removeonly
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vodei Multimedia Processor 2.10-->C:\Program Files\Vodei\uninst.exe
WarZone Client-->C:\PROGRA~1\WarZone\UNWISE.EXE C:\PROGRA~1\WarZone\INSTALL.LOG
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Winning Eleven 9-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{50CF3F83-A50E-44DF-BC7E-07463908E986} /l1033
Worms World Party-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe"
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======Security center information======

AV: AVG Anti-Virus Free
AV: Norton Internet Security (outdated)
AV: ESET NOD32 antivirus system 2.70
FW: Norton Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ESTsoft\ALZip;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:28 PM

Posted 07 December 2008 - 04:17 PM

Hello, yyoo223
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 yyoo223

yyoo223
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 07 December 2008 - 05:17 PM

Hi Billy,

Thanks for looking at my logs. Here are the requested logs.


OTViewIt logfile created on: 12/7/2008 4:43:18 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.48 Mb Total Physical Memory | 261.18 Mb Available Physical Memory | 37.18% Memory free
1.68 Gb Paging File | 1.00 Gb Available in Paging File | 59.86% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.79 Gb Total Space | 30.61 Gb Free Space | 17.03% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.18 Gb Free Space | 18.22% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 618.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 697.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DOOYONG0003
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/12/16 21:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/12/16 21:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
[2005/12/22 19:15:46 | 00,381,014 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
[2001/12/12 23:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/11/29 19:23:20 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005/07/25 08:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/08/24 20:59:31 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
[2005/12/22 19:21:44 | 00,061,526 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/01/08 16:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2008/11/29 19:23:23 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[2005/01/24 04:56:00 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2005/02/16 22:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2006/09/25 09:12:20 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2007/08/24 20:59:31 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
[2007/01/01 16:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
[2008/01/08 16:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2008/01/18 09:32:34 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/11/30 02:10:56 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/05/20 11:00:50 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/11/13 00:33:00 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2005/12/22 20:14:54 | 00,921,704 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
[2002/12/19 18:17:56 | 00,057,344 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenu.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/09/25 09:12:20 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/09/25 09:12:20 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2004/09/07 15:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
[1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe
[2005/08/11 15:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2005/08/11 15:30:30 | 00,249,856 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2005/08/11 15:30:30 | 00,618,496 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/07 16:41:12 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/12/16 21:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/12/20 21:05:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/11/29 19:23:20 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
File not found -- -- (brmfrmps [Auto | Stopped])
[2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/03/13 11:03:57 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/01/23 23:25:21 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2005/07/25 08:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/01/18 09:31:46 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/01/08 16:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2007/08/24 20:59:31 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe -- (NOD32krn [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/12/22 19:21:44 | 00,061,526 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC [Auto | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/10/11 23:04:34 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2005/04/20 13:00:56 | 02,317,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/03/09 16:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Stopped])
[2007/08/24 20:59:31 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
[2006/12/16 21:50:29 | 01,918,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/01/11 01:01:46 | 00,271,360 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2008/11/29 19:23:45 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/11/29 19:23:40 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2001/08/17 12:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt [On_Demand | Stopped])
[2003/03/13 23:04:20 | 00,061,952 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM [On_Demand | Stopped])
[2001/08/17 12:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm [On_Demand | Stopped])
[2001/08/17 12:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn [On_Demand | Stopped])
[2007/02/03 09:25:56 | 01,075,360 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL [On_Demand | Running])
[2005/11/11 15:34:16 | 00,353,728 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02 [On_Demand | Running])
[2006/07/07 14:41:54 | 00,223,128 | ---- | M] () -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
[2003/06/12 04:56:44 | 00,098,304 | R--- | M] (ATMEL) -- C:\WINDOWS\system32\drivers\vnet558x.sys -- (FVNETusb [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/11/30 13:13:25 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2005/03/09 20:09:18 | 00,870,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2007/01/11 01:01:46 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2007/02/03 09:32:36 | 00,041,504 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2008/04/13 13:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys -- (mf [On_Demand | Stopped])
[2001/08/17 22:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2007/08/24 20:59:31 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
[2007/08/21 09:05:32 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Running])
[2008/01/08 16:16:10 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/01/08 16:16:10 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2005/04/25 11:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/03/04 13:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/01/25 08:56:00 | 00,923,863 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Running])
[2006/07/07 14:39:13 | 00,643,072 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/18 15:52:29 | 00,053,760 | ---- | M] () -- C:\WINDOWS\system32\drivers\SSHDRV76.sys -- (SSHDRV76 [System | Running])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
[2005/03/21 23:00:00 | 00,008,672 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\uscbs109.sys -- (uscbs109 [On_Demand | Running])
[2005/03/21 23:00:00 | 00,102,336 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\uscsc109.sys -- (uscsc109 [On_Demand | Running])
[2004/08/04 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{11F10977-1D14-4EB8-9CD6-804B9D06B9E0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{4b360665-b8ac-40ae-8206-178ea014666b} (HKLM) -- C:\WINDOWS\system32\iixvvb.dll ()
{4C645F79-1912-40DA-A5A1-6C89213E0058} (HKLM) -- C:\WINDOWS\system32\xxyxVnki.dll File not found
{6CAB59B4-55A3-4737-9FD5-B93C6430BF77} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (HKLM) -- C:\WINDOWS\system32\khfEVPIa.dll File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{F156768E-81EF-470C-9057-481BA8380DBA} (HKLM) -- C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{724D43A0-0D85-11D4-9908-00400523E39A}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"68c04976"=rundll32.exe "C:\WINDOWS\system32\flrwrexu.dll",b ()
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KBD"=C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SMSERIAL"=sm56hlpr.exe (Motorola Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found

========== (O4) Startup Folders ==========

[2005/12/22 20:14:54 | 00,921,704 | ---- | M] (Dell Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
[2002/12/19 18:17:56 | 00,057,344 | ---- | M] (Thong Nguyen) -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Download All with FlashGet: C:\Program Files\FlashGet\JC_ALL.HTM [2007/09/11 06:21:42 | 00,001,049 | ---- | M] ()
&Download with FlashGet: C:\Program Files\FlashGet\JC_LINK.HTM [2007/09/11 06:21:42 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\MenuExt\]
&Download All with FlashGet: C:\Program Files\FlashGet\JC_ALL.HTM [2007/09/11 06:21:42 | 00,001,049 | ---- | M] ()
&Download with FlashGet: C:\Program Files\FlashGet\JC_LINK.HTM [2007/09/11 06:21:42 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/09/29 16:57:50 | 01,082,880 | ---- | M] (Skype Technologies S.A.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2006/05/25 00:22:06 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2005/08/05 14:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- File not found
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Button: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Menu: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Button: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/09/15 20:57:56 | 00,000,735 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Menu: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/09/15 20:57:56 | 00,000,735 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{F4430FE8-2638-42e5-B849-800749B94EED}: Button: PartyPoker.net -- File not found
{F4430FE8-2638-42e5-B849-800749B94EED}: Menu: PartyPoker.net -- File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2006/05/25 00:22:06 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2005/08/05 14:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [PartyPoker.com] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [PartyPoker.net] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2006/05/25 00:22:06 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2005/08/05 14:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [PartyPoker.com] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [PartyPoker.net] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2006/05/25 00:22:06 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2005/08/05 14:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [PartyPoker.com] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [PartyPoker.net] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2006/05/25 00:22:06 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2005/08/05 14:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [PartyPoker.com] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [PartyPoker.net] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05D44720-58E3-49E6-BDF6-D00330E511D3}: http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab -- StagingUI Object
{072039AB-2117-4ED5-A85F-9B9EB903E021}: http://www.clubbox.co.kr/neo.fld/NowStarter.cab -- NowStarter Control
{149E45D8-163E-4189-86FC-45022AB2B6C9}: file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx -- SpinTop DRM Control
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{1DE9BB01-B121-401D-8877-BCD5ED5B7EE5}: http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB -- Tpwin Control
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{25365FF3-2746-4230-9DA7-163CCA318309}: http://inst.c-wss.com/n019p/EN/install/gtdownlr.cab -- Automatic Driver Installation Control
{25794D3C-E2F0-40B8-9C11-F38DC1908633}: http://activexdown.paran.com/paranactivex/...oadlauncher.cab -- Maildropfile Control
{2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60}: http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab -- PDUpdate Control
{37A273C2-5129-11D5-BF37-00A0CCE8754B}: http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab -- TTestGenXInstallObject
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab -- MSN Games – Buddy Invite
{5736C456-EA94-4AAC-BB08-917ABDD035B3}: http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab -- ZonePAChat Object
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{5F5F9FB8-878E-4455-95E0-F64B2314288A}: http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab -- ijjiPlugin2 Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}: http://www.acclaim.com/cabs/acclaim_v5.cab -- GameLauncher Control
{7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8}: http://www.legendofares.com/download/mgusamanagerv1001.cab -- MGAME manager Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{95D88B35-A521-472B-A182-BB1A98356421}: http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab -- Pearson Installation Assistant 2
{A2E05F45-F127-4092-B9F7-9A02C3E04C77}: http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab -- HGPlugin7USA Class
{A90A5822-F108-45AD-8482-9BC8B12DD539}: http://www.crucial.com/controls/cpcScanner.cab -- Crucial cpcScan
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{BA2D9665-D672-446F-98F4-E3E41FA12A01}: http://www.mypccenter.com/PCA.cab -- PCAObj Class
{BD08A9D5-0E5C-4F42-99A3-C0CB5E860557}: http://cdn1.acclaimdownloads.com/solidstateion.cab -- CSolidBrowserObj Object
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CC450D71-CC90-424C-8638-1F2DBAC87A54}: file://C:\Program Files\Risk\Images\armhelper.ocx -- ArmHelper Control
{CD995117-98E5-4169-9920-6C12D4C0B548}: http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab -- HGPlugin9USA Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}: http://zone.msn.com/binframework/v10/StProxy.cab55579.cab -- MSN Games – Game Communicator
{EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A}: http://asp.mathxl.com/books/_Players/EconPlayer.cab -- Pearson MyEconLab Player Control
{FCD61199-E187-4ADD-88E5-9AF238486D11}: http://www.tvzoa.com/player/forceplayer.cab -- CPPMediaCtrl Object
{FF3C5A9F-5A91-4930-80E8-4709194C2AD3}: http://zone.msn.com/bingame/zpagames/Check...PA.cab55579.cab -- CheckersZPA Object

========== (O17) DNS Name Servers ==========

{4BD057AB-B25F-4F20-BE57-D3BF46AACC11} (Servers: | Description: 1394 Net Adapter)
{8FA84C9E-EBA9-4E56-8810-62B29113622D} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)
{980D0579-3A1A-4D5E-8D60-06B2C46F1464} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{A36CEF8E-ACF5-41C4-8088-B25F23611246} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)
{B0E96F0E-F741-4273-A8FA-12A70C597D59} (Servers: | Description: )
{B6868852-0E01-4C46-B97D-664E3DDEB3EF} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{B79CD0E0-7DB7-4724-A9D0-ED3179536593} (Servers: | Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
{D6E8FDA3-5B88-447F-AAB7-D295C46518B6} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{E2DF5359-2CDF-4757-9C80-C8F17534256E} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)
{E321A272-53BF-4E46-AC32-63B0FEA9C86C} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)
{EF01837E-B102-4716-8A30-43B38E10AFBA} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{F48F0E10-BFC7-47CE-9F4F-92A5ACB11B31} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{FC49235F-43B4-4EF5-8781-C1C9C66212AF} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=bidqye.dll,avgrsstx.dll
>File not found --
>[2008/11/29 19:23:49 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
khfEVPIa: "DllName" = khfEVPIa.dll -- File not found
PRISMAPI.DLL: "DllName" = PRISMAPI.DLL -- C:\WINDOWS\system32\PRISMAPI.dll (Conexant Systems, Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" (HKLM) -- C:\WINDOWS\system32\khfEVPIa.dll File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}" (HKLM) -- C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\xxyxVnki,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/06/25 00:32:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

autorun.inf [[autorun] | icon=bin\maxpayne2.ico | ]
[2003/09/18 15:11:56 | 00,000,035 | R--- | M] () -- J:\autorun.inf -- [ CDFS ]

autorun.inf [[autorun] | open=Install.exe | icon=bin\maxpayne2.ico | ]
[2003/09/18 15:10:56 | 00,000,053 | R--- | M] () -- K:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abdf7945-8487-11db-8985-0014a505f298}\Shell\AutoRun\command]
""=32.com


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abdf7945-8487-11db-8985-0014a505f298}\Shell\explore\Command]
""=32.com


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abdf7945-8487-11db-8985-0014a505f298}\Shell\open\Command]
""=32.com

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2008/12/07 16:42:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer
[2008/12/07 16:41:06 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe
[2008/12/07 15:50:12 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\BA3102 Rubric_Group Projects_NEW.doc
[2008/12/07 15:49:52 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\BA_3102_Extra_Credit_Assignment_Ambler.doc
[2008/12/06 23:52:41 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Residency.doc
[2008/12/06 23:25:48 | 01,056,768 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\finale.lec.2008.ppt
[2008/12/05 20:53:18 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\smjuue.dll
[2008/12/05 20:53:17 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\qncltjob.dll
[2008/12/05 20:51:05 | 01,479,822 | -HS- | C] () -- C:\WINDOWS\System32\uxerwrlf.ini
[2008/12/05 20:51:00 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\flrwrexu.dll
[2008/12/03 13:55:58 | 01,423,173 | -HS- | C] () -- C:\WINDOWS\System32\utjuvogl.ini
[2008/12/03 13:55:54 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\lgovujtu.dll
[2008/12/03 13:55:00 | 00,881,647 | -HS- | C] () -- C:\WINDOWS\System32\iknVxyxx.ini2
[2008/12/03 13:55:00 | 00,881,647 | -HS- | C] () -- C:\WINDOWS\System32\iknVxyxx.ini
[2008/12/01 23:48:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Poker
[2008/12/01 20:52:18 | 00,163,840 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speech 5 Slide Show.ppt
[2008/11/30 13:51:16 | 00,000,000 | ---D | C] -- C:\rsit
[2008/11/30 13:50:26 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
[2008/11/30 13:13:28 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/11/30 13:13:25 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/11/30 13:13:25 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/30 13:13:25 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/30 13:13:24 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/11/30 13:09:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\OTScanIt
[2008/11/30 13:08:57 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe
[2008/11/30 03:44:33 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2008/11/30 03:44:05 | 00,576,581 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTScanIt.exe
[2008/11/30 03:01:24 | 00,006,144 | -HS- | C] () -- C:\Documents and Settings\All Users\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\All Users\Desktop\Thumbs.db:encryptable
[2008/11/30 02:47:40 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.lnk
[2008/11/30 02:47:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/30 02:47:23 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HJTInstall.exe
[2008/11/30 00:26:26 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/30 00:26:26 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/30 00:26:12 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/11/30 00:26:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/30 00:25:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/11/29 22:46:33 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/11/29 22:11:00 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/11/29 19:27:10 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/11/29 19:23:50 | 00,001,515 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/29 19:23:49 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/29 19:23:45 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/29 19:23:40 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/29 19:23:35 | 30,657,076 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/29 19:23:35 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/29 19:23:35 | 00,334,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/29 19:23:35 | 00,086,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/29 19:23:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/11/29 19:23:18 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/11/29 19:23:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/11/29 16:59:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/11/29 16:55:15 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\iixvvb.dll
[2008/11/29 16:55:12 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\eaplqhbh.dll
[2008/11/29 16:51:35 | 00,000,729 | -HS- | C] () -- C:\WINDOWS\System32\XFLSCJlm.ini2
[2008/11/29 16:51:27 | 00,000,729 | -HS- | C] () -- C:\WINDOWS\System32\XFLSCJlm.ini
[2008/11/29 16:49:24 | 73,667,7888 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/29 15:57:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/11/29 15:57:11 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/11/29 15:57:11 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/11/29 15:57:11 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/11/29 15:57:11 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/11/29 15:57:11 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/11/29 15:57:11 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/11/29 15:57:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/11/29 15:57:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/11/29 15:57:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/11/29 15:57:02 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/11/29 15:54:46 | 03,055,914 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2008/11/29 00:56:12 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\qoMffExU.dll
[2008/11/29 00:41:44 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\MSINET.oca
[2008/11/29 00:41:44 | 00,002,407 | ---- | C] () -- C:\WINDOWS\System32\MSINET.DEP
[2008/11/28 12:14:45 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\fina.doc
[2008/11/21 22:56:46 | 00,157,152 | ---- | C] (NHN Corporation) -- C:\WINDOWS\System32\PubPlugin.dll
[2008/11/21 22:21:46 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/21 22:21:10 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/11/21 22:20:59 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/11/21 22:20:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/21 22:19:16 | 00,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2008/11/21 22:18:43 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/11/21 22:18:27 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/21 22:18:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Apple
[2008/11/21 22:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/11/21 22:17:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/11/21 22:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/11/19 20:44:46 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\directions.doc
[2008/11/15 18:00:35 | 00,091,184 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Yoo, Yong.pdf
[2008/11/15 18:00:35 | 00,041,984 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Yoo, Yong.doc
[2008/11/13 00:33:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
[2008/11/13 00:32:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Deployment
[2008/11/12 20:17:04 | 01,616,955 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\companyprofact.pdf
[2008/11/11 22:03:27 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/11 22:03:08 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/09 21:03:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\reports

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/12/07 16:42:01 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2008/12/07 16:41:12 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe
[2008/12/07 15:50:12 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\BA3102 Rubric_Group Projects_NEW.doc
[2008/12/07 15:49:53 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\BA_3102_Extra_Credit_Assignment_Ambler.doc
[2008/12/07 14:24:22 | 30,657,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/07 14:22:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/07 14:22:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/07 14:22:18 | 73,667,7888 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/06 23:52:41 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Residency.doc
[2008/12/06 23:31:28 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office Word 2003.lnk
[2008/12/06 23:25:56 | 01,056,768 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\finale.lec.2008.ppt
[2008/12/06 23:14:26 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/12/06 01:05:06 | 00,881,647 | -HS- | M] () -- C:\WINDOWS\System32\iknVxyxx.ini
[2008/12/06 01:03:33 | 00,881,647 | -HS- | M] () -- C:\WINDOWS\System32\iknVxyxx.ini2
[2008/12/05 20:53:18 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\smjuue.dll
[2008/12/05 20:53:18 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\qncltjob.dll
[2008/12/05 20:51:09 | 01,479,822 | -HS- | M] () -- C:\WINDOWS\System32\uxerwrlf.ini
[2008/12/05 20:51:01 | 00,072,704 | ---- | M] () -- C:\WINDOWS\System32\flrwrexu.dll
[2008/12/05 20:49:00 | 00,086,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/05 20:46:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/03 15:27:07 | 00,170,496 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 13:56:08 | 01,423,173 | -HS- | M] () -- C:\WINDOWS\System32\utjuvogl.ini
[2008/12/03 13:55:55 | 00,072,704 | ---- | M] () -- C:\WINDOWS\System32\lgovujtu.dll
[2008/12/02 23:39:51 | 00,163,840 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speech 5 Slide Show.ppt
[2008/11/30 13:50:36 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
[2008/11/30 13:22:46 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/11/30 13:13:25 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/11/30 13:13:25 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/30 13:13:25 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/30 03:44:19 | 00,576,581 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTScanIt.exe
[2008/11/30 03:01:24 | 00,006,144 | -HS- | M] () -- C:\Documents and Settings\All Users\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\All Users\Desktop\Thumbs.db:encryptable
[2008/11/30 02:47:40 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.lnk
[2008/11/30 02:47:29 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HJTInstall.exe
[2008/11/30 02:09:52 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/30 00:26:26 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/30 00:26:26 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/29 22:19:57 | 00,000,729 | -HS- | M] () -- C:\WINDOWS\System32\XFLSCJlm.ini
[2008/11/29 22:17:06 | 00,000,729 | -HS- | M] () -- C:\WINDOWS\System32\XFLSCJlm.ini2
[2008/11/29 19:23:50 | 00,001,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/29 19:23:49 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/29 19:23:45 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/29 19:23:40 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/29 19:23:35 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/29 16:55:15 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\iixvvb.dll
[2008/11/29 16:55:15 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\eaplqhbh.dll
[2008/11/29 16:50:46 | 00,000,311 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/29 16:50:25 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/29 15:54:56 | 03,055,914 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2008/11/29 01:05:32 | 00,115,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2008/11/29 01:05:32 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\MSINET.oca
[2008/11/29 01:05:32 | 00,002,407 | ---- | M] () -- C:\WINDOWS\System32\MSINET.DEP
[2008/11/29 00:56:12 | 00,038,400 | ---- | M] () -- C:\WINDOWS\System32\qoMffExU.dll
[2008/11/28 16:44:17 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\fina.doc
[2008/11/28 13:31:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/28 13:31:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/27 16:35:24 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/23 15:12:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/11/23 15:12:42 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/11/22 01:15:24 | 02,641,552 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2008/11/21 22:19:16 | 00,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2008/11/21 22:18:27 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/19 20:44:48 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\directions.doc
[2008/11/15 19:53:10 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office PowerPoint 2003.lnk
[2008/11/15 19:23:59 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Yoo, Yong.doc
[2008/11/12 20:17:05 | 01,616,955 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\companyprofact.pdf
[2008/11/11 22:25:19 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/11 10:26:58 | 00,091,184 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Yoo, Yong.pdf
[2008/11/10 22:20:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/11/10 22:20:05 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/11/08 13:47:43 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office Excel 2003.lnk
< End of report >

OTViewIt Extras logfile created on: 12/7/2008 4:43:18 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.48 Mb Total Physical Memory | 261.18 Mb Available Physical Memory | 37.18% Memory free
1.68 Gb Paging File | 1.00 Gb Available in Paging File | 59.86% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.79 Gb Total Space | 30.61 Gb Free Space | 17.03% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.18 Gb Free Space | 18.22% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 618.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 697.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DOOYONG0003
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
[2005/10/08 00:27:37 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/10/08 00:27:37 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections
[2008/08/15 21:59:05 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/10/23 20:56:22 | 02,408,448 | ---- | M] () -- C:\ijji\ENGLISH\GUNSTER.exe:*:Enabled:Gunster
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2005/10/20 09:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/01 16:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/11/09 20:52:58 | 03,753,456 | ---- | M] (Google) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
[2008/11/09 20:26:48 | 00,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/11/29 19:23:21 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/09/29 16:57:48 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/01/08 16:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000032 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000033 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000034 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000035 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000036 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000037 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000038 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000039 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000040 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000041 -- C:\WINDOWS\system32\imon.dll (Eset )

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 11:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 11:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 11:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 11:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/23 15:35:08 | 00,140,600 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/29 16:57:48 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}"=Adobe Setup
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}"=Risk II
"{0F1649F6-F84B-41B2-980B-D2371BA389B3}"=Network Magic
"{108921F0-2DDB-3C3D-A02D-CC18285F514C}"=Google Talk Plugin
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}"=Microsoft Plus! Dancer LE
"{1DCC7418-2089-4BDD-B321-3771956160FC}"=ijji Auto Installer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150000}"=J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{3262E7D1-0A6F-4DD8-8971-DD062F081703}_is1"=Cube Construct 1.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35A501AD-C538-4286-9A45-AAF5514A482D}"=Universal SCSI Controller
"{3912A629-0020-0005-3757-2FBA74D4DF0A}"=InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}"=HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{50CF3F83-A50E-44DF-BC7E-07463908E986}"=Winning Eleven 9
"{536F7C74-844B-4683-B0C5-EA39E19A6FE3}"=Microsoft AntiSpyware
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}"=LightScribe 1.4.42.1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{6918E1F4-0988-433C-A418-CC0BF87A7A2B}"=MapleStory
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69B02159-7624-4DBB-B9EE-F933039830AD}"=QuickBooks Premier Edition 2006
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7989FC0E-85EC-4C8D-AD5C-3FD1398261A7}"=ATI Catalyst Control Center
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8BD5B620-AA88-11D4-AEC7-0008C739EC2A}"=Gangsters 2
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD Player
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}"=Worms World Party
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}"=USB 2.0 Wireless LAN Card Utility
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}"=PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AEBEF8E1-11B9-4458-A619-14EEE48A5BB4}"=Pure Networks Platform
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}"=Office 2003 Tour
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}"=Compaq Organize
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D49B246D-8050-458F-AB0C-81D3D28D0F02}"=Launcher
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}"=Full Tilt Poker
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1"=NOD32 FiX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E192E363-0D29-4D22-B034-F2E457CC0660}"=FreeStyle Street Basketball™
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EB0508A0-162A-4996-85A1-00C07D33445A}"=9Dragons
"{EB21A812-671B-4D08-B974-2A347F0D8F70}"=HP Photosmart Essential
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}"=Max Payne 2
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FE4EBAAB-E02A-455E-A814-3B5881885030}_is1"=Mobile Ringtone Converter 2.3.24
"05E21449-3BA3-42BF-BBDA-95205F4EA40A"=Polar Bowler from Compaq (remove only)
"220B08B4-42B6-4452-A646-5646B6CB8063"=Flip Words from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6"=Bounce Symphony from Compaq (remove only)
"2FC85AE2-A516-46DC-9622-BEE432D2276B"=Jewel Quest from Compaq (remove only)
"3330A279-CC39-4A17-AE19-DA464B26AD9A"=Polar Golfer from Compaq (remove only)
"3DB5E24E-D0CE-437E-96BB-35E09A45B800"=Digby's Donuts from Compaq (remove only)
"422C7575-C10D-4795-87FA-9972765379E6"=Mah Jong Quest from Compaq (remove only)
"4A750179-4CAB-4A94-911D-36ECBC64B6B2"=SCRABBLE Blast from Compaq (remove only)
"52AEBC18-F252-4B0C-B3E1-724537D9F873"=Ricochet Lost Worlds from Compaq (remove only)
"53474592-01BC-4338-8647-FE350957D912"=Barnyard Invasion from Compaq (remove only)
"5AF1DD17-7B06-45EF-8592-2E524E458BAB"=Insaniquarium Deluxe from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC"=Tradewinds from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712"=Blasterball 2 from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E"=Slyder from Compaq (remove only)
"9421EC3B-DD11-4A1D-B299-6E00CBFD0313"=Big Kahuna Reef from Compaq (remove only)
"AC542946-E8F0-4163-9902-A1DCB02E327F"=SCRABBLE Rack Attack from Compaq (remove only)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232"=Adobe Dreamweaver CS3
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"AIM_6"=AIM 6
"All ATI Software"=ATI - Software Uninstall Utility
"ALZip_is1"=ALZip
"AOL Instant Messenger"=AOL Instant Messenger
"ATI Display Driver"=ATI Display Driver
"AutoItv3"=AutoIt v3.2.0.1
"AVG8Uninstall"=AVG Free 8.0
"AviSynth"=AviSynth 2.5
"B8DC3DBE-D64E-4EE3-8211-8BCAD6CD3D56"=Swarm from Compaq (remove only)
"BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9"=Shrek 2 Ogre Bowler from Compaq (remove only)
"BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF"=Blackhawk Striker 2 from Compaq (remove only)
"C43D84CD-EBFC-48D3-A330-7868C8AD415A"=Crystal Maze from Compaq (remove only)
"C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B"=Boggle Supreme from Compaq (remove only)
"CANONBJ_Deinstall_CNMCP5u.DLL"=Canon i80
"Compaq Game Console"=Compaq Game Console and games
"Cool Edit Pro 2.1"=Cool Edit Pro 2.1
"D06AB82F-D68E-405A-9886-AB8804291B6D"=Blasterball 2 Holidays from Compaq (remove only)
"D84AC71A-75E8-4709-8BA5-4B46EAC00C5E"=Bejeweled 2 Deluxe from Compaq (remove only)
"DE87FA96-7840-420C-86F9-33F3B7B3CED1"=Super Granny from Compaq (remove only)
"DivX Codec"=Remove DivX Codec
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVDforger_is1"=DVDforger 0.6.2 alpha
"E1A0F769-A43A-4DDB-9F73-12791E453557"=Puzzle Express from Compaq (remove only)
"E618FC78-EE4F-4243-8409-078EB5E0B1F6"=Bookworm Deluxe from Compaq (remove only)
"EAX™ Unified (SHELL)"=EAX™ Unified (SHELL)
"EC103FAC-9610-4651-BD68-CCEA97C7AB02"=FATE Demo from Compaq (remove only)
"Eusing Free Registry Cleaner"=Eusing Free Registry Cleaner
"Excel OM 3"=Excel OM 3
"F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9"=Slingo Deluxe from Compaq (remove only)
"FA6A73EB-40AB-4B58-851D-3892B3C10EF6"=SCRABBLE from Compaq (remove only)
"FlashGet"=FlashGet 1.9.6.1073
"Free WMA to MP3 Converter_is1"=Free WMA to MP3 Converter 1.16
"GangLand"=GangLand
"GOM Player"=GOM Player
"Grand Chase"=Grand Chase
"Gunz"=ijji - Gunz
"Half-Life: Counter-Strike"=Half-Life: Counter-Strike
"HijackThis"=HijackThis 2.0.2
"HPOOVClient-5577497 Uninstaller"=Compaq Connections (remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ImgBurn"=ImgBurn
"Install WeatherBug"=Remove WeatherBug Installer
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"InstallShield_{50CF3F83-A50E-44DF-BC7E-07463908E986}"=Winning Eleven 9
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}"=PC-Doctor 5 for Windows
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2005b"=Microsoft Money 2005
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"Network MagicUninstall"=Network Magic
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NOD32"=NOD32 antivirus system
"Patrician 2 patch 1.1"=Patrician 2 patch 1.1
"PeerGuardian_is1"=PeerGuardian 2.0
"Poker Tracker Version 2.13.01a_is1"=Poker Tracker Version 2.13.01a
"POM-QM for Windows (Version 3)"=POM-QM for Windows (Version 3)
"Port Royale 2"=Port Royale 2
"PowerMenu"=PowerMenu 1.51
"PS2"=PS2
"Python 2.2.3"=Python 2.2.3
"pywin32-py2.2"=Python 2.2 pywin32 extensions (build 203)
"QuicktimeAlt_is1"=QuickTime Alternative 1.76
"RealPlayer 6.0"=RealPlayer
"Risk WarZone Client"=Risk WarZone Client
"SMSERIAL"=Motorola SM56 Speakerphone Modem
"Softnyx Launcher_is1"=Softnyx Launcher
"SolidStateIONIE"=Solid State ION Internet Explorer Plugin
"Starcraft"=Starcraft
"Street Wars"=Street Wars
"Texas Calculatem_is1"=Texas Calculatem 4 with "AutoRead"
"TheGuild2"=The Guild 2
"uTorrent"=µTorrent
"Viewpoint Manager"=Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer"=Viewpoint Media Player
"Vodei Multimedia Processor"=Vodei Multimedia Processor 2.10
"WarZone Client"=WarZone Client
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire"=Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com"=ijji
"Warcraft III"=Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com"=ijji
"Warcraft III"=Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/25/2008 7:25:38 PM | Computer Name = DOOYONG0003 | Source = Google Update | ID = 20
Description =

Error - 11/29/2008 1:45:04 AM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application snapsnet.tmp, version 0.0.0.0, faulting module
snapsnet.tmp, version 0.0.0.0, fault address 0x0000b9b9.

Error - 11/29/2008 1:50:14 AM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application snapsnet.tmp, version 0.0.0.0, faulting module
snapsnet.tmp, version 0.0.0.0, fault address 0x0000b9b9.

Error - 11/29/2008 2:05:56 AM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application snapsnet.tmp, version 0.0.0.0, faulting module
snapsnet.tmp, version 0.0.0.0, fault address 0x0000b9b9.

Error - 11/30/2008 3:10:47 PM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x0df62254.

Error - 11/30/2008 10:59:26 PM | Computer Name = DOOYONG0003 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2008 2:58:12 PM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module oylnhu.dll, version 0.0.0.0, fault address 0x00016366.

Error - 12/3/2008 5:13:48 PM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x696c6163.

Error - 12/4/2008 2:31:16 AM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x049f2254.

Error - 12/5/2008 9:53:23 PM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module smjuue.dll, version 0.0.0.0, fault address 0x00016366.

[ System Events ]
Error - 12/6/2008 8:30:12 PM | Computer Name = DOOYONG0003 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {4BD057AB-B25F-4F20-BE57-D3BF46AACC11}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 12/6/2008 11:05:00 PM | Computer Name = DOOYONG0003 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {4BD057AB-B25F-4F20-BE57-D3BF46AACC11}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 12/6/2008 11:05:06 PM | Computer Name = DOOYONG0003 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/7/2008 12:10:53 AM | Computer Name = DOOYONG0003 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {4BD057AB-B25F-4F20-BE57-D3BF46AACC11}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 12/7/2008 12:10:53 AM | Computer Name = DOOYONG0003 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {4BD057AB-B25F-4F20-BE57-D3BF46AACC11}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 12/7/2008 12:10:55 AM | Computer Name = DOOYONG0003 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/7/2008 3:22:50 PM | Computer Name = DOOYONG0003 | Source = Service Control Manager | ID = 7000
Description = The Brother Popup Suspend service for Resource manager service failed
to start due to the following error: %%3

Error - 12/7/2008 3:22:53 PM | Computer Name = DOOYONG0003 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/7/2008 3:22:59 PM | Computer Name = DOOYONG0003 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 12/7/2008 3:23:07 PM | Computer Name = DOOYONG0003 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {4BD057AB-B25F-4F20-BE57-D3BF46AACC11}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.


< End of report >

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-07 17:16:31
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF7CF6C04]
SSDT sptd.sys ZwEnumerateKey [0xF7CF6D48]
SSDT sptd.sys ZwEnumerateValueKey [0xF7CF70C0]
SSDT sptd.sys ZwOpenKey [0xF7CF6AE2]
SSDT sptd.sys ZwQueryKey [0xF7CF718A]
SSDT sptd.sys ZwQueryValueKey [0xF7CF7022]
SSDT sptd.sys ZwSetValueKey [0xF7CF7212]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD2845.SYS The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F73D24D0 16 Bytes [ 06, 46, CD, 15, 95, 3D, 39, ... ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F73D24E1 31 Bytes [ 10, 3D, F7, C4, 24, 27, 67, ... ]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\internet explorer\iexplore.exe[780] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[780] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[780] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[780] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[780] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[780] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[780] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[780] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7CFFF52] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7D16658] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F7D00550] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F7D00454] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F7D00620] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7D15F6C] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F7D0010E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7D15BB0] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F7CFFFA6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7CF2A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7CF2B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7CF2AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7CF36CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7CF35A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7D1679E] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F7D051BA] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F7D15BB0] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7D1679E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7D15BBC] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F7CF2020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F7CF2020] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8378A0E8

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

Device \FileSystem\Fastfat \FatCdrom 834F21F0
Device \Driver\NetBT \Device\NetBT_Tcpip_{D6E8FDA3-5B88-447F-AAB7-D295C46518B6} 834AEAD0
Device \Driver\Ftdisk \Device\HarddiskVolume1 837D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 837D5C78
Device \Driver\Cdrom \Device\CdRom0 835C1588
Device \FileSystem\Rdbss \Device\FsWrap 836050E8
Device \Driver\Cdrom \Device\CdRom1 835C1588
Device \Driver\atapi \Device\Ide\IdePort0 83533898
Device \Driver\atapi \Device\Ide\IdePort1 83533898
Device \Driver\atapi \Device\Ide\IdePort2 83533898
Device \Driver\atapi \Device\Ide\IdePort3 83533898
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 83533898
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 83533898
Device \Driver\Cdrom \Device\CdRom2 835C1588
Device \Driver\usbstor \Device\00000080 835F6380
Device \Driver\usbstor \Device\00000082 835F6380
Device \Driver\usbstor \Device\00000083 835F6380
Device \Driver\NetBT \Device\NetBt_Wins_Export 834AEAD0
Device \Driver\usbstor \Device\00000084 835F6380
Device \Driver\NetBT \Device\NetbiosSmb 834AEAD0
Device \Driver\usbstor \Device\00000085 835F6380
Device \Driver\00000045 \Device\0000005c sptd.sys
Device \Driver\00000045 \Device\0000005c sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 837D55D0
Device \Driver\Disk \Device\Harddisk1\DR3 837D55D0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+7 837D55D0
Device \Driver\Disk \Device\Harddisk2\DR4 837D55D0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+8 837D55D0
Device \Driver\Disk \Device\Harddisk3\DR5 837D55D0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+9 837D55D0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+a 837D55D0
Device \Driver\Disk \Device\Harddisk4\DR6 837D55D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 835F3858
Device \FileSystem\MRxSmb \Device\LanmanRedirector 835F3858
Device \FileSystem\Npfs \Device\NamedPipe 837210E8
Device \Driver\Ftdisk \Device\FtControl 837D5C78
Device \Driver\NetBT \Device\NetBT_Tcpip_{980D0579-3A1A-4D5E-8D60-06B2C46F1464} 834AEAD0
Device \FileSystem\Msfs \Device\Mailslot 835080E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 83468390
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 835F09A0
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 8340A398
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target1Lun0 83468390
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target1Lun0 835F09A0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 83468390
Device \Driver\dtscsi \Device\Scsi\dtscsi1 835F09A0
Device \FileSystem\Fastfat \Fat 834F21F0

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

Device \FileSystem\Cdfs \Cdfs 834BC0E8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD0 0xA8 0x02 0xCD ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x50 0x78 0xED 0x61 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0xCC 0xC6 0x4A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE7 0xE1 0x0D 0xE7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x63 0x0F 0xA6 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -929111294
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1137779880
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1789871781
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD0 0xA8 0x02 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x50 0x78 0xED 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0xCC 0xC6 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE7 0xE1 0x0D 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x63 0x0F 0xA6 0xE3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD0 0xA8 0x02 0xCD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x50 0x78 0xED 0x61 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0xCC 0xC6 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE7 0xE1 0x0D 0xE7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x63 0x0F 0xA6 0xE3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD0 0xA8 0x02 0xCD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x50 0x78 0xED 0x61 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x35 0xCC 0xC6 0x4A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE7 0xE1 0x0D 0xE7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x63 0x0F 0xA6 0xE3 ...

---- EOF - GMER 1.0.14 ----

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:28 PM

Posted 07 December 2008 - 06:50 PM

Hello, yyoo223
We need to upload a file for further inspection
  • Please go to this page.
  • Where it asks for the "Link to where the file was requested" copy and paste in
    http://www.bleepingcomputer.com/forums/t/183015/possible-infection-my-hijackthis-log/?p=1036105
  • Where it says "Browse to the file you want to submit", browse to
    C:\Program Files\Common Files\logishrd\WUApp32.exe
  • Press the Posted Image button.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F10977-1D14-4EB8-9CD6-804B9D06B9E0}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b360665-b8ac-40ae-8206-178ea014666b}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C645F79-1912-40DA-A5A1-6C89213E0058}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CAB59B4-55A3-4737-9FD5-B93C6430BF77}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    [-HKEY_CLASSES_ROOT\CLSID\{4b360665-b8ac-40ae-8206-178ea014666b}]
    [-HKEY_CLASSES_ROOT\CLSID\{4C645F79-1912-40DA-A5A1-6C89213E0058}]
    [-HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{E0E899AB-F487-11D5-8D29-0050BA6940E3}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{724D43A0-0D85-11D4-9908-00400523E39A}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"=-
    [HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"=-
    [HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{724D43A0-0D85-11D4-9908-00400523E39A}"=-
    [HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-9990-79A187E2698E}=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "68c04976"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"="avgrsstx.dll"
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfEVPIa]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abdf7945-8487-11db-8985-0014a505f298}]
    :files
    C:\WINDOWS\system32\iixvvb.dll
    C:\WINDOWS\system32\xxyxVnki.dll
    C:\WINDOWS\system32\khfEVPIa.dll
    C:\WINDOWS\system32\flrwrexu.dll
    C:\WINDOWS\System32\smjuue.dll
    C:\WINDOWS\System32\qncltjob.dll
    C:\WINDOWS\System32\uxerwrlf.ini
    C:\WINDOWS\System32\flrwrexu.dll
    C:\WINDOWS\System32\utjuvogl.ini
    C:\WINDOWS\System32\lgovujtu.dll
    C:\WINDOWS\System32\iknVxyxx.ini2
    C:\WINDOWS\System32\iknVxyxx.ini
    C:\WINDOWS\System32\iixvvb.dll
    C:\WINDOWS\System32\eaplqhbh.dll
    C:\WINDOWS\System32\XFLSCJlm.ini2
    C:\WINDOWS\System32\XFLSCJlm.ini
    C:\WINDOWS\System32\qoMffExU.dll
    C:\WINDOWS\System32\iknVxyxx.ini
    C:\WINDOWS\System32\iknVxyxx.ini2
    C:\WINDOWS\System32\smjuue.dll
    C:\WINDOWS\System32\qncltjob.dll
    C:\WINDOWS\System32\uxerwrlf.ini
    C:\WINDOWS\System32\flrwrexu.dll
    C:\WINDOWS\System32\utjuvogl.ini
    C:\WINDOWS\System32\lgovujtu.dll
    C:\WINDOWS\System32\XFLSCJlm.ini
    C:\WINDOWS\System32\XFLSCJlm.ini2
    C:\WINDOWS\System32\iixvvb.dll
    C:\WINDOWS\System32\eaplqhbh.dll
    C:\WINDOWS\System32\qoMffExU.dll
    :commands
    [Reboot]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • A New OTVIewIt Main.txt
  • A New OTViewIt Extra.txt

Billy3

Edited by Billy O'Neal, 07 December 2008 - 06:52 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 yyoo223

yyoo223
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 07 December 2008 - 07:35 PM

Hi Billy,

Thank you for such a timely response. Here are the results and logs.
Not sure if this helps but the desktop did not load automatically again and I had to manually run explorer.exe.

I forgot to update Java so I updated it and reloaded logs.

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F10977-1D14-4EB8-9CD6-804B9D06B9E0}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b360665-b8ac-40ae-8206-178ea014666b}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C645F79-1912-40DA-A5A1-6C89213E0058}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CAB59B4-55A3-4737-9FD5-B93C6430BF77}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{4b360665-b8ac-40ae-8206-178ea014666b}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{4C645F79-1912-40DA-A5A1-6C89213E0058}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
Registry value HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\68c04976 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"avgrsstx.dll" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfEVPIa\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ not found.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abdf7945-8487-11db-8985-0014a505f298}\\ deleted successfully.
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iixvvb.dll
C:\WINDOWS\system32\iixvvb.dll NOT unregistered.
C:\WINDOWS\system32\iixvvb.dll moved successfully.
File/Folder C:\WINDOWS\system32\xxyxVnki.dll not found.
File/Folder C:\WINDOWS\system32\khfEVPIa.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\flrwrexu.dll
C:\WINDOWS\system32\flrwrexu.dll NOT unregistered.
C:\WINDOWS\system32\flrwrexu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\smjuue.dll
C:\WINDOWS\System32\smjuue.dll NOT unregistered.
C:\WINDOWS\System32\smjuue.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\qncltjob.dll
C:\WINDOWS\System32\qncltjob.dll NOT unregistered.
C:\WINDOWS\System32\qncltjob.dll moved successfully.
C:\WINDOWS\System32\uxerwrlf.ini moved successfully.
File/Folder C:\WINDOWS\System32\flrwrexu.dll not found.
C:\WINDOWS\System32\utjuvogl.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\lgovujtu.dll
C:\WINDOWS\System32\lgovujtu.dll NOT unregistered.
C:\WINDOWS\System32\lgovujtu.dll moved successfully.
C:\WINDOWS\System32\iknVxyxx.ini2 moved successfully.
C:\WINDOWS\System32\iknVxyxx.ini moved successfully.
File/Folder C:\WINDOWS\System32\iixvvb.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\eaplqhbh.dll
C:\WINDOWS\System32\eaplqhbh.dll NOT unregistered.
C:\WINDOWS\System32\eaplqhbh.dll moved successfully.
C:\WINDOWS\System32\XFLSCJlm.ini2 moved successfully.
C:\WINDOWS\System32\XFLSCJlm.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\qoMffExU.dll
C:\WINDOWS\System32\qoMffExU.dll NOT unregistered.
C:\WINDOWS\System32\qoMffExU.dll moved successfully.
File/Folder C:\WINDOWS\System32\iknVxyxx.ini not found.
File/Folder C:\WINDOWS\System32\iknVxyxx.ini2 not found.
File/Folder C:\WINDOWS\System32\smjuue.dll not found.
File/Folder C:\WINDOWS\System32\qncltjob.dll not found.
File/Folder C:\WINDOWS\System32\uxerwrlf.ini not found.
File/Folder C:\WINDOWS\System32\flrwrexu.dll not found.
File/Folder C:\WINDOWS\System32\utjuvogl.ini not found.
File/Folder C:\WINDOWS\System32\lgovujtu.dll not found.
File/Folder C:\WINDOWS\System32\XFLSCJlm.ini not found.
File/Folder C:\WINDOWS\System32\XFLSCJlm.ini2 not found.
File/Folder C:\WINDOWS\System32\iixvvb.dll not found.
File/Folder C:\WINDOWS\System32\eaplqhbh.dll not found.
File/Folder C:\WINDOWS\System32\qoMffExU.dll not found.
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12072008_192129

OTViewIt logfile created on: 12/7/2008 7:44:24 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.48 Mb Total Physical Memory | 214.23 Mb Available Physical Memory | 30.50% Memory free
1.68 Gb Paging File | 1.14 Gb Available in Paging File | 68.06% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.79 Gb Total Space | 30.41 Gb Free Space | 16.91% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.18 Gb Free Space | 18.22% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 618.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 697.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DOOYONG0003
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/12/16 21:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/12/16 21:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2005/12/22 19:15:46 | 00,381,014 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
[2001/12/12 23:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/11/29 19:23:20 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005/07/25 08:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/08/24 20:59:31 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
[2005/12/22 19:21:44 | 00,061,526 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/01/08 16:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
[2008/11/29 19:23:23 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[2005/01/24 04:56:00 | 00,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
[2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2005/02/16 22:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2006/09/25 09:12:20 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2007/08/24 20:59:31 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
[2007/01/01 16:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
[2008/01/08 16:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
[2008/01/18 09:32:34 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/11/30 02:10:56 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2007/05/20 11:00:50 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/11/13 00:33:00 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2005/12/22 20:14:54 | 00,921,704 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
[2002/12/19 18:17:56 | 00,057,344 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenu.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/09/25 09:12:20 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/09/25 09:12:20 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2004/09/07 15:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
[1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe
[2005/08/11 15:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2008/12/07 16:41:12 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe
[2008/12/07 19:40:05 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/12/07 19:40:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/12/07 16:41:12 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/12/16 21:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/12/20 21:05:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/11/29 19:23:20 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
File not found -- -- (brmfrmps [Auto | Stopped])
[2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/03/13 11:03:57 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/01/23 23:25:21 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2005/07/25 08:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/01/18 09:31:46 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008/01/08 16:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2007/08/24 20:59:31 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe -- (NOD32krn [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/12/22 19:21:44 | 00,061,526 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC [Auto | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/12/07 19:40:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services ==========

[2005/10/11 23:04:34 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2005/04/20 13:00:56 | 02,317,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/03/09 16:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Stopped])
[2007/08/24 20:59:31 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
[2006/12/16 21:50:29 | 01,918,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/01/11 01:01:46 | 00,271,360 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2008/11/29 19:23:45 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/11/29 19:23:40 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2001/08/17 12:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt [On_Demand | Stopped])
[2003/03/13 23:04:20 | 00,061,952 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM [On_Demand | Stopped])
[2001/08/17 12:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm [On_Demand | Stopped])
[2001/08/17 12:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn [On_Demand | Stopped])
[2007/02/03 09:25:56 | 01,075,360 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL [On_Demand | Running])
[2005/11/11 15:34:16 | 00,353,728 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02 [On_Demand | Running])
[2006/07/07 14:41:54 | 00,223,128 | ---- | M] () -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
[2003/06/12 04:56:44 | 00,098,304 | R--- | M] (ATMEL) -- C:\WINDOWS\system32\drivers\vnet558x.sys -- (FVNETusb [On_Demand | Stopped])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/11/30 13:13:25 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2005/03/09 20:09:18 | 00,870,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2007/01/11 01:01:46 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2007/02/03 09:32:36 | 00,041,504 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2008/04/13 13:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys -- (mf [On_Demand | Stopped])
[2001/08/17 22:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2007/08/24 20:59:31 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
[2007/08/21 09:05:32 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Running])
[2008/01/08 16:16:10 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/01/08 16:16:10 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2005/04/25 11:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/03/04 13:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/01/25 08:56:00 | 00,923,863 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Running])
[2006/07/07 14:39:13 | 00,643,072 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/18 15:52:29 | 00,053,760 | ---- | M] () -- C:\WINDOWS\system32\drivers\SSHDRV76.sys -- (SSHDRV76 [System | Running])
[2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
[2005/03/21 23:00:00 | 00,008,672 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\uscbs109.sys -- (uscbs109 [On_Demand | Running])
[2005/03/21 23:00:00 | 00,102,336 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\uscsc109.sys -- (uscsc109 [On_Demand | Running])
[2004/08/04 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=
"provider"=

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{F156768E-81EF-470C-9057-481BA8380DBA} (HKLM) -- C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KBD"=C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset )
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SMSERIAL"=sm56hlpr.exe (Motorola Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found

========== (O4) Startup Folders ==========

[2005/12/22 20:14:54 | 00,921,704 | ---- | M] (Dell Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
[2002/12/19 18:17:56 | 00,057,344 | ---- | M] (Thong Nguyen) -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Download All with FlashGet: C:\Program Files\FlashGet\JC_ALL.HTM [2007/09/11 06:21:42 | 00,001,049 | ---- | M] ()
&Download with FlashGet: C:\Program Files\FlashGet\JC_LINK.HTM [2007/09/11 06:21:42 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\Software\Microsoft\Internet Explorer\MenuExt\]
&Download All with FlashGet: C:\Program Files\FlashGet\JC_ALL.HTM [2007/09/11 06:21:42 | 00,001,049 | ---- | M] ()
&Download with FlashGet: C:\Program Files\FlashGet\JC_LINK.HTM [2007/09/11 06:21:42 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008/09/29 16:57:50 | 01,082,880 | ---- | M] (Skype Technologies S.A.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2006/05/25 00:22:06 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2005/08/05 14:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- File not found
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Button: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Menu: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Button: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/09/15 20:57:56 | 00,000,735 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Menu: Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/09/15 20:57:56 | 00,000,735 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{F4430FE8-2638-42e5-B849-800749B94EED}: Button: PartyPoker.net -- File not found
{F4430FE8-2638-42e5-B849-800749B94EED}: Menu: PartyPoker.net -- File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2006/05/25 00:22:06 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2005/08/05 14:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [PartyPoker.com] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [PartyPoker.net] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2006/05/25 00:22:06 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2005/08/05 14:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [PartyPoker.com] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [PartyPoker.net] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2006/05/25 00:22:06 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2005/08/05 14:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [PartyPoker.com] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [PartyPoker.net] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F46} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{320AF880-6646-11D3-ABEE-C5DBF3571F49} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{724d43aa-0d85-11d4-9908-00400523e39a} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [2006/05/25 00:22:06 | 00,053,248 | ---- | M] ()
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> %ProgramFiles%\AIM\aim.exe [AIM] -> [2005/08/05 14:08:26 | 00,067,160 | ---- | M] (America Online, Inc.)
CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> [PartyPoker.com] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Connection Help] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKLM] -> [PartyPoker.net] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05D44720-58E3-49E6-BDF6-D00330E511D3}: http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab -- StagingUI Object
{072039AB-2117-4ED5-A85F-9B9EB903E021}: http://www.clubbox.co.kr/neo.fld/NowStarter.cab -- NowStarter Control
{149E45D8-163E-4189-86FC-45022AB2B6C9}: file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx -- SpinTop DRM Control
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{1DE9BB01-B121-401D-8877-BCD5ED5B7EE5}: http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB -- Tpwin Control
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{25365FF3-2746-4230-9DA7-163CCA318309}: http://inst.c-wss.com/n019p/EN/install/gtdownlr.cab -- Automatic Driver Installation Control
{25794D3C-E2F0-40B8-9C11-F38DC1908633}: http://activexdown.paran.com/paranactivex/...oadlauncher.cab -- Maildropfile Control
{2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60}: http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab -- PDUpdate Control
{37A273C2-5129-11D5-BF37-00A0CCE8754B}: http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab -- TTestGenXInstallObject
{3BB54395-5982-4788-8AF4-B5388FFDD0D8}: http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab -- MSN Games – Buddy Invite
{5736C456-EA94-4AAC-BB08-917ABDD035B3}: http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab -- ZonePAChat Object
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{5F5F9FB8-878E-4455-95E0-F64B2314288A}: http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab -- ijjiPlugin2 Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}: http://www.acclaim.com/cabs/acclaim_v5.cab -- GameLauncher Control
{7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8}: http://www.legendofares.com/download/mgusamanagerv1001.cab -- MGAME manager Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{95D88B35-A521-472B-A182-BB1A98356421}: http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab -- Pearson Installation Assistant 2
{A2E05F45-F127-4092-B9F7-9A02C3E04C77}: http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab -- HGPlugin7USA Class
{A90A5822-F108-45AD-8482-9BC8B12DD539}: http://www.crucial.com/controls/cpcScanner.cab -- Crucial cpcScan
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{BA2D9665-D672-446F-98F4-E3E41FA12A01}: http://www.mypccenter.com/PCA.cab -- PCAObj Class
{BD08A9D5-0E5C-4F42-99A3-C0CB5E860557}: http://cdn1.acclaimdownloads.com/solidstateion.cab -- CSolidBrowserObj Object
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CC450D71-CC90-424C-8638-1F2DBAC87A54}: file://C:\Program Files\Risk\Images\armhelper.ocx -- ArmHelper Control
{CD995117-98E5-4169-9920-6C12D4C0B548}: http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab -- HGPlugin9USA Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}: http://zone.msn.com/binframework/v10/StProxy.cab55579.cab -- MSN Games – Game Communicator
{EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A}: http://asp.mathxl.com/books/_Players/EconPlayer.cab -- Pearson MyEconLab Player Control
{FCD61199-E187-4ADD-88E5-9AF238486D11}: http://www.tvzoa.com/player/forceplayer.cab -- CPPMediaCtrl Object
{FF3C5A9F-5A91-4930-80E8-4709194C2AD3}: http://zone.msn.com/bingame/zpagames/Check...PA.cab55579.cab -- CheckersZPA Object

========== (O17) DNS Name Servers ==========

{4BD057AB-B25F-4F20-BE57-D3BF46AACC11} (Servers: | Description: 1394 Net Adapter)
{8FA84C9E-EBA9-4E56-8810-62B29113622D} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)
{980D0579-3A1A-4D5E-8D60-06B2C46F1464} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{A36CEF8E-ACF5-41C4-8088-B25F23611246} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)
{B0E96F0E-F741-4273-A8FA-12A70C597D59} (Servers: | Description: )
{B6868852-0E01-4C46-B97D-664E3DDEB3EF} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{B79CD0E0-7DB7-4724-A9D0-ED3179536593} (Servers: | Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
{D6E8FDA3-5B88-447F-AAB7-D295C46518B6} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{E2DF5359-2CDF-4757-9C80-C8F17534256E} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)
{E321A272-53BF-4E46-AC32-63B0FEA9C86C} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)
{EF01837E-B102-4716-8A30-43B38E10AFBA} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{F48F0E10-BFC7-47CE-9F4F-92A5ACB11B31} (Servers: | Description: Dell Wireless 1450 Dual-band (802.11a/b/g) USB2.0 Adapter)
{FC49235F-43B4-4EF5-8781-C1C9C66212AF} (Servers: | Description: Linksys Wireless-B USB Network Adapter v2.8)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/11/29 19:23:49 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
PRISMAPI.DLL: "DllName" = PRISMAPI.DLL -- C:\WINDOWS\system32\PRISMAPI.dll (Conexant Systems, Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}" (HKLM) -- C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/06/25 00:32:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

autorun.inf [[autorun] | icon=bin\maxpayne2.ico | ]
[2003/09/18 15:11:56 | 00,000,035 | R--- | M] () -- J:\autorun.inf -- [ CDFS ]

autorun.inf [[autorun] | open=Install.exe | icon=bin\maxpayne2.ico | ]
[2003/09/18 15:10:56 | 00,000,053 | R--- | M] () -- K:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2008/12/07 19:39:05 | 16,168,344 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\jre-6u11-windows-i586-p.exe
[2008/12/07 19:21:29 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/07 19:19:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt old
[2008/12/07 19:18:25 | 00,030,339 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\11255.pdf
[2008/12/07 19:05:25 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTMoveIt3.exe
[2008/12/07 18:52:38 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Ethical Theories.doc
[2008/12/07 16:42:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer
[2008/12/07 16:41:06 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe
[2008/12/07 15:50:12 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\BA3102 Rubric_Group Projects_NEW.doc
[2008/12/07 15:49:52 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\BA_3102_Extra_Credit_Assignment_Ambler.doc
[2008/12/06 23:52:41 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Residency.doc
[2008/12/06 23:25:48 | 01,056,768 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\finale.lec.2008.ppt
[2008/12/01 23:48:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Poker
[2008/12/01 20:52:18 | 00,163,840 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speech 5 Slide Show.ppt
[2008/11/30 13:51:16 | 00,000,000 | ---D | C] -- C:\rsit
[2008/11/30 13:50:26 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
[2008/11/30 13:13:28 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/11/30 13:13:25 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/11/30 13:13:25 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/30 13:13:25 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/30 13:13:24 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/11/30 13:09:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\OTScanIt
[2008/11/30 13:08:57 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.exe
[2008/11/30 03:44:33 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2008/11/30 03:44:05 | 00,576,581 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTScanIt.exe
[2008/11/30 03:01:24 | 00,006,144 | -HS- | C] () -- C:\Documents and Settings\All Users\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\All Users\Desktop\Thumbs.db:encryptable
[2008/11/30 02:47:40 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.lnk
[2008/11/30 02:47:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/30 02:47:23 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HJTInstall.exe
[2008/11/30 00:26:26 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/30 00:26:26 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/30 00:26:12 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/11/30 00:26:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/30 00:25:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/11/29 22:46:33 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/11/29 22:11:00 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/11/29 19:27:10 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/11/29 19:23:50 | 00,001,515 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/29 19:23:49 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/29 19:23:45 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/29 19:23:40 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/29 19:23:35 | 30,657,076 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/29 19:23:35 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/29 19:23:35 | 00,334,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/29 19:23:35 | 00,086,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/29 19:23:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/11/29 19:23:18 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/11/29 19:23:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/11/29 16:59:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/11/29 16:49:24 | 73,667,7888 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/29 15:57:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/11/29 15:57:11 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/11/29 15:57:11 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/11/29 15:57:11 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/11/29 15:57:11 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/11/29 15:57:11 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/11/29 15:57:11 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/11/29 15:57:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/11/29 15:57:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/11/29 15:57:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/11/29 15:57:02 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/11/29 15:54:46 | 03,055,914 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2008/11/29 00:41:44 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\MSINET.oca
[2008/11/29 00:41:44 | 00,002,407 | ---- | C] () -- C:\WINDOWS\System32\MSINET.DEP
[2008/11/28 12:14:45 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\fina.doc
[2008/11/21 22:56:46 | 00,157,152 | ---- | C] (NHN Corporation) -- C:\WINDOWS\System32\PubPlugin.dll
[2008/11/21 22:21:46 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/21 22:21:10 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/11/21 22:20:59 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/11/21 22:20:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/21 22:19:16 | 00,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2008/11/21 22:18:43 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/11/21 22:18:27 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/21 22:18:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Apple
[2008/11/21 22:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/11/21 22:17:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/11/21 22:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/11/19 20:44:46 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\directions.doc
[2008/11/15 18:00:35 | 00,091,184 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Yoo, Yong.pdf
[2008/11/15 18:00:35 | 00,041,984 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Yoo, Yong.doc
[2008/11/13 00:33:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
[2008/11/13 00:32:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Deployment
[2008/11/12 20:17:04 | 01,616,955 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\companyprofact.pdf
[2008/11/11 22:03:27 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/11 22:03:08 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/09 21:03:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\reports

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2008/12/07 19:39:26 | 16,168,344 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\jre-6u11-windows-i586-p.exe
[2008/12/07 19:24:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/07 19:24:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/07 19:24:04 | 73,667,7888 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/07 19:18:26 | 00,030,339 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\11255.pdf
[2008/12/07 19:09:49 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Ethical Theories.doc
[2008/12/07 19:05:39 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTMoveIt3.exe
[2008/12/07 17:33:36 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office Word 2003.lnk
[2008/12/07 16:46:33 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/07 16:42:01 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\gmer.zip
[2008/12/07 16:41:12 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTViewIt.exe
[2008/12/07 15:50:12 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\BA3102 Rubric_Group Projects_NEW.doc
[2008/12/07 15:49:53 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\BA_3102_Extra_Credit_Assignment_Ambler.doc
[2008/12/07 14:24:22 | 30,657,076 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/06 23:52:41 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Residency.doc
[2008/12/06 23:25:56 | 01,056,768 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\finale.lec.2008.ppt
[2008/12/06 23:14:26 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/12/05 20:49:00 | 00,086,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/05 20:46:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/03 15:27:07 | 00,170,496 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/02 23:39:51 | 00,163,840 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Speech 5 Slide Show.ppt
[2008/11/30 13:50:36 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
[2008/11/30 13:13:25 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/11/30 13:13:25 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/30 13:13:25 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/30 03:44:19 | 00,576,581 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\OTScanIt.exe
[2008/11/30 03:01:24 | 00,006,144 | -HS- | M] () -- C:\Documents and Settings\All Users\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\All Users\Desktop\Thumbs.db:encryptable
[2008/11/30 02:47:40 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.lnk
[2008/11/30 02:47:29 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HJTInstall.exe
[2008/11/30 02:09:52 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/30 00:26:26 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/30 00:26:26 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/29 19:23:50 | 00,001,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/29 19:23:49 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/29 19:23:45 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/29 19:23:40 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/29 19:23:35 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/29 16:50:46 | 00,000,311 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/29 16:50:25 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/29 15:54:56 | 03,055,914 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2008/11/29 01:05:32 | 00,115,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2008/11/29 01:05:32 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\MSINET.oca
[2008/11/29 01:05:32 | 00,002,407 | ---- | M] () -- C:\WINDOWS\System32\MSINET.DEP
[2008/11/28 16:44:17 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\fina.doc
[2008/11/28 13:31:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/28 13:31:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/27 16:35:24 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/11/23 15:12:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/11/23 15:12:42 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/11/22 01:15:24 | 02,641,552 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IconCache.db
[2008/11/21 22:19:16 | 00,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2008/11/21 22:18:27 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/19 20:44:48 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\directions.doc
[2008/11/15 19:53:10 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office PowerPoint 2003.lnk
[2008/11/15 19:23:59 | 00,041,984 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Yoo, Yong.doc
[2008/11/12 20:17:05 | 01,616,955 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\companyprofact.pdf
[2008/11/11 22:25:19 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/11 10:26:58 | 00,091,184 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Yoo, Yong.pdf
[2008/11/10 22:20:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/11/10 22:20:05 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/11/08 13:47:43 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office Excel 2003.lnk
< End of report >

OTViewIt Extras logfile created on: 12/7/2008 7:44:24 PM - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.48 Mb Total Physical Memory | 214.23 Mb Available Physical Memory | 30.50% Memory free
1.68 Gb Paging File | 1.14 Gb Available in Paging File | 68.06% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.79 Gb Total Space | 30.41 Gb Free Space | 16.91% Space Free | Partition Type: NTFS
Drive D: | 6.50 Gb Total Space | 1.18 Gb Free Space | 18.22% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 618.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 697.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DOOYONG0003
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
[2005/10/08 00:27:37 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/10/08 00:27:37 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections
[2008/08/15 21:59:05 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/10/23 20:56:22 | 02,408,448 | ---- | M] () -- C:\ijji\ENGLISH\GUNSTER.exe:*:Enabled:Gunster
[2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2005/10/20 09:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/01 16:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2007/09/25 04:29:38 | 02,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/11/09 20:52:58 | 03,753,456 | ---- | M] (Google) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
[2008/11/09 20:26:48 | 00,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/11/29 19:23:21 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/09/29 16:57:48 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008/01/08 16:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000032 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000033 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000034 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000035 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000036 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000037 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000038 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000039 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000040 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000041 -- C:\WINDOWS\system32\imon.dll (Eset )

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 11:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 11:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 11:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 11:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/23 15:35:08 | 00,140,600 | ---- | M] (Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (pure-go:{4746C79A-2042-4332-8650-48966E44ABA8} (HKLM) [CPureGoProtoInfo Object])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/29 16:57:48 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}"=Adobe Setup
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}"=Risk II
"{0F1649F6-F84B-41B2-980B-D2371BA389B3}"=Network Magic
"{108921F0-2DDB-3C3D-A02D-CC18285F514C}"=Google Talk Plugin
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}"=Microsoft Plus! Dancer LE
"{1DCC7418-2089-4BDD-B321-3771956160FC}"=ijji Auto Installer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150000}"=J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{3262E7D1-0A6F-4DD8-8971-DD062F081703}_is1"=Cube Construct 1.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35A501AD-C538-4286-9A45-AAF5514A482D}"=Universal SCSI Controller
"{3912A629-0020-0005-3757-2FBA74D4DF0A}"=InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}"=HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{50CF3F83-A50E-44DF-BC7E-07463908E986}"=Winning Eleven 9
"{536F7C74-844B-4683-B0C5-EA39E19A6FE3}"=Microsoft AntiSpyware
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}"=LightScribe 1.4.42.1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{6918E1F4-0988-433C-A418-CC0BF87A7A2B}"=MapleStory
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69B02159-7624-4DBB-B9EE-F933039830AD}"=QuickBooks Premier Edition 2006
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7989FC0E-85EC-4C8D-AD5C-3FD1398261A7}"=ATI Catalyst Control Center
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8BD5B620-AA88-11D4-AEC7-0008C739EC2A}"=Gangsters 2
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD Player
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}"=Worms World Party
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}"=USB 2.0 Wireless LAN Card Utility
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}"=PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AEBEF8E1-11B9-4458-A619-14EEE48A5BB4}"=Pure Networks Platform
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}"=Office 2003 Tour
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}"=Compaq Organize
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D49B246D-8050-458F-AB0C-81D3D28D0F02}"=Launcher
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}"=Full Tilt Poker
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1"=NOD32 FiX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E192E363-0D29-4D22-B034-F2E457CC0660}"=FreeStyle Street Basketball™
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EB0508A0-162A-4996-85A1-00C07D33445A}"=9Dragons
"{EB21A812-671B-4D08-B974-2A347F0D8F70}"=HP Photosmart Essential
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}"=Max Payne 2
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FE4EBAAB-E02A-455E-A814-3B5881885030}_is1"=Mobile Ringtone Converter 2.3.24
"05E21449-3BA3-42BF-BBDA-95205F4EA40A"=Polar Bowler from Compaq (remove only)
"220B08B4-42B6-4452-A646-5646B6CB8063"=Flip Words from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6"=Bounce Symphony from Compaq (remove only)
"2FC85AE2-A516-46DC-9622-BEE432D2276B"=Jewel Quest from Compaq (remove only)
"3330A279-CC39-4A17-AE19-DA464B26AD9A"=Polar Golfer from Compaq (remove only)
"3DB5E24E-D0CE-437E-96BB-35E09A45B800"=Digby's Donuts from Compaq (remove only)
"422C7575-C10D-4795-87FA-9972765379E6"=Mah Jong Quest from Compaq (remove only)
"4A750179-4CAB-4A94-911D-36ECBC64B6B2"=SCRABBLE Blast from Compaq (remove only)
"52AEBC18-F252-4B0C-B3E1-724537D9F873"=Ricochet Lost Worlds from Compaq (remove only)
"53474592-01BC-4338-8647-FE350957D912"=Barnyard Invasion from Compaq (remove only)
"5AF1DD17-7B06-45EF-8592-2E524E458BAB"=Insaniquarium Deluxe from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC"=Tradewinds from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712"=Blasterball 2 from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E"=Slyder from Compaq (remove only)
"9421EC3B-DD11-4A1D-B299-6E00CBFD0313"=Big Kahuna Reef from Compaq (remove only)
"AC542946-E8F0-4163-9902-A1DCB02E327F"=SCRABBLE Rack Attack from Compaq (remove only)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232"=Adobe Dreamweaver CS3
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"AIM_6"=AIM 6
"All ATI Software"=ATI - Software Uninstall Utility
"ALZip_is1"=ALZip
"AOL Instant Messenger"=AOL Instant Messenger
"ATI Display Driver"=ATI Display Driver
"AutoItv3"=AutoIt v3.2.0.1
"AVG8Uninstall"=AVG Free 8.0
"AviSynth"=AviSynth 2.5
"B8DC3DBE-D64E-4EE3-8211-8BCAD6CD3D56"=Swarm from Compaq (remove only)
"BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9"=Shrek 2 Ogre Bowler from Compaq (remove only)
"BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF"=Blackhawk Striker 2 from Compaq (remove only)
"C43D84CD-EBFC-48D3-A330-7868C8AD415A"=Crystal Maze from Compaq (remove only)
"C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B"=Boggle Supreme from Compaq (remove only)
"CANONBJ_Deinstall_CNMCP5u.DLL"=Canon i80
"Compaq Game Console"=Compaq Game Console and games
"Cool Edit Pro 2.1"=Cool Edit Pro 2.1
"D06AB82F-D68E-405A-9886-AB8804291B6D"=Blasterball 2 Holidays from Compaq (remove only)
"D84AC71A-75E8-4709-8BA5-4B46EAC00C5E"=Bejeweled 2 Deluxe from Compaq (remove only)
"DE87FA96-7840-420C-86F9-33F3B7B3CED1"=Super Granny from Compaq (remove only)
"DivX Codec"=Remove DivX Codec
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVDforger_is1"=DVDforger 0.6.2 alpha
"E1A0F769-A43A-4DDB-9F73-12791E453557"=Puzzle Express from Compaq (remove only)
"E618FC78-EE4F-4243-8409-078EB5E0B1F6"=Bookworm Deluxe from Compaq (remove only)
"EAX™ Unified (SHELL)"=EAX™ Unified (SHELL)
"EC103FAC-9610-4651-BD68-CCEA97C7AB02"=FATE Demo from Compaq (remove only)
"Eusing Free Registry Cleaner"=Eusing Free Registry Cleaner
"Excel OM 3"=Excel OM 3
"F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9"=Slingo Deluxe from Compaq (remove only)
"FA6A73EB-40AB-4B58-851D-3892B3C10EF6"=SCRABBLE from Compaq (remove only)
"FlashGet"=FlashGet 1.9.6.1073
"Free WMA to MP3 Converter_is1"=Free WMA to MP3 Converter 1.16
"GangLand"=GangLand
"GOM Player"=GOM Player
"Grand Chase"=Grand Chase
"Gunz"=ijji - Gunz
"Half-Life: Counter-Strike"=Half-Life: Counter-Strike
"HijackThis"=HijackThis 2.0.2
"HPOOVClient-5577497 Uninstaller"=Compaq Connections (remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ImgBurn"=ImgBurn
"Install WeatherBug"=Remove WeatherBug Installer
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}"=Quicken 2005
"InstallShield_{50CF3F83-A50E-44DF-BC7E-07463908E986}"=Winning Eleven 9
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}"=PC-Doctor 5 for Windows
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2005b"=Microsoft Money 2005
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST"=MSN
"Network MagicUninstall"=Network Magic
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NOD32"=NOD32 antivirus system
"Patrician 2 patch 1.1"=Patrician 2 patch 1.1
"PeerGuardian_is1"=PeerGuardian 2.0
"Poker Tracker Version 2.13.01a_is1"=Poker Tracker Version 2.13.01a
"POM-QM for Windows (Version 3)"=POM-QM for Windows (Version 3)
"Port Royale 2"=Port Royale 2
"PowerMenu"=PowerMenu 1.51
"PS2"=PS2
"Python 2.2.3"=Python 2.2.3
"pywin32-py2.2"=Python 2.2 pywin32 extensions (build 203)
"QuicktimeAlt_is1"=QuickTime Alternative 1.76
"RealPlayer 6.0"=RealPlayer
"Risk WarZone Client"=Risk WarZone Client
"SMSERIAL"=Motorola SM56 Speakerphone Modem
"Softnyx Launcher_is1"=Softnyx Launcher
"SolidStateIONIE"=Solid State ION Internet Explorer Plugin
"Starcraft"=Starcraft
"Street Wars"=Street Wars
"Texas Calculatem_is1"=Texas Calculatem 4 with "AutoRead"
"TheGuild2"=The Guild 2
"uTorrent"=µTorrent
"Viewpoint Manager"=Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer"=Viewpoint Media Player
"Vodei Multimedia Processor"=Vodei Multimedia Processor 2.10
"WarZone Client"=WarZone Client
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire"=Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com"=ijji
"Warcraft III"=Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3368703059-699689854-315450936-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji.com"=ijji
"Warcraft III"=Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/30/2008 3:10:47 PM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x0df62254.

Error - 11/30/2008 10:59:26 PM | Computer Name = DOOYONG0003 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2008 2:58:12 PM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module oylnhu.dll, version 0.0.0.0, fault address 0x00016366.

Error - 12/3/2008 5:13:48 PM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x696c6163.

Error - 12/4/2008 2:31:16 AM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x049f2254.

Error - 12/5/2008 9:53:23 PM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting
module smjuue.dll, version 0.0.0.0, fault address 0x00016366.

Error - 12/7/2008 6:23:10 PM | Computer Name = DOOYONG0003 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x0cbc2254.

Error - 12/7/2008 6:57:55 PM | Computer Name = DOOYONG0003 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 8.1.0.137, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 7:00:28 PM | Computer Name = DOOYONG0003 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 7:00:32 PM | Computer Name = DOOYONG0003 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/7/2008 12:10:53 AM | Computer Name = DOOYONG0003 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {4BD057AB-B25F-4F20-BE57-D3BF46AACC11}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 12/7/2008 12:10:55 AM | Computer Name = DOOYONG0003 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/7/2008 3:22:50 PM | Computer Name = DOOYONG0003 | Source = Service Control Manager | ID = 7000
Description = The Brother Popup Suspend service for Resource manager service failed
to start due to the following error: %%3

Error - 12/7/2008 3:22:53 PM | Computer Name = DOOYONG0003 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/7/2008 3:22:59 PM | Computer Name = DOOYONG0003 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 12/7/2008 3:23:07 PM | Computer Name = DOOYONG0003 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {4BD057AB-B25F-4F20-BE57-D3BF46AACC11}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 12/7/2008 8:24:31 PM | Computer Name = DOOYONG0003 | Source = Service Control Manager | ID = 7000
Description = The Brother Popup Suspend service for Resource manager service failed
to start due to the following error: %%3

Error - 12/7/2008 8:24:33 PM | Computer Name = DOOYONG0003 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/7/2008 8:24:39 PM | Computer Name = DOOYONG0003 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 12/7/2008 8:24:44 PM | Computer Name = DOOYONG0003 | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {4BD057AB-B25F-4F20-BE57-D3BF46AACC11}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.


< End of report >

Edited by yyoo223, 07 December 2008 - 07:46 PM.


#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:28 PM

Posted 07 December 2008 - 08:03 PM

Hello, yyoo223

"{3248F0A8-6813-11D6-A77B-00B0D0150000}"=J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7


You really need to remove these old ones or there's no point in installing the newer one because the malicious apps can just call the older ones.

Also they take up about 200 - 250 MB disk space per installation so you can save a lot of space by cleaning these out.

Your log shows that you have never used HiJack This. To ensure that backups made when items are fixed are secure, we need to get HijackThis set up properly.
  • Please download the self-extracting version of HijackThis from here: HijackThis Installer Download
  • Save HJTInstall.exe to your desktop.
  • Double-click the file then click the Install button.
    • The file will be extracted to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  • A shortcut for future use will also be created on your desktop and the Intro Frame of HijackThis will open.
    Please use the shortcut to run the extracted HijackThis.exe from now on.
In your next reply, please include the following:
  • A HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 yyoo223

yyoo223
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 07 December 2008 - 09:15 PM

Billy,

I removed all the Java that you have listed.

Here is the log you requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:47 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\userinit.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\SYSTEM32\PRISMSVR.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\sm56hlpr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n019p/EN/install/gtdownlr.cab
O16 - DPF: {25794D3C-E2F0-40B8-9C11-F38DC1908633} (Maildropfile Control) - http://activexdown.paran.com/paranactivex/...oadlauncher.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BA2D9665-D672-446F-98F4-E3E41FA12A01} (PCAObj Class) - http://www.mypccenter.com/PCA.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Risk\Images\armhelper.ocx
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O16 - DPF: {FCD61199-E187-4ADD-88E5-9AF238486D11} (CPPMediaCtrl Object) - http://www.tvzoa.com/player/forceplayer.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries Ltd. - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16584 bytes

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:28 PM

Posted 07 December 2008 - 10:06 PM

Explorer.exe still not starting?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 yyoo223

yyoo223
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 08 December 2008 - 12:06 AM

I rebooted just now and the desktop does not load. It just stops at my wall paper. I had to manually start explorer.exe.

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:28 PM

Posted 08 December 2008 - 09:49 PM

Hello, yyoo223
We need to run ComboFix

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 yyoo223

yyoo223
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 09 December 2008 - 12:02 AM

Here is my Combofix log.

ComboFix 08-12-07.04 - Compaq_Owner 2008-12-08 23:51:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.230 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-07 19:40 . 2008-12-07 19:40 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-07 19:21 . 2008-12-07 19:21 <DIR> d-------- C:\_OTMoveIt
2008-11-30 13:51 . 2008-11-30 13:51 <DIR> d-------- C:\rsit
2008-11-30 13:13 . 2008-12-07 16:46 345 --a------ c:\windows\gmer.ini
2008-11-30 02:47 . 2008-11-30 02:47 <DIR> d-------- c:\program files\Trend Micro
2008-11-30 00:26 . 2008-11-30 00:26 <DIR> d-------- c:\program files\Lavasoft
2008-11-30 00:26 . 2008-11-30 00:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-30 00:25 . 2008-11-30 00:25 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-29 23:46 . 2008-11-29 23:46 24,576 --a------ c:\windows\system32\VundoFixSVC.exe
2008-11-29 22:46 . 2008-11-29 23:46 <DIR> d-------- C:\VundoFix Backups
2008-11-29 19:27 . 2008-12-07 20:52 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-29 19:23 . 2008-12-08 14:44 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-29 19:23 . 2008-11-29 19:23 <DIR> d-------- c:\program files\AVG
2008-11-29 19:23 . 2008-11-30 02:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-29 19:23 . 2008-11-29 19:23 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-29 19:23 . 2008-11-29 19:23 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-29 16:28 . 2005-10-08 00:22 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-11-29 16:28 . 2008-11-29 19:24 <DIR> d-------- c:\documents and settings\Administrator
2008-11-29 00:41 . 2008-11-29 01:05 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-29 00:41 . 2008-11-29 01:05 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-21 22:56 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll
2008-11-21 22:21 . 2008-11-21 22:21 <DIR> d-------- c:\program files\iPod
2008-11-21 22:20 . 2008-11-21 22:21 <DIR> d-------- c:\program files\iTunes
2008-11-21 22:20 . 2008-11-21 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 22:18 . 2008-11-21 22:19 <DIR> d-------- c:\program files\QuickTime
2008-11-21 22:18 . 2008-11-21 22:18 <DIR> d-------- c:\program files\Apple Software Update
2008-11-21 22:17 . 2008-11-21 22:17 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-21 22:17 . 2008-11-21 22:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-11 22:03 . 2008-09-04 12:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll
2008-11-11 22:03 . 2008-10-24 06:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 04:58 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Skype
2008-12-08 02:05 --------- d-----w c:\program files\Java
2008-12-03 20:26 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2008-11-22 03:20 --------- d-----w c:\program files\Bonjour
2008-11-22 03:18 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-22 03:15 --------- d-----w c:\program files\FlashGet
2008-11-13 01:16 --------- d-----w c:\program files\POMQMV3
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 03:50 --------- d-----w c:\program files\PowerMenu
2008-10-18 06:22 --------- d-----w c:\program files\Cube Construct
2008-10-18 02:57 --------- d-----w c:\program files\Full Tilt Poker
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-12 20:04 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\skypePM
2008-10-12 03:20 --------- d-----w c:\program files\Skype
2008-10-12 03:20 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-12 03:19 --------- d-----w c:\program files\Common Files\Skype
2008-10-12 03:19 --------- d-----w c:\program files\Common Files\logishrd
2008-10-03 17:41 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 01:57 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-09-16 01:57 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-16 01:57 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-16 01:57 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-09-16 01:57 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-09-16 01:57 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-09-16 01:57 287,310 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2008-09-16 01:57 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\dllcache\msxml6.dll
2006-07-22 19:14 14 ----a-w c:\documents and settings\Compaq_Owner\getfile.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-20 68856]
"Google Update"="c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-08-24 949376]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 451896]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 451896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-30 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 c:\windows\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-19 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2006-07-27 921704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-22 19:08 450646 c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a------ 2005-07-12 15:35 473928 c:\program files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 17:35 3587120 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\ijji\\ENGLISH\\GUNSTER.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"17328:TCP"= 17328:TCP:BitComet 17328 TCP
"17328:UDP"= 17328:UDP:BitComet 17328 UDP
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-29 97928]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-08-24 15424]
R1 SSHDRV76;SSHDRV76;\??\c:\windows\system32\drivers\SSHDRV76.sys [2007-03-18 53760]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 231704]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.EXE [2006-07-27 61526]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-11 24652]
R3 uscbs109;uscbs109;c:\windows\system32\DRIVERS\uscbs109.sys [2005-03-21 8672]
R3 uscsc109;uscsc109;c:\windows\system32\DRIVERS\uscsc109.sys [2005-03-21 102336]
S3 BIOSCHK;BIOSCHK;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\TIIC7.tmp\disk1\BIOSCHK.SYS []
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2006-10-02 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2006-10-02 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys [2006-10-02 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2006-10-02 10368]
S3 XDva014;XDva014;\??\c:\windows\system32\XDva014.sys []
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2005-12-01 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 18:46]

2008-12-08 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 00:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll

c:\windows\system32\atl.dll - c:\windows\Downloaded Program Files\NowStarter.ocx
O16 -: {072039AB-2117-4ED5-A85F-9B9EB903E021}
hxxp://www.clubbox.co.kr/neo.fld/NowStarter.cab
c:\windows\Downloaded Program Files\NowStarter.inf

c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://c:\program files\Monopoly Here and Now\Images\stg_drm.ocx

c:\windows\Downloaded Program Files\tpwin.ocx - O16 -: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5}
hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB

c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\ImUMgr.exe
c:\windows\system32\xkcsdk_pr.dll
c:\windows\system32\SHCSDK.dll
c:\windows\system32\imftpdown.exe
c:\windows\system32\imftp.exe
c:\windows\Downloaded Program Files\maildropfile.ocx
c:\windows\Downloaded Program Files\uploadlauncher.ocx
O16 -: {25794D3C-E2F0-40B8-9C11-F38DC1908633}
hxxp://activexdown.paran.com/paranactivex/data/uploadlauncher.cab
c:\windows\Downloaded Program Files\uploadlauncher.inf

c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\PDUpdate.ocx
O16 -: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60}
hxxp://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
c:\windows\Downloaded Program Files\PDUpdate.inf

c:\windows\Downloaded Program Files\PCA.dll - O16 -: {BA2D9665-D672-446F-98F4-E3E41FA12A01}
hxxp://www.mypccenter.com/PCA.cab

c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file://c:\program files\Risk\Images\armhelper.ocx

c:\windows\Downloaded Program Files\EconPlayer.ocx - O16 -: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A}
hxxp://asp.mathxl.com/books/_Players/EconPlayer.cab

c:\windows\system32\ForceGridTV.dll - c:\windows\system32\ver.ini
c:\windows\system32\KNetClient.dll
c:\windows\system32\KTxtLog.dll
c:\windows\system32\KCharUtil.dll
c:\windows\system32\realmediaSDK.reg
c:\windows\system32\ppshell.exe
c:\windows\system32\p2pgrid.dll
c:\windows\system32\forcetv.dll
O16 -: {FCD61199-E187-4ADD-88E5-9AF238486D11}
hxxp://www.tvzoa.com/player/forceplayer.cab
c:\windows\Downloaded Program Files\forceplayer.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 23:57:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\PRISMAPI.DLL

- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\imon.dll
.
Completion time: 2008-12-08 23:59:43
ComboFix-quarantined-files.txt 2008-12-09 04:58:48
ComboFix2.txt 2008-11-29 21:58:44

Pre-Run: 32,890,871,808 bytes free
Post-Run: 33,441,656,832 bytes free

290 --- E O F --- 2008-11-12 03:26:49

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:28 PM

Posted 09 December 2008 - 05:47 PM

Hello, yyoo223
We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    driver::
    BIOSCHK
    XDva014
    XDva020
    rootkit::
    c:\windows\system32\XDva020.sys
    c:\windows\system32\XDva014.sys
    folder::
    c:\docume~1\COMPAQ~1\LOCALS~1\Temp\TIIC7.tmp
    registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 yyoo223

yyoo223
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 09 December 2008 - 08:59 PM

Here is the ComboFix and HijackThis logs.

explorer.exe still does not load automatically.

ComboFix 08-12-07.04 - Compaq_Owner 2008-12-09 20:33:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.237 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA014
-------\Legacy_XDVA020
-------\Service_BIOSCHK
-------\Service_XDva014
-------\Service_XDva020


((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-07 19:40 . 2008-12-07 19:40 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-07 19:21 . 2008-12-07 19:21 <DIR> d-------- C:\_OTMoveIt
2008-11-30 13:51 . 2008-11-30 13:51 <DIR> d-------- C:\rsit
2008-11-30 13:13 . 2008-12-07 16:46 345 --a------ c:\windows\gmer.ini
2008-11-30 02:47 . 2008-11-30 02:47 <DIR> d-------- c:\program files\Trend Micro
2008-11-30 00:26 . 2008-11-30 00:26 <DIR> d-------- c:\program files\Lavasoft
2008-11-30 00:26 . 2008-11-30 00:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-30 00:25 . 2008-11-30 00:25 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-29 23:46 . 2008-11-29 23:46 24,576 --a------ c:\windows\system32\VundoFixSVC.exe
2008-11-29 22:46 . 2008-11-29 23:46 <DIR> d-------- C:\VundoFix Backups
2008-11-29 19:27 . 2008-12-07 20:52 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-29 19:23 . 2008-12-09 20:29 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-29 19:23 . 2008-11-29 19:23 <DIR> d-------- c:\program files\AVG
2008-11-29 19:23 . 2008-11-30 02:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-29 19:23 . 2008-11-29 19:23 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-29 19:23 . 2008-11-29 19:23 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-29 16:28 . 2005-10-08 00:22 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-11-29 16:28 . 2008-11-29 19:24 <DIR> d-------- c:\documents and settings\Administrator
2008-11-29 00:41 . 2008-11-29 01:05 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-29 00:41 . 2008-11-29 01:05 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-21 22:56 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll
2008-11-21 22:21 . 2008-11-21 22:21 <DIR> d-------- c:\program files\iPod
2008-11-21 22:20 . 2008-11-21 22:21 <DIR> d-------- c:\program files\iTunes
2008-11-21 22:20 . 2008-11-21 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 22:18 . 2008-11-21 22:19 <DIR> d-------- c:\program files\QuickTime
2008-11-21 22:18 . 2008-11-21 22:18 <DIR> d-------- c:\program files\Apple Software Update
2008-11-21 22:17 . 2008-11-21 22:17 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-21 22:17 . 2008-11-21 22:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-11 22:03 . 2008-09-04 12:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll
2008-11-11 22:03 . 2008-10-24 06:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 04:58 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Skype
2008-12-08 02:05 --------- d-----w c:\program files\Java
2008-12-03 20:26 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2008-11-22 03:20 --------- d-----w c:\program files\Bonjour
2008-11-22 03:18 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-22 03:15 --------- d-----w c:\program files\FlashGet
2008-11-13 01:16 --------- d-----w c:\program files\POMQMV3
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 03:50 --------- d-----w c:\program files\PowerMenu
2008-10-18 06:22 --------- d-----w c:\program files\Cube Construct
2008-10-18 02:57 --------- d-----w c:\program files\Full Tilt Poker
2008-10-12 20:04 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\skypePM
2008-10-12 03:20 --------- d-----w c:\program files\Skype
2008-10-12 03:20 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-12 03:19 --------- d-----w c:\program files\Common Files\Skype
2008-10-12 03:19 --------- d-----w c:\program files\Common Files\logishrd
2006-07-22 19:14 14 ----a-w c:\documents and settings\Compaq_Owner\getfile.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-08_23.58.18.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-10 01:41:15 16,384 ----atw c:\windows\temp\Perflib_Perfdata_520.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-20 68856]
"Google Update"="c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-08-24 949376]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-08 451896]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-01-18 451896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-30 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 c:\windows\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-19 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2006-07-27 921704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-22 19:08 450646 c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a------ 2005-07-12 15:35 473928 c:\program files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 17:35 3587120 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\ijji\\ENGLISH\\GUNSTER.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"17328:TCP"= 17328:TCP:BitComet 17328 TCP
"17328:UDP"= 17328:UDP:BitComet 17328 UDP
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-29 97928]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-08-24 15424]
R1 SSHDRV76;SSHDRV76;\??\c:\windows\system32\drivers\SSHDRV76.sys [2007-03-18 53760]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-29 231704]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.EXE [2006-07-27 61526]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-11 24652]
R3 uscbs109;uscbs109;c:\windows\system32\DRIVERS\uscbs109.sys [2005-03-21 8672]
R3 uscsc109;uscsc109;c:\windows\system32\DRIVERS\uscsc109.sys [2005-03-21 102336]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2006-10-02 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2006-10-02 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys [2006-10-02 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2006-10-02 10368]
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2005-12-01 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 18:46]

2008-12-10 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 00:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll

c:\windows\system32\atl.dll - c:\windows\Downloaded Program Files\NowStarter.ocx
O16 -: {072039AB-2117-4ED5-A85F-9B9EB903E021}
hxxp://www.clubbox.co.kr/neo.fld/NowStarter.cab
c:\windows\Downloaded Program Files\NowStarter.inf

c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://c:\program files\Monopoly Here and Now\Images\stg_drm.ocx

c:\windows\Downloaded Program Files\tpwin.ocx - O16 -: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5}
hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB

c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\ImUMgr.exe
c:\windows\system32\xkcsdk_pr.dll
c:\windows\system32\SHCSDK.dll
c:\windows\system32\imftpdown.exe
c:\windows\system32\imftp.exe
c:\windows\Downloaded Program Files\maildropfile.ocx
c:\windows\Downloaded Program Files\uploadlauncher.ocx
O16 -: {25794D3C-E2F0-40B8-9C11-F38DC1908633}
hxxp://activexdown.paran.com/paranactivex/data/uploadlauncher.cab
c:\windows\Downloaded Program Files\uploadlauncher.inf

c:\windows\system32\mfc42.dll - c:\windows\system32\msvcrt.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\PDUpdate.ocx
O16 -: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60}
hxxp://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
c:\windows\Downloaded Program Files\PDUpdate.inf

c:\windows\Downloaded Program Files\PCA.dll - O16 -: {BA2D9665-D672-446F-98F4-E3E41FA12A01}
hxxp://www.mypccenter.com/PCA.cab

c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file://c:\program files\Risk\Images\armhelper.ocx

c:\windows\Downloaded Program Files\EconPlayer.ocx - O16 -: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A}
hxxp://asp.mathxl.com/books/_Players/EconPlayer.cab

c:\windows\system32\ForceGridTV.dll - c:\windows\system32\ver.ini
c:\windows\system32\KNetClient.dll
c:\windows\system32\KTxtLog.dll
c:\windows\system32\KCharUtil.dll
c:\windows\system32\realmediaSDK.reg
c:\windows\system32\ppshell.exe
c:\windows\system32\p2pgrid.dll
c:\windows\system32\forcetv.dll
O16 -: {FCD61199-E187-4ADD-88E5-9AF238486D11}
hxxp://www.tvzoa.com/player/forceplayer.cab
c:\windows\Downloaded Program Files\forceplayer.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 20:51:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\PRISMAPI.DLL

- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\userinit.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\PRISMSVR.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2008-12-09 20:57:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 01:57:21
ComboFix2.txt 2008-12-09 04:59:45
ComboFix3.txt 2008-11-29 21:58:44

Pre-Run: 33,420,890,112 bytes free
Post-Run: 33,409,056,768 bytes free

290 --- E O F --- 2008-11-12 03:26:49


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:45 PM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\sm56hlpr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly Here and Now\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n019p/EN/install/gtdownlr.cab
O16 - DPF: {25794D3C-E2F0-40B8-9C11-F38DC1908633} (Maildropfile Control) - http://activexdown.paran.com/paranactivex/...oadlauncher.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BA2D9665-D672-446F-98F4-E3E41FA12A01} (PCAObj Class) - http://www.mypccenter.com/PCA.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Risk\Images\armhelper.ocx
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O16 - DPF: {FCD61199-E187-4ADD-88E5-9AF238486D11} (CPPMediaCtrl Object) - http://www.tvzoa.com/player/forceplayer.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries Ltd. - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16553 bytes

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:28 PM

Posted 09 December 2008 - 09:40 PM

Hello, yyoo223
Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 yyoo223

yyoo223
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 09 December 2008 - 11:46 PM

Here is the ESET log.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3679 (20081209)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=0dc0b748a63baa4e83927da0dfc6b1c9
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-10 04:43:52
# local_time=2008-12-09 11:43:52 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=544343
# found=0
# scan_time=5203
# nod_component=NOD32MOD_WINNT_ENGLISH_BASE Build:0x11081627 (NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base)
# nod_component=NOD32MOD_WINNT_ENGLISH_INET Build:0x11081627 (NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support)
# nod_component=NOD32MOD_WINNT_ENGLISH_STANDARD Build:0x11081627 (NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component)

Edited by yyoo223, 09 December 2008 - 11:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users