Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with RootKit and others


  • This topic is locked This topic is locked
20 replies to this topic

#1 jnewell

jnewell

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colchester UK
  • Local time:04:39 PM

Posted 01 December 2008 - 07:45 AM

Hi there... My computer is slow to close down. After selecting Turn of Computer from Start Menu it takes about 5 minutes for the switch off options to come up. After selecting Restart or TurnOff it takes another 5 minutes or longer to do it, and sometimes doesn't do it at all. Then I need to power off. On turn on this doesn't result in a Windows detected ..... etc and a disk scan. The machine also doesn't always display all the icons in the notification area> (bottom RHS of screen) although the processes are running.

I use Avast! and in the normal way this showed no problems. I did an Avast! scan and this showed that there are Rootkit hidden files, and although it went through the motions of repairing, it didn't actually happen.

I have run a Kaspersky scan on critical areas. This came up clear. Then repeated on My Computer and came up with some problems... log attached, but no mention of RootKit.

Another symptom, maybe related or not, I get the sound of a door slamming every now and then, not predictably, and also the sound of a group of children laughing.

I don't know what rootkit is but from reading the forum it seems to be attempts to remotely control my computer?

Logs follow:
Kapersky

KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 30, 2008 18:54:31
Records in database: 1428663


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 59370
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 00:44:49

File name Threat name Threats count
C:\Documents and Settings\John Newell.LAPTOP\Desktop\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2

The selected area was scanned.


RSIT info.txt
info.txt logfile of random's system information tool 1.04 2008-12-01 12:09:29

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.0\DeIsL1.isu" -c"C:\Program Files\PhotoDeluxe HE 3.0\Uninst.dll"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
ArcSoft TotalMedia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F27EFBE2-7B33-4084-8328-00FE19AC4901}\Setup.exe" -l0x9
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BBC iPlayer Download Manager-->MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Belkin Wireless G Plus MIMO Notebook Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\F5D9010\Setup.exe" -l0x9
DP Editor Ver.1.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DP Editor\Uninst.isu"
ErrorFix-->MsiExec.exe /X{F632E23B-7E1B-42C9-9262-FC5D3CA4D4D0}
Exif Launcher Ver.1.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Exif Launcher\Uninst.isu"
Exif Viewer Ver.1.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Exif Viewer\Uninst.isu"
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
Golden Records-->C:\Program Files\NCH Swift Sound\Golden\uninst.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 3820 series-->rundll32 hpzcon05.dll,VendorJettison hp deskjet 3820 series
HP Driver Diagnostics-->MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexmark 730 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcfUNST.EXE -NOLICENSE
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft AutoRoute Express Europe 2000-->C:\Program Files\Common Files\Microsoft Shared\Geography\Setup\acmsetup.exe /T SEU70809.stf
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Home Publishing 2000-->MsiExec.exe /I{F128BA10-362E-11D3-81AB-00C04FB932BA}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Picture It! Express 2000-->MsiExec.exe /I{A586D09E-1D2C-11D3-9A6B-00105A98B681}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2000-->MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2000 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe D:\
Microsoft Works 2000-->MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Network Device Switch 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{364F2A4B-C161-4E2C-8627-1440BC2E8030}\Setup.exe"
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvts.inf
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PowerQuest BootMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B838AD63-FD0C-482C-B124-7116748BAC45}
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SoundTap-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -uninst
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe"
Toshiba Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Manuals-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}\Setup.exe" -l0x9
TOSHIBA Manuals-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25DB99F1-4681-4391-931F-6F144E8B5F18}\Setup.exe" -l0x9
TOSHIBA Power Saver-->TPWRDEL.EXE
Toshiba screensaver-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Toshiba\Toshiba screensaver\DeIsL1.isu" -c"C:\Program Files\Toshiba\Toshiba screensaver\_ISREG32.DLL"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA TouchPad On/Off Utility V2.04.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities-->tutildel.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Tools 4.1-->C:\Program Files\Windows Media Components\Tools\_insttoo.exe /U
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\Setup.exe"
Word in Works Suite add-in-->MsiExec.exe /I{C5DD42DC-5402-11D3-8072-00C04FA329AA}
Yahoo! Toolbar-->C:\PROGRA~1\YAHOO!\COMMON\unyt.exe
YAMAHA AC-XG WDM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3663DDE0-D8AE-11D3-9850-00C04F7AC096}\setup.exe" maintenance

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081128-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

RSIT log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by John Newell at 2008-12-01 12:09:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (21%) free of 20 GB
Total RAM: 511 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:25, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOWNLOAD\New Downloads\RSIT.exe
C:\Program Files\trend micro\John Newell.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [F5D9010] C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142551070011
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226711658519
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: printpnp - printpnp.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\System32\lxcfcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8960 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\System Restore.job
C:\WINDOWS\tasks\ErrorFix Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-29 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-11-30 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-12-20 1086816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-09-29 440384]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-12-20 1086816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-17 4866048]
"nwiz"=nwiz.exe /installquiet /nodetect /keeploaded []
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2002-05-13 245760]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"Tpwrtray"=C:\WINDOWS\system32\TPWRTRAY.EXE [2002-03-19 217088]
"TFncKy"=TFncKy.exe /Type 20 []
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-01-22 49152]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2001-08-03 73728]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2002-07-16 126976]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2002-08-09 122880]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-30 185896]
"F5D9010"=C:\Program Files\Belkin\F5D9010\Belkinwcui.exe [2006-07-20 1617920]
"HostManager"=C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe [2006-11-14 50736]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"LXCFCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-28 188416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NVIEW"=C:\WINDOWS\system32\nview.dll [2003-10-17 852039]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Exif Launcher.lnk - C:\Program Files\Exif Launcher\QuickDCF.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk - C:\WINDOWS\Installer\{F128BA10-362E-11D3-81AB-00C04FB932BA}\4EBD23F5.exe
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="WIKI.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\printpnp]
printpnp.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PRISMAPI.DLL]
PRISMAPI.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:explorer"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:explorer"
"C:\WINDOWS\System32\lxcfcoms.exe"="C:\WINDOWS\System32\lxcfcoms.exe:*:Enabled:730 Series"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe"="C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler"
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe"="C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Services"
"C:\Program Files\AOL 9.0 VR\waol.exe"="C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Common Files\AOL\1201812326\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1201812326\EE\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2008-12-01 12:09:03 ----D---- C:\Program Files\trend micro
2008-12-01 12:09:01 ----D---- C:\rsit
2008-11-30 14:38:00 ----D---- C:\WINDOWS\ERUNT
2008-11-30 14:34:23 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-30 14:14:25 ----D---- C:\SDFix
2008-11-27 10:41:34 ----D---- C:\PERSONAL
2008-11-25 17:46:58 ----D---- C:\Documents and Settings\John Newell.LAPTOP\Application Data\ErrorFix
2008-11-25 17:46:38 ----D---- C:\Program Files\ErrorFix
2008-11-22 21:17:53 ----D---- C:\Program Files\Sun
2008-11-22 21:17:37 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-22 21:17:37 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-22 21:17:37 ----A---- C:\WINDOWS\system32\java.exe
2008-11-13 21:41:48 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-13 21:41:28 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 15:57:55 ----D---- C:\WINDOWS\Prefetch
2008-11-13 01:15:08 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 01:14:54 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 01:14:42 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-13 01:14:27 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-13 01:14:14 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-13 01:13:55 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-13 01:13:42 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-13 01:13:31 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-13 01:13:16 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-13 01:13:04 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-13 01:12:52 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-13 01:12:37 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-13 01:12:24 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-13 01:12:09 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-13 01:11:57 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-13 01:11:45 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-13 01:11:30 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-13 01:11:16 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-13 01:02:50 ----D---- C:\WINDOWS\system32\scripting
2008-11-13 01:02:47 ----D---- C:\WINDOWS\l2schemas
2008-11-13 01:02:46 ----D---- C:\Program Files\msn
2008-11-13 01:02:45 ----D---- C:\WINDOWS\system32\en
2008-11-13 01:02:44 ----D---- C:\WINDOWS\system32\bits
2008-11-12 22:11:02 ----HD---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-12 22:10:32 ----HD---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-04 01:00:32 ----HD---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-11-04 01:00:11 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-04 00:59:49 ----HD---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-11-04 00:58:33 ----HD---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-11-04 00:57:54 ----HD---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-11-04 00:55:37 ----HD---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-03 18:47:43 ----HD---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-03 17:15:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-03 17:15:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-03 17:15:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-03 17:15:19 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-03 17:15:16 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-03 17:15:15 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-03 17:15:15 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-03 17:15:12 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-03 17:15:12 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-03 17:15:10 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-03 17:15:10 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-03 17:15:09 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-03 17:15:08 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-03 17:15:08 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-03 17:15:03 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-03 17:15:02 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-03 17:15:02 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-03 17:15:00 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-03 17:14:57 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-03 17:14:57 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-03 17:14:57 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-03 17:14:56 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-03 17:14:55 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-03 17:14:54 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-03 17:14:52 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-03 17:14:52 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-03 17:14:49 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-03 17:14:49 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-03 17:14:49 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-03 17:14:47 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-03 17:14:46 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-03 17:14:46 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-03 17:14:45 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-03 17:14:45 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-03 17:14:44 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-03 17:14:42 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-03 17:14:41 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-03 17:14:41 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-03 17:14:34 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-03 17:14:30 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-03 17:14:23 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-03 17:14:23 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-03 17:14:23 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-03 17:14:23 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-03 17:14:22 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-03 17:13:31 ----A---- C:\WINDOWS\005740_.tmp
2008-09-12 17:26:14 ----HD---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-12 17:25:39 ----HD---- C:\WINDOWS\$NtUninstallKB954154_WM11$

======List of files/folders modified in the last 3 months======

2008-11-30 18:17:20 ----A---- C:\WINDOWS\win.ini
2008-11-30 15:52:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-30 14:16:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-26 17:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-13 21:41:44 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 16:00:14 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-13 15:59:12 ----A---- C:\WINDOWS\setuplog.txt
2008-11-04 00:10:26 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-12 17:16:38 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem AMR.txt
2008-10-03 17:41:16 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-10 01:14:56 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-09-04 17:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-01-01 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-18 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-18 55936]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDCNDIS5.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2002-05-17 63501]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\Belkin\F5D9010\GTNDIS5.SYS []
R3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-01-26 26112]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-17 1371740]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RT61;Belkin Wireless G Plus MIMO ; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-08-26 352768]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 StreamSurge;StreamSurge Driver (miniport); C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-18 19968]
R3 TOSHIBASoftModem;TOSHIBA Software Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-09-26 799816]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2002-04-04 23392]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device; C:\WINDOWS\system32\drivers\yacxgc.sys [2002-07-24 202880]
S1 epsonsys;EPS Printer driver; C:\WINDOWS\system32\drivers\epsonsys.sys []
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.5.8.0; C:\WINDOWS\System32\Drivers\BDA_Loader_225.sys [2006-05-08 18944]
S3 catchme;catchme; C:\WINDOWS\system32\drivers\catchme.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-11-16 119808]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2002-01-07 15111]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\WINDOWS\system32\drivers\RTL8187B.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAIRDA;VIA Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\viairda.sys [2001-08-17 24576]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-02-27 3072184]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-10-17 77824]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 lxcf_device;lxcf_device; C:\WINDOWS\System32\lxcfcoms.exe [2005-04-15 491520]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:39 PM

Posted 14 December 2008 - 06:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 jnewell

jnewell
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colchester UK
  • Local time:04:39 PM

Posted 20 December 2008 - 03:51 PM

Hi OrangeBlossom. Thanks for your response. The DDS.TXT file is posted (hopefully) and the
ATTACH.TXT is also hopefully attached. The very slow closedown problem seems to have gone
away for no apparent reason, but I still get rootkit warnings when I use Avast! virus scan. Also still get
the sound of children laughing and a door slamming. Now that the slow close down problem has
disappeared the machine seems to be working without problem, but the rootkit thing worries me.
DDS.TXT below:

DDS (Version 1.1.0) - FAT32x86
Run by John Newell at 20:07:56.67 on 20/12/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.246 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOWNLOAD\New Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
uURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
dURLSearchHooks: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
mRun: [IMJPMIG8.1] c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Tpwrtray] TPWRTRAY.EXE
mRun: [TFncKy] TFncKy.exe /Type 20
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [TFNF5] TFNF5.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [F5D9010] c:\program files\belkin\f5d9010\Belkinwcui.exe
mRun: [HostManager] c:\program files\common files\aol\1201812326\ee\AOLSoftware.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,_RunDLLEntry@16
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\exif launcher\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft

office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{f128ba10-362e-11d3-81ab-

00c04fb932ba}\4EBD23F5.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tmmoni~1.lnk - c:\program

files\arcsoft\totalmedia\TMMonitor.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-gb\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0

\aoltb.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: printpnp - printpnp.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
AppInit_DLLs: WIKI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johnne~1.lap\applic~1\mozilla\firefox\profiles\k2t633vp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.co.uk/
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-3-30 111184]
R2 aawservice;Ad-Aware 2007 Service;"c:\program files\lavasoft\ad-aware 2007\aawservice.exe" [2008-3-19 607576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-30 20560]
R2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashServ.exe" [2006-3-17 155160]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDCNDIS5.sys [2007-11-30 19072]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2008-1-1 19968]
S1 epsonsys;EPS Printer driver; []
S3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashMaiSv.exe" /service [2006-3-17 254040]
S3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashWebSv.exe" /service [2006-3-17 352920]
S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.5.8.0;c:\windows\system32\drivers\BDA_Loader_225.sys [2007-1-21

18944]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; []

=============== Created Last 30 ================

2008-12-20 17:14 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-01 12:09 <DIR> --d----- c:\program files\trend micro
2008-11-30 14:39 578,560 a------- c:\windows\system32\dllcache\user32.dll
2008-11-30 14:38 <DIR> --d----- c:\windows\ERUNT
2008-11-30 14:37 1,688 a------- c:\windows\system32\AUTOEXEC.NT
2008-11-30 14:14 <DIR> --d----- C:\SDFix
2008-11-27 10:41 <DIR> --d----- C:\PERSONAL
2008-11-25 17:46 <DIR> --d----- c:\docume~1\johnne~1.lap\applic~1\ErrorFix
2008-11-25 17:46 <DIR> --d----- c:\program files\ErrorFix
2008-11-22 21:17 <DIR> --d----- c:\program files\Sun

==================== Find3M ====================

2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-13 01:08 77,155 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-24 11:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll

============= FINISH: 20:08:35.75 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 PM

Posted 22 December 2008 - 10:43 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log instead.

Once again, I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.

but I still get rootkit warnings when I use Avast! virus scan. Also still get
the sound of children laughing and a door slamming. Now that the slow close down problem has
disappeared the machine seems to be working without problem, but the rootkit thing worries me.

Can you show me the AVAST! scan log or give me a screenshot so I know what it's flagging.

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Since you say you have a rootkit let's do a rootkit scan to make sure in addition to what your AVAST! says.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..


In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER log
  • Avast! screenshot/log

I'll analyze the logs once you reply back. It's passed my bedtime here..

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 jnewell

jnewell
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colchester UK
  • Local time:04:39 PM

Posted 24 December 2008 - 09:55 AM

Hello ExtremeBoy,

I've made two\postings using the link in you reply but they don't seem to have appeared in this
file. Therefore I am reposting the log files requested. The avast! won't let me get past the point
where it says I have a virus in operating memory. The subsequent and unavoidable boot time
scan is appended.
Files follow:

OTViewIt logfile created on: 23/12/2008 16:18:34 - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\John Newell.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.36 Mb Total Physical Memory | 244.20 Mb Available Physical Memory | 47.76% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 69.15% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 3.68 Gb Free Space | 18.85% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 7.42 Gb Total Space | 7.35 Gb Free Space | 99.07% Space Free | Partition Type: FAT32
Drive F: | 951.62 Mb Total Space | 639.54 Mb Free Space | 67.21% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: John Newell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2008/11/26 17:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/11/26 17:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
[2008/12/20 17:13:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
[2003/10/17 16:02:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/11/26 17:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/11/26 17:16:24 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2002/05/13 09:12:46 | 00,245,760 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\System32\00THotkey.exe
[2002/03/19 20:38:26 | 00,217,088 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE
[2002/04/25 10:09:18 | 00,147,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
[2002/01/22 18:20:50 | 00,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
[2001/08/03 18:08:28 | 00,073,728 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\system32\TFNF5.exe
[2002/07/16 01:41:56 | 00,126,976 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
[2002/08/09 12:06:52 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
[2008/11/26 17:18:52 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[2007/11/30 14:48:52 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2006/07/20 06:55:42 | 01,617,920 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
[2006/11/14 14:01:22 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe
[2008/12/20 17:13:52 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2002/03/28 08:53:58 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
[2008/05/06 09:42:14 | 00,202,088 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
[2008/04/14 00:12:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2000/01/24 18:54:36 | 00,029,696 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\Exif Launcher\QuickDCF.exe
[2001/07/13 20:44:24 | 00,032,768 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
[1999/09/05 06:23:00 | 00,053,317 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2006/02/17 11:30:22 | 00,147,456 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
[2006/11/10 12:11:58 | 00,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe
[2007/01/22 11:05:26 | 00,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\shellmon.exe
[2006/10/13 23:18:26 | 00,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
[2008/12/23 16:17:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/26 17:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/11/26 17:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/11/26 17:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/11/26 17:16:24 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/12/20 17:13:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
[2005/04/15 21:15:30 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/10/17 16:02:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/11/26 17:15:36 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
[2008/01/01 15:50:10 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
[2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
[2002/05/17 05:56:02 | 00,063,501 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2008/11/26 17:17:26 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/11/26 17:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/11/26 17:16:30 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/11/26 17:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/11/26 17:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2006/05/08 08:56:50 | 00,018,944 | ---- | M] (WideView Technology Inc.) -- C:\WINDOWS\System32\Drivers\BDA_Loader_225.sys -- (BDA_Loader_225 [On_Demand | Stopped])
[2001/11/16 15:07:30 | 00,119,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
[2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Stopped])
[2008/01/26 18:17:52 | 00,026,112 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Running])
[2003/10/17 16:02:00 | 01,371,740 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
[2008/04/13 18:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2001/08/18 14:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2001/08/18 14:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2002/01/07 19:16:40 | 00,015,111 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys -- (pciSd [On_Demand | Stopped])
[2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
[2001/08/18 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/08/26 23:39:08 | 00,352,768 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Running])
[2007/11/13 10:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/09/11 12:54:32 | 00,038,425 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Running])
[2005/06/18 02:48:46 | 00,019,968 | ---- | M] (WikiTek Inc.) -- C:\WINDOWS\system32\DRIVERS\ss.sys -- (StreamSurge [On_Demand | Running])
[2001/09/26 19:34:32 | 00,799,816 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\LTSM.sys -- (TOSHIBASoftModem [On_Demand | Running])
[2002/04/04 19:12:48 | 00,023,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys -- (tsdhd [On_Demand | Running])
[2001/08/17 14:23:58 | 00,005,264 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD [Boot | Running])
[2001/09/13 19:53:02 | 00,005,936 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG [Boot | Running])
[2006/05/18 22:31:32 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2001/08/17 13:49:04 | 00,024,576 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viairda.sys -- (VIAIRDA [On_Demand | Stopped])
[2003/01/10 21:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2002/07/24 16:42:34 | 00,202,880 | ---- | M] (YAMAHA CORPORATION) -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97 [On_Demand | Running])
[2006/10/12 15:00:22 | 00,019,072 | ---- | M] (ZDC., Inc. (ZDC)) -- C:\WINDOWS\system32\ZDCNDIS5.sys -- (ZDCNDIS5 [Auto | Running])
[2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\PROGRA~1\Belkin\F5D9010\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://search.aol.co.uk/web?isinit=true&query=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://search.aol.co.uk/web?isinit=true&query=%s

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"000StTHK"=000StTHK.exe ()
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe (TOSHIBA Corp.)
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"F5D9010"=C:\Program Files\Belkin\F5D9010\Belkinwcui.exe (Belkin)
"HostManager"=C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe (America Online, Inc.)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"LXCFCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 ()
"MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet /nodetect /keeploaded (NVIDIA Corporation)
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TFncKy"=TFncKy.exe /Type 20 File not found
"TFNF5"=TFNF5.exe (Toshiba Corp.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" (TOSHIBA CORPORATION)
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
"Tpwrtray"=TPWRTRAY.EXE (TOSHIBA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook (NVIDIA Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook (NVIDIA Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

========== (O4) Startup Folders ==========

[2000/01/24 18:54:36 | 00,029,696 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
[1999/09/05 06:23:00 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
[2005/04/27 19:35:34 | 00,029,184 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\WINDOWS\Installer\{F128BA10-362E-11D3-81AB-00C04FB932BA}\4EBD23F5.exe
[2006/02/17 11:30:22 | 00,147,456 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html [2007/12/20 18:34:46 | 00,000,824 | ---- | M] ()

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html [2007/12/20 18:34:46 | 00,000,824 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{3369AF0D-62E9-4bda-8103-B4C75499B578}: Button: AOL Toolbar -- %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [2001/08/01 17:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{54BE6B6F-3056-470B-97E1-BB92E051B6C4}: http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab -- DeviceEnum Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/microsoftupdat...b?1142551070011 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1226711658519 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab -- Reg Error: Value does not exist or could not be read.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{E8F628B5-259A-4734-97EE-BA914D7BE941}: http://driveragent.com/files/driveragent.cab -- Driver Agent ActiveX Control
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{55DCA314-D665-409C-A3CE-7DC93E2230A1} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{8CF3B6F8-45F4-4ACD-AF1B-161213A012FD} (Servers: | Description: Belkin Wireless G Plus MIMO Notebook Card)
{95880288-7037-4723-9CEA-7DB0C62E850C} (Servers: | Description: 1394 Net Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=WIKI.DLL
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
printpnp: "DllName" = printpnp.dll -- File not found
PRISMAPI.DLL: "DllName" = PRISMAPI.DLL -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTORUN.INF [[autorun] | OPEN=setupSNK.exe | ICON=\SMRTNTKY\fcw.ico | ACTION=Wireless Network Setup Wizard | ]
[2008/12/21 20:37:34 | 00,000,090 | ---- | M] () -- F:\AUTORUN.INF -- [ FAT32 ]

========== Files/Folders - Created Within 60 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/23 16:17:13 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe
[2008/12/20 20:17:16 | 00,003,186 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\JNewell.zip
[2008/12/08 17:54:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Tools
[2008/12/01 12:52:48 | 00,000,368 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RunThis.bat.lnk
[2008/12/01 12:09:03 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/01 12:09:01 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/01 12:07:49 | 00,000,486 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RSIT.exe.lnk
[2008/11/30 18:11:17 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2008/11/30 14:39:54 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/30 14:38:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/30 14:37:59 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/11/30 14:14:25 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/30 14:12:14 | 00,000,491 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to SDFix.exe.lnk
[2008/11/27 10:41:34 | 00,000,000 | ---D | C] -- C:\PERSONAL
[2008/11/25 17:46:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Newell.LAPTOP\Application Data\ErrorFix
[2008/11/25 17:46:46 | 00,002,201 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2008/11/25 17:46:38 | 00,000,000 | ---D | C] -- C:\Program Files\ErrorFix
[2008/11/23 18:26:53 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Default.rdp
[2008/11/22 21:17:53 | 00,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/22 21:17:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/11/21 23:40:21 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100197.doc
[2008/11/20 22:24:29 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\GPL Stations.doc
[2008/11/19 00:12:06 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Renters.doc
[2008/11/18 22:41:12 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 081006.doc
[2008/11/13 20:54:22 | 00,061,952 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070606.doc
[2008/11/13 20:35:42 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060606.doc
[2008/11/13 20:14:20 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 010206.doc
[2008/11/13 17:44:08 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 110106.doc
[2008/11/13 15:57:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/11/13 01:02:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/11/13 01:02:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/11/13 01:02:46 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2008/11/13 01:02:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/11/13 01:02:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/11/12 21:44:51 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100106.doc
[2008/11/12 21:22:40 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 061005.doc
[2008/11/12 15:21:24 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/09 19:16:28 | 00,057,344 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080605.doc
[2008/11/09 18:44:16 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070605.doc
[2008/11/08 23:14:42 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 160305.doc
[2008/11/07 22:35:32 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070105.doc
[2008/11/07 22:02:56 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060105.doc
[2008/11/07 21:37:47 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 101104.doc
[2008/11/04 18:39:40 | 00,071,680 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 090604.doc
[2008/11/04 18:10:47 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 080604.doc
[2008/11/04 17:46:27 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 170304.doc
[2008/11/03 19:54:28 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/11/03 19:53:47 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/11/03 19:52:37 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/11/03 19:52:36 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/11/03 19:52:35 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/11/03 19:52:34 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/11/03 19:49:50 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/11/03 17:33:02 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080104.doc
[2008/11/03 17:15:36 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/11/03 17:15:28 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/11/03 17:15:25 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/11/03 17:15:23 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/11/03 17:15:19 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/11/03 17:15:16 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/11/03 17:15:15 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/11/03 17:15:15 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/11/03 17:15:12 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/11/03 17:15:12 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/11/03 17:15:10 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/11/03 17:15:10 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/11/03 17:15:09 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/11/03 17:15:08 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/11/03 17:15:08 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/11/03 17:15:03 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/11/03 17:15:02 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/11/03 17:15:02 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/11/03 17:15:00 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/11/03 17:14:57 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/11/03 17:14:57 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/11/03 17:14:57 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/11/03 17:14:56 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/11/03 17:14:55 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/11/03 17:14:54 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/11/03 17:14:52 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/11/03 17:14:52 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/11/03 17:14:49 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/11/03 17:14:49 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/11/03 17:14:49 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/11/03 17:14:47 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/11/03 17:14:46 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/11/03 17:14:46 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/11/03 17:14:45 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/11/03 17:14:45 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/11/03 17:14:44 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/11/03 17:14:44 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/11/03 17:14:42 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/11/03 17:14:41 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/11/03 17:14:41 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/11/03 17:14:34 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/11/03 17:14:32 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/11/03 17:14:30 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/11/03 17:14:23 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/11/03 17:14:23 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/11/03 17:14:23 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/11/03 17:14:23 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/11/03 17:14:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/11/03 17:13:18 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/11/03 16:58:34 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070104.doc
[2008/11/03 16:11:21 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 181003.doc
[2008/10/29 16:12:45 | 00,066,048 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 040603.doc
[2008/10/29 15:32:51 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 030603.doc
[2008/10/29 14:22:19 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 090203.doc
[2008/10/28 16:12:32 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\General Notes Paz.doc
[2008/10/27 17:51:18 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080103.doc
[2008/10/27 17:49:33 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070103.doc
[2008/10/27 16:48:06 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070103.doc
[2008/10/25 23:30:09 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 201102.doc

========== Files - Modified Within 60 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/23 16:17:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe
[2008/12/23 16:16:52 | 00,529,640 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/23 16:16:52 | 00,446,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/23 16:16:52 | 00,073,816 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/23 16:14:56 | 00,000,702 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/23 16:13:38 | 00,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2008/12/23 16:13:22 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/23 16:12:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/23 16:12:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/22 20:09:26 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/20 20:21:48 | 00,003,186 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\JNewell.zip
[2008/12/20 19:29:02 | 00,000,300 | ---- | M] () -- C:\WINDOWS\tasks\System Restore.job
[2008/12/20 17:27:16 | 00,005,358 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\simon1.wks
[2008/12/20 14:11:18 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 23:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/01 12:52:50 | 00,000,368 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RunThis.bat.lnk
[2008/12/01 12:07:50 | 00,000,486 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RSIT.exe.lnk
[2008/12/01 12:00:10 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2008/11/30 18:11:14 | 00,002,201 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2008/11/30 14:39:56 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/30 14:12:16 | 00,000,491 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to SDFix.exe.lnk
[2008/11/26 21:51:34 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070104.doc
[2008/11/26 21:23:12 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 230802.doc
[2008/11/26 17:21:30 | 01,236,208 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2008/11/26 17:18:26 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2008/11/26 17:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2008/11/26 17:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2008/11/26 17:17:26 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2008/11/26 17:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2008/11/26 17:16:30 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2008/11/26 17:15:36 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2008/11/26 17:15:10 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AVASTSS.scr
[2008/11/23 18:26:54 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Default.rdp
[2008/11/22 22:32:32 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100197.doc
[2008/11/22 21:17:54 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/21 23:34:46 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\GPL Stations.doc
[2008/11/20 22:00:16 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\General Notes Paz.doc
[2008/11/20 18:54:08 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Renters.doc
[2008/11/20 00:15:52 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes.doc
[2008/11/18 22:58:28 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 081006.doc
[2008/11/17 23:49:38 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070606.doc
[2008/11/15 16:57:12 | 00,428,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/15 00:56:04 | 00,001,615 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Command Prompt (2).lnk
[2008/11/13 21:13:20 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060606.doc
[2008/11/13 20:34:30 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 010206.doc
[2008/11/13 20:12:32 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 110106.doc
[2008/11/13 00:53:28 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/11/12 22:00:44 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100106.doc
[2008/11/12 21:43:36 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 061005.doc
[2008/11/12 21:21:32 | 00,057,344 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080605.doc
[2008/11/09 19:15:12 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070605.doc
[2008/11/08 23:17:06 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 160305.doc
[2008/11/08 23:08:00 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070105.doc
[2008/11/07 22:34:40 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060105.doc
[2008/11/07 22:01:50 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 101104.doc
[2008/11/07 21:36:22 | 00,071,680 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 090604.doc
[2008/11/04 18:37:56 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 080604.doc
[2008/11/04 18:09:40 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 170304.doc
[2008/11/03 23:37:22 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080104.doc
[2008/11/03 16:54:50 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 181003.doc
[2008/11/03 16:09:22 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 040603.doc
[2008/10/29 16:10:04 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 030603.doc
[2008/10/29 14:53:16 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 090203.doc
[2008/10/28 18:37:00 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080103.doc
[2008/10/27 17:49:36 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070103.doc
[2008/10/27 17:47:58 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070103.doc
[2008/10/27 16:41:54 | 00,058,368 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\RECIPES.doc
[2008/10/26 00:04:54 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 201102.doc
< End of report >




OTViewIt Extras logfile created on: 23/12/2008 16:18:34 - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\John Newell.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.36 Mb Total Physical Memory | 244.20 Mb Available Physical Memory | 47.76% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 69.15% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 3.68 Gb Free Space | 18.85% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 7.42 Gb Total Space | 7.35 Gb Free Space | 99.07% Space Free | Partition Type: FAT32
Drive F: | 951.62 Mb Total Space | 639.54 Mb Free Space | 67.21% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: John Newell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE:*:Enabled:explorer
[2008/04/14 00:12:40 | 00,507,904 | ---- | M] (Microsoft Corporation) -- \??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:explorer
[2005/04/15 21:15:30 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcfcoms.exe:*:Enabled:730 Series
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2007/11/30 14:48:56 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/12/06 21:02:20 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/12/07 15:30:38 | 00,071,008 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Services
[2006/11/10 12:11:58 | 00,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL
[2006/10/13 23:18:26 | 00,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
[2006/11/03 07:17:28 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2006/11/09 11:03:40 | 00,161,328 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information
[2006/11/14 14:01:22 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1201812326\EE\aolsoftware.exe:*:Enabled:AOL Shared Components
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}"=Microsoft Word 2000
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}"=HP Driver Diagnostics
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}"=TOSHIBA Manuals
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{25DB99F1-4681-4391-931F-6F144E8B5F18}"=TOSHIBA Manuals
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{364F2A4B-C161-4E2C-8627-1440BC2E8030}"=Network Device Switch 3
"{3663DDE0-D8AE-11D3-9850-00C04F7AC096}"=YAMAHA AC-XG WDM
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}"=TOSHIBA Console
"{56364334-9530-11D2-BFFC-00C04FA329AA}"=Microsoft Works 2000
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PartitionMagic
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}"=Wireless Hotkey
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD 4
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{A43D5F06-45CC-4040-B85E-AB993D13D73D}"=Belkin Wireless G Plus MIMO Notebook Card
"{A586D09E-1D2C-11D3-9A6B-00105A98B681}"=Microsoft Picture It! Express 2000
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}"=TOSHIBA Controls
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B838AD63-FD0C-482C-B124-7116748BAC45}"=BootMagic
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C5DD42DC-5402-11D3-8072-00C04FA329AA}"=Word in Works Suite add-in
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{F128BA10-362E-11D3-81AB-00C04FB932BA}"=Microsoft Home Publishing 2000
"{F27EFBE2-7B33-4084-8328-00FE19AC4901}"=ArcSoft TotalMedia
"{F632E23B-7E1B-42C9-9262-FC5D3CA4D4D0}"=ErrorFix
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AOL Toolbar"=AOL Toolbar 5.0
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"avast!"=avast! Antivirus
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"DP Editor 1.0"=DP Editor Ver.1.0
"Exif Launcher 1.0"=Exif Launcher Ver.1.0
"Exif Viewer 1.0"=Exif Viewer Ver.1.1
"ExpressRip"=Express Rip
"Golden"=Golden Records
"HijackThis"=HijackThis 2.0.2
"hp deskjet 3820 series_Driver"=hp deskjet 3820 series
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PowerQuest PartitionMagic 8.0
"InstallShield_{B838AD63-FD0C-482C-B124-7116748BAC45}"=PowerQuest BootMagic 8.0
"Lexmark 730 Series"=Lexmark 730 Series
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft ARX EUR 2000"=Microsoft AutoRoute Express Europe 2000
"Microsoft NetShow Tools 2.0"=Windows Media Tools 4.1
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA"=NVIDIA Windows 2000/XP Display Drivers
"Prism"=Prism Video Converter
"PROSet"=Intel® PRO Ethernet Adapter and Software
"QuickTime"=QuickTime
"RealPlayer 6.0"=RealPlayer
"Registry Mechanic_is1"=Registry Mechanic 7.0
"SoundTap"=SoundTap
"Switch"=Switch
"TFNF5"=Toshiba Hotkey Utility for Display Devices
"TomTom HOME"=TomTom HOME
"ToolBox"=NCH Toolbox
"Toshiba Power Saver"=TOSHIBA Power Saver
"Toshiba screensaver"=Toshiba screensaver
"TOSHIBA Software Modem"=TOSHIBA Software Modem
"TOSHIBA Utilities"=TOSHIBA Utilities
"TouchED"=TOSHIBA TouchPad On/Off Utility V2.04.00
"ViewpointMediaPlayer"=Viewpoint Media Player
"WavePad"=WavePad Uninstall
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Works2kSetup"=Microsoft Works 2000 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 29/11/2008 12:44:41 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 29/11/2008 12:44:42 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 29/11/2008 12:44:42 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 29/11/2008 12:44:43 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:32 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:33 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:33 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:34 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:35 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:35 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

[ Application Events ]
Error - 06/04/2008 16:55:29 | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 625112620.

Error - 08/04/2008 20:35:46 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware2007.exe, version 7.0.2.7, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/04/2008 20:35:56 | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 708678575.

Error - 27/04/2008 15:55:58 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft .NET Framework 2.0 Service Pack 1 -- Error 1705.A
previous installation for this product is in progress. You must undo the changes
made by that installation to continue. Do you want to undo those changes?

Error - 11/05/2008 16:49:36 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16640, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/05/2008 16:49:43 | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 686628912.

Error - 07/06/2008 14:48:27 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16640, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/06/2008 16:33:59 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

Error - 14/06/2008 16:34:18 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

Error - 14/06/2008 16:34:29 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

[ System Events ]
Error - 22/12/2008 15:54:24 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 22/12/2008 15:54:24 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 22/12/2008 15:54:24 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 22/12/2008 16:36:02 | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 22/12/2008 16:36:02 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 22/12/2008 16:36:02 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 22/12/2008 16:36:18 | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 23/12/2008 12:12:44 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 23/12/2008 12:12:44 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 23/12/2008 12:12:44 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.


< End of report >






GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-23 16:44:21
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF6D9B576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF6D9B432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF6D9B910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF6D9B00A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF6D9B50C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF6D9AF4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF6D9AFAE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF6D9B62C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF6D9B5EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF6D9B76C]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[208] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\WINDOWS\system32\services.exe[536] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[536] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe[984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.14 ----




03/17/2006 00:57
Scan of all local drives
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EXARSLYF\bbot[1].exe is infected by Win32:Trojan-gen. {UPX!}, Deleted
File C:\WINDOWS\system32\TFTP1880 is infected by Win32:Trojan-gen. {Other}, Moved to chest
File C:\WINDOWS\system32\winPE.exe is infected by Win32:SdBot-2902 [Trj], Moved to chest
File C:\WINDOWS\system32\TFTP11200 is infected by Win32:SpyBot-A3099 [Trj], Moved to chest
File C:\WINDOWS\Temp\dimension2k5.exe is infected by Win32:Trojan-gen. {UPX!}, Moved to chest
File C:\System Volume Information\_restore{D3FB0AEF-57DB-4035-9B70-4F853C045D83}\RP29\A0018157.exe is infected by Win32:Trojan-gen. {Other}, Moved to chest
File C:\System Volume Information\_restore{D3FB0AEF-57DB-4035-9B70-4F853C045D83}\RP29\A0018159.exe is infected by Win32:SdBot-2902 [Trj], Moved to chest

Number of searched folders: 1747
Number of tested files: 32007
Number of infected files: 7

----------------------------------------
11/28/2008 19:17
Scan of all local drives

Number of searched folders: 5127
Number of tested files: 58550
Number of infected files: 0

----------------------------------------
11/29/2008 15:19
Scan of all local drives

Number of searched folders: 5128
Number of tested files: 58622
Number of infected files: 0

----------------------------------------
11/30/2008 15:13
Scan of all local drives

Number of searched folders: 5147
Number of tested files: 58482
Number of infected files: 0

----------------------------------------
12/23/2008 17:25
Scan of all local drives

Number of searched folders: 5285
Number of tested files: 60682
Number of infected files: 0


avast! error log follows:

***THIS IS THE LOGFILE FROM avast! ERROR classification
23/12/2008 17:24:10 John Newell 868 Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000007B.
23/12/2008 17:24:09 John Newell 868 Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000007B.
23/12/2008 17:24:09 John Newell 868 Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000007B.
23/12/2008 17:24:08 John Newell 868 Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000007B.
23/12/2008 17:24:07 John Newell 868 Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000007B.
23/12/2008 17:24:07 John Newell 868 Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000007B.
23/12/2008 17:24:06 John Newell 868 Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000007B.
23/12/2008 17:24:04 John Newell 868 Internal error has occurred in module basEncodeFileToSubmit failed! , function 0000007B.


avast! warning log follows:
***THIS IS THE LOG FROM avast! WARNING FILE
23/12/2008 17:04:06 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\wininet.dll" file.
23/12/2008 17:04:05 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\vgx.dll" file.
23/12/2008 17:04:04 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\urlmon.dll" file.
23/12/2008 17:04:03 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\shlwapi.dll" file.
23/12/2008 17:04:02 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\shdocvw.dll" file.
23/12/2008 17:04:02 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\pngfilt.dll" file.
23/12/2008 17:04:01 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\mstime.dll" file.
23/12/2008 17:04:00 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\msrating.dll" file.
23/12/2008 17:03:59 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\mshtmled.dll" file.
23/12/2008 17:03:58 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\mshtml.dll" file.
23/12/2008 17:03:57 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\jsproxy.dll" file.
23/12/2008 17:03:57 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\jscript.dll" file.
23/12/2008 17:03:56 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\inseng.dll" file.
23/12/2008 17:03:55 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\iepeers.dll" file.
23/12/2008 17:03:55 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\iedw.exe" file.
23/12/2008 17:03:53 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\extmgr.dll" file.
23/12/2008 17:03:53 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\dxtrans.dll" file.
23/12/2008 17:03:52 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\dxtmsft.dll" file.
23/12/2008 17:03:51 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\ie7_main.log\browseui.dll" file.
23/12/2008 17:03:49 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System\1.0.5000.0__b77a5c561934e089\System.dll" file.
23/12/2008 17:03:48 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll" file.
23/12/2008 17:03:47 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll" file.
23/12/2008 17:03:47 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll" file.
23/12/2008 17:03:46 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll" file.
23/12/2008 17:03:45 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll" file.
23/12/2008 17:03:44 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll" file.
23/12/2008 17:03:43 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll" file.
23/12/2008 17:03:42 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll" file.
23/12/2008 17:03:41 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll" file.
23/12/2008 17:03:40 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll" file.
23/12/2008 17:03:39 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll" file.
23/12/2008 17:03:38 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll" file.
23/12/2008 17:03:38 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll" file.
23/12/2008 17:03:37 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll" file.
23/12/2008 17:03:36 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll" file.
23/12/2008 17:03:35 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll" file.
23/12/2008 17:03:34 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll" file.
23/12/2008 17:03:33 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll" file.
23/12/2008 17:03:32 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll" file.
23/12/2008 17:03:31 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll" file.
23/12/2008 17:03:30 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll" file.
23/12/2008 17:03:30 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll" file.
23/12/2008 17:03:29 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll" file.
23/12/2008 17:03:28 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll" file.
23/12/2008 17:03:27 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll" file.
23/12/2008 17:03:26 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll" file.
23/12/2008 17:03:25 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll" file.
23/12/2008 17:03:24 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll" file.
23/12/2008 17:03:23 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll" file.
23/12/2008 17:03:23 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll" file.
23/12/2008 17:03:22 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll" file.
23/12/2008 17:03:21 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll" file.
23/12/2008 17:03:20 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll" file.
23/12/2008 17:03:19 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll" file.
23/12/2008 17:03:18 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll" file.
23/12/2008 17:03:18 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll" file.
23/12/2008 17:03:17 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_32\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll" file.
23/12/2008 17:03:16 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System\1.0.5000.0__b77a5c561934e089\System.dll" file.
23/12/2008 17:03:15 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll" file.
23/12/2008 17:03:14 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll" file.
23/12/2008 17:03:13 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll" file.
23/12/2008 17:03:12 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll" file.
23/12/2008 17:03:11 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll" file.
23/12/2008 17:03:10 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll" file.
23/12/2008 17:03:09 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll" file.
23/12/2008 17:03:09 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll" file.
23/12/2008 17:03:08 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll" file.
23/12/2008 17:03:07 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll" file.
23/12/2008 17:03:06 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll" file.
23/12/2008 17:03:05 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll" file.
23/12/2008 17:03:04 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll" file.
23/12/2008 17:03:03 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll" file.
23/12/2008 17:03:02 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll" file.
23/12/2008 17:03:01 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll" file.
23/12/2008 17:03:00 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll" file.
23/12/2008 17:02:59 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll" file.
23/12/2008 17:02:58 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll" file.
23/12/2008 17:02:58 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll" file.
23/12/2008 17:02:57 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll" file.
23/12/2008 17:02:56 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll" file.
23/12/2008 17:02:55 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll" file.
23/12/2008 17:02:54 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll" file.
23/12/2008 17:02:53 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll" file.
23/12/2008 17:02:52 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll" file.
23/12/2008 17:02:51 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll" file.
23/12/2008 17:02:50 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll" file.
23/12/2008 17:02:49 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll" file.
23/12/2008 17:02:48 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll" file.
23/12/2008 17:02:48 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll" file.
23/12/2008 17:02:47 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll" file.
23/12/2008 17:02:46 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll" file.
23/12/2008 17:02:45 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll" file.
23/12/2008 17:02:44 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll" file.
23/12/2008 17:02:43 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll" file.
23/12/2008 17:02:42 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll" file.
23/12/2008 17:02:39 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system.ini\SDDEVMGR.dll" file.
23/12/2008 17:01:37 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\_Setup.dll" file.
23/12/2008 17:01:36 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\_ISDel.exe" file.
23/12/2008 17:01:35 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Setup.exe" file.
23/12/2008 17:01:33 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\NPSVGVw.dll" file.
23/12/2008 17:01:32 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGControl.dll" file.
23/12/2008 17:01:30 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGRSRC.DLL" file.
23/12/2008 17:01:29 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGView.dll" file.
23/12/2008 17:01:20 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ACROFX32.DLL" file.
23/12/2008 17:01:19 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\WHA Library.dll" file.
23/12/2008 17:01:18 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\CoolType.dll" file.
23/12/2008 17:01:17 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\msvcrt.dll" file.
23/12/2008 17:01:16 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Bib.dll" file.
23/12/2008 17:01:15 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Agm.dll" file.
23/12/2008 17:01:14 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\msvcp60.dll" file.
23/12/2008 17:01:13 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\AcroRd32.exe" file.
23/12/2008 17:01:12 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\AceLite.dll" file.
23/12/2008 17:01:11 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\oleaut32.dll" file.
23/12/2008 17:01:10 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Uninstall\Uninst.dll" file.
23/12/2008 17:01:09 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\SPPlugins\ExpressViews.apl" file.
23/12/2008 17:01:08 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\SPPlugins\ADMPlugin.apl" file.
23/12/2008 17:01:07 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\WHA.api" file.
23/12/2008 17:01:05 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\weblink.api" file.
23/12/2008 17:01:04 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\hls.api" file.
23/12/2008 17:01:03 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\EScript.api" file.
23/12/2008 17:01:02 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\AcroFill.api" file.
23/12/2008 17:01:01 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\EWH32.api" file.
23/12/2008 17:01:00 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\reflow.api" file.
23/12/2008 17:00:57 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\Movie.api" file.
23/12/2008 17:00:56 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT2.dll" file.
23/12/2008 17:00:55 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT3.dll" file.
23/12/2008 17:00:55 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT4.dll" file.
23/12/2008 17:00:54 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\InterTrust\NPDocBox.dll" file.
23/12/2008 17:00:53 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\InterTrust\DocBox.api" file.
23/12/2008 17:00:51 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Browser\nppdf32.dll" file.
23/12/2008 17:00:50 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ActiveX\AcroIEHelper.ocx" file.
23/12/2008 17:00:49 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ActiveX\pdf.ocx" file.
23/12/2008 17:00:45 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\_Setup.dll" file.
23/12/2008 17:00:44 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\_ISDel.exe" file.
23/12/2008 17:00:42 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Setup.exe" file.
23/12/2008 17:00:40 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\NPSVGVw.dll" file.
23/12/2008 17:00:39 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGControl.dll" file.
23/12/2008 17:00:38 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGRSRC.DLL" file.
23/12/2008 17:00:36 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGView.dll" file.
23/12/2008 17:00:27 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ACROFX32.DLL" file.
23/12/2008 17:00:26 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\WHA Library.dll" file.
23/12/2008 17:00:25 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\CoolType.dll" file.
23/12/2008 17:00:24 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\msvcrt.dll" file.
23/12/2008 17:00:23 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Bib.dll" file.
23/12/2008 17:00:22 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Agm.dll" file.
23/12/2008 17:00:21 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\msvcp60.dll" file.
23/12/2008 17:00:20 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\AcroRd32.exe" file.
23/12/2008 17:00:19 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\AceLite.dll" file.
23/12/2008 17:00:18 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\oleaut32.dll" file.
23/12/2008 17:00:17 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Uninstall\Uninst.dll" file.
23/12/2008 17:00:16 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\SPPlugins\ExpressViews.apl" file.
23/12/2008 17:00:15 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\SPPlugins\ADMPlugin.apl" file.
23/12/2008 17:00:14 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\WHA.api" file.
23/12/2008 17:00:12 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\weblink.api" file.
23/12/2008 17:00:11 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\hls.api" file.
23/12/2008 17:00:10 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\EScript.api" file.
23/12/2008 17:00:09 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\AcroFill.api" file.
23/12/2008 17:00:08 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\EWH32.api" file.
23/12/2008 17:00:07 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\reflow.api" file.
23/12/2008 17:00:04 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\Movie.api" file.
23/12/2008 17:00:03 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT2.dll" file.
23/12/2008 17:00:02 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT3.dll" file.
23/12/2008 17:00:01 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT4.dll" file.
23/12/2008 16:59:59 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\InterTrust\NPDocBox.dll" file.
23/12/2008 16:59:58 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\InterTrust\DocBox.api" file.
23/12/2008 16:59:57 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Browser\nppdf32.dll" file.
23/12/2008 16:59:55 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ActiveX\AcroIEHelper.ocx" file.
23/12/2008 16:59:55 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.NT\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ActiveX\pdf.ocx" file.
23/12/2008 16:59:23 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\_Setup.dll" file.
23/12/2008 16:59:22 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\_ISDel.exe" file.
23/12/2008 16:59:21 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Setup.exe" file.
23/12/2008 16:59:19 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\NPSVGVw.dll" file.
23/12/2008 16:59:18 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGControl.dll" file.
23/12/2008 16:59:16 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGRSRC.DLL" file.
23/12/2008 16:59:15 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGView.dll" file.
23/12/2008 16:59:05 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ACROFX32.DLL" file.
23/12/2008 16:59:05 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\WHA Library.dll" file.
23/12/2008 16:59:04 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\CoolType.dll" file.
23/12/2008 16:59:03 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\msvcrt.dll" file.
23/12/2008 16:59:02 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Bib.dll" file.
23/12/2008 16:59:01 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Agm.dll" file.
23/12/2008 16:59:00 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\msvcp60.dll" file.
23/12/2008 16:58:59 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\AcroRd32.exe" file.
23/12/2008 16:58:58 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\AceLite.dll" file.
23/12/2008 16:58:57 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\oleaut32.dll" file.
23/12/2008 16:58:56 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Uninstall\Uninst.dll" file.
23/12/2008 16:58:55 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\SPPlugins\ExpressViews.apl" file.
23/12/2008 16:58:54 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\SPPlugins\ADMPlugin.apl" file.
23/12/2008 16:58:53 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\WHA.api" file.
23/12/2008 16:58:51 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\weblink.api" file.
23/12/2008 16:58:50 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\hls.api" file.
23/12/2008 16:58:49 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\EScript.api" file.
23/12/2008 16:58:48 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\AcroFill.api" file.
23/12/2008 16:58:47 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\EWH32.api" file.
23/12/2008 16:58:46 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\reflow.api" file.
23/12/2008 16:58:43 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\Movie.api" file.
23/12/2008 16:58:42 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT2.dll" file.
23/12/2008 16:58:41 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT3.dll" file.
23/12/2008 16:58:40 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT4.dll" file.
23/12/2008 16:58:39 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\InterTrust\NPDocBox.dll" file.
23/12/2008 16:58:38 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\InterTrust\DocBox.api" file.
23/12/2008 16:58:37 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Browser\nppdf32.dll" file.
23/12/2008 16:58:35 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ActiveX\AcroIEHelper.ocx" file.
23/12/2008 16:58:34 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ActiveX\pdf.ocx" file.
23/12/2008 16:58:30 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\_Setup.dll" file.
23/12/2008 16:58:29 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\_ISDel.exe" file.
23/12/2008 16:58:28 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Setup.exe" file.
23/12/2008 16:58:25 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\NPSVGVw.dll" file.
23/12/2008 16:58:24 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGControl.dll" file.
23/12/2008 16:58:23 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGRSRC.DLL" file.
23/12/2008 16:58:21 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\SVG Files\SVGView.dll" file.
23/12/2008 16:58:11 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ACROFX32.DLL" file.
23/12/2008 16:58:10 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\WHA Library.dll" file.
23/12/2008 16:58:09 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\CoolType.dll" file.
23/12/2008 16:58:08 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\msvcrt.dll" file.
23/12/2008 16:58:07 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Bib.dll" file.
23/12/2008 16:58:06 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Agm.dll" file.
23/12/2008 16:58:05 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\msvcp60.dll" file.
23/12/2008 16:58:04 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\AcroRd32.exe" file.
23/12/2008 16:58:03 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\AceLite.dll" file.
23/12/2008 16:58:02 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\oleaut32.dll" file.
23/12/2008 16:58:01 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Uninstall\Uninst.dll" file.
23/12/2008 16:58:00 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\SPPlugins\ExpressViews.apl" file.
23/12/2008 16:57:59 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\SPPlugins\ADMPlugin.apl" file.
23/12/2008 16:57:57 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\WHA.api" file.
23/12/2008 16:57:55 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\weblink.api" file.
23/12/2008 16:57:54 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\hls.api" file.
23/12/2008 16:57:53 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\EScript.api" file.
23/12/2008 16:57:52 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\AcroFill.api" file.
23/12/2008 16:57:51 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\EWH32.api" file.
23/12/2008 16:57:50 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\reflow.api" file.
23/12/2008 16:57:47 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\Movie.api" file.
23/12/2008 16:57:46 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT2.dll" file.
23/12/2008 16:57:45 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT3.dll" file.
23/12/2008 16:57:44 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\Movie\QT4.dll" file.
23/12/2008 16:57:43 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\InterTrust\NPDocBox.dll" file.
23/12/2008 16:57:42 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\plug_ins\InterTrust\DocBox.api" file.
23/12/2008 16:57:40 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\Browser\nppdf32.dll" file.
23/12/2008 16:57:39 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ActiveX\AcroIEHelper.ocx" file.
23/12/2008 16:57:38 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\CONFIG.TMP\systemprofile\Local Settings\Temp\pft1~tmp\Reader\ActiveX\pdf.ocx" file.
23/12/2008 16:56:05 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\XPSEP\i386\i386\mxdwdrv.dll" file.
23/12/2008 16:56:03 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\XPSEP\i386\mxdwdrv.dll" file.
23/12/2008 16:56:02 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\XPSEP\amd64\amd64\xpssvcs.dll" file.
23/12/2008 16:56:01 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\XPSEP\amd64\amd64\mxdwdrv.dll" file.
23/12/2008 16:55:59 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\XPSEP\amd64\xpssvcs.dll" file.
23/12/2008 16:55:58 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\XPSEP\amd64\mxdwdrv.dll" file.
23/12/2008 16:55:57 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\prtprocs\x64\filterpipelineprintproc.dll" file.
23/12/2008 16:55:56 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\prtprocs\w32x86\PrintFilterPipelineSvc.exe" file.
23/12/2008 16:55:55 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\prtprocs\w32x86\filterpipelineprintproc.dll" file.
23/12/2008 16:55:16 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\unires.dll" file.
23/12/2008 16:55:15 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\mxdwdui.dll" file.
23/12/2008 16:55:14 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolss.dll\drivers\w32x86\3\mxdwdrv.dll" file.
23/12/2008 16:54:39 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\XPSEP\i386\i386\mxdwdrv.dll" file.
23/12/2008 16:54:37 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\XPSEP\i386\mxdwdrv.dll" file.
23/12/2008 16:54:36 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\XPSEP\amd64\amd64\xpssvcs.dll" file.
23/12/2008 16:54:35 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\XPSEP\amd64\amd64\mxdwdrv.dll" file.
23/12/2008 16:54:33 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\XPSEP\amd64\xpssvcs.dll" file.
23/12/2008 16:54:32 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\XPSEP\amd64\mxdwdrv.dll" file.
23/12/2008 16:54:31 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\prtprocs\x64\filterpipelineprintproc.dll" file.
23/12/2008 16:54:30 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\prtprocs\w32x86\PrintFilterPipelineSvc.exe" file.
23/12/2008 16:54:29 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\prtprocs\w32x86\filterpipelineprintproc.dll" file.
23/12/2008 16:53:47 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\unires.dll" file.
23/12/2008 16:53:46 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\mxdwdui.dll" file.
23/12/2008 16:53:45 John Newell 868 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\system32\spoolsv.exe\drivers\w32x86\3\mxdwdrv.dll" file.

END OF CURRENT POSTING PS Merry Xmas! ... John Newell

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 PM

Posted 24 December 2008 - 11:35 AM

Hello again.

I've made two\postings using the link in you reply but they don't seem to have appeared in this
file. Therefore I am reposting the log files requested. The avast! won't let me get past the point
where it says I have a virus in operating memory. The subsequent and unavoidable boot time
scan is appended.

No Problem. That part I bold seems suspicious but it may be a false positive or not but we will see. I kind of doubt it though.

From what I see from the OTViewIT logs I see many orphaned entries. This means that most of the rootkit infection or any other infections you may have is already removed.

From your previous post with RSIT scan. I did find a rootkit file/driver:
epsonsys;EPS Printer driver; C:\WINDOWS\system32\drivers\epsonsys.sys

^That is a rootkit. All I see is some leftover registry items which we will take care of now.
GMER scan one of the best rootkit scanner also didn't find any active rootkit infection that is present right now.
I think when you ran SDFIX or any other tools it removed it. Just to be sure we will run another scan that targets this kind of infection.

Regarding your AVAST! scan. It removed the bad files.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EXARSLYF\bbot[1].exe is infected by Win32:Trojan-gen. {UPX!}, Deleted
File C:\WINDOWS\system32\TFTP1880 is infected by Win32:Trojan-gen. {Other}, Moved to chest
File C:\WINDOWS\system32\winPE.exe is infected by Win32:SdBot-2902 [Trj], Moved to chest
File C:\WINDOWS\system32\TFTP11200 is infected by Win32:SpyBot-A3099 [Trj], Moved to chest
File C:\WINDOWS\Temp\dimension2k5.exe is infected by Win32:Trojan-gen. {UPX!}, Moved to chest
File C:\System Volume Information\_restore{D3FB0AEF-57DB-4035-9B70-4F853C045D83}\RP29\A0018157.exe is infected by Win32:Trojan-gen. {Other}, Moved to chest
File C:\System Volume Information\_restore{D3FB0AEF-57DB-4035-9B70-4F853C045D83}\RP29\A0018159.exe is infected by Win32:SdBot-2902 [Trj], Moved to chest


The other times it found nothing...

The Logfile from Avast! scan some didn't make sense due to the file path. Some of them is probably a false-positive, some were in your TEMP folder which can be removed easily.

Posted ImageBackdoor Threat
Unfortunately One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you wish to continue follow the instructions below:

Let's begin. There is a program I would like to warn you about.

View Point Programs Warning
Viewpoint Manager and Viewpoint Media Player is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Additional instructions on remocing program can be found here.

Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore if you can boot, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.

Download and Run Haxfix
  • Download haxfix.exe to your desktop.
  • Double click on haxfix.exe to install it. (standard installation path is c:\program Files\haxfix)
  • Checkmark "Create a desktop icon". Click "Next".
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed and select Finish
  • A red "dos window" (dos box) will open.
  • Select option 1. Make logfile by typing 1 and then pressing Enter.
  • Haxfix will start scanning the computer. When it is finished a logfile will open. Copy the contents of that logfile and paste it into this thread.
Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\printpnp]
    
    :commands
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Post back with:
-Haxfix log
-OTMoveIT log
-Fresh OTViewIT log
-Problems you are receiving
<- Please tell me in your next reply.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 PM

Posted 27 December 2008 - 05:30 PM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5 days the topic will need to be closed. I know it is the holidays so I will leave the topic a bit longer than usual.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 jnewell

jnewell
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colchester UK
  • Local time:04:39 PM

Posted 31 December 2008 - 08:09 AM

Hi there EXTREMEBOY,... Yes I'm still here. I hope to carry out the suggested actions today and to
post reply. Thanks... John.

#9 jnewell

jnewell
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colchester UK
  • Local time:04:39 PM

Posted 31 December 2008 - 11:52 AM

Hello ExtremeBoy

Here is latest scan /log results. I was unable to copy to or paste from the OTMoveIt3
screens so I had to type the :reg... and :commands.. lines. I did this several times but
each time it came up with ...printpnp... not found.

The apparent problems I am having, have mainly gone away. It was slow shut down mainly. It would take about 5 minutes after selecting <start> , <Turn of Computer> and the options box coming up, and then another five minutes after the selection was made for the computer to switch off. Also the startup icons on bottom RH of screen sometimes are displayed and sometimes not. Not particularly major but I expect a computer to do the same thing every time, not have a mind of its own. Also have strange sounds coming up. At start up I get several 'dunk' sounds. When I'm online I get the sound of children laughing and sound of
a door slamming shut. These latter two someone has told me might be 'AOL buddies' coming on line or going off, but I don't know. I don't like it when my PC does things without reference to me. ( I was brought up on DOS and don't really like Windows)

Once again thanks for your assistance.




HAXFIX.TXT file follows
HAXFIX logfile - by Marckie

version 5.052
31/12/2008 15:36:31.68
running from C:\HaxFix

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
CmBatt

checking for matching safeboot services
no matching safeboot services found


--- Checking for Goldun - Spybanker ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
printpnp

checking for services
epsonsys

checking for browser helper objects
no known browser helper objects found

checking for appinit files
no files found

checking for possible infected files
please submit these file here: http://www.bleepingcomputer.com/submit-mal....php?channel=11
no files found

checking for Active Setup Installed Components
no known Active Setup Installed Components found

checking iexplore.exe
iexplore.exe is not infected


--- Checking for other Goldun, Spybanker and Haxdoor files ---
no other Haxdoor or Goldun files found


--- Catchme logfile - thank you Gmer ---

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 15:37:07
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


--- Analysing Catchme logfile ---

no matching regkeys found


Finished!

OTMOVEIT LOG follows
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\printpnp\\ not found.
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12312008_161747

FRESH OTVIEWIT LOG follows
OTViewIt logfile created on: 31/12/2008 16:23:17 - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\John Newell.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.36 Mb Total Physical Memory | 286.70 Mb Available Physical Memory | 56.07% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.65% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 2.60 Gb Free Space | 13.30% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 7.42 Gb Total Space | 7.35 Gb Free Space | 99.07% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: John Newell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2008/11/26 17:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/11/26 17:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2002/05/13 09:12:46 | 00,245,760 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\System32\00THotkey.exe
[2002/03/19 20:38:26 | 00,217,088 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE
[2002/04/25 10:09:18 | 00,147,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
[2002/01/22 18:20:50 | 00,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
[2001/08/03 18:08:28 | 00,073,728 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\system32\TFNF5.exe
[2002/07/16 01:41:56 | 00,126,976 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
[2002/08/09 12:06:52 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
[2008/11/26 17:18:52 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
[2007/11/30 14:48:52 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2006/07/20 06:55:42 | 01,617,920 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
[2006/11/14 14:01:22 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe
[2008/12/20 17:13:52 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2002/03/28 08:53:58 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
[2008/05/06 09:42:14 | 00,202,088 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
[2008/12/20 17:13:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2000/01/24 18:54:36 | 00,029,696 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\Exif Launcher\QuickDCF.exe
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
[2008/04/14 00:12:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[1999/09/05 06:23:00 | 00,053,317 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
[2006/02/17 11:30:22 | 00,147,456 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
[2003/10/17 16:02:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2001/07/13 20:44:24 | 00,032,768 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
[2008/11/26 17:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/11/26 17:16:24 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/12/23 16:17:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/26 17:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/11/26 17:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/11/26 17:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/11/26 17:16:24 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/12/20 17:13:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
[2005/04/15 21:15:30 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/10/17 16:02:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/11/26 17:15:36 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
[2008/01/01 15:50:10 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
[2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
[2002/05/17 05:56:02 | 00,063,501 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2008/11/26 17:17:26 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/11/26 17:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/11/26 17:16:30 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/11/26 17:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/11/26 17:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2006/05/08 08:56:50 | 00,018,944 | ---- | M] (WideView Technology Inc.) -- C:\WINDOWS\System32\Drivers\BDA_Loader_225.sys -- (BDA_Loader_225 [On_Demand | Stopped])
[2001/11/16 15:07:30 | 00,119,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/12/23 16:27:52 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [System | Running])
[2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Stopped])
[2008/01/26 18:17:52 | 00,026,112 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Running])
[2003/10/17 16:02:00 | 01,371,740 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
[2008/04/13 18:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2001/08/18 14:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2001/08/18 14:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2002/01/07 19:16:40 | 00,015,111 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys -- (pciSd [On_Demand | Stopped])
[2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
[2001/08/18 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/08/26 23:39:08 | 00,352,768 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Running])
[2007/11/13 10:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/09/11 12:54:32 | 00,038,425 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Running])
[2005/06/18 02:48:46 | 00,019,968 | ---- | M] (WikiTek Inc.) -- C:\WINDOWS\system32\DRIVERS\ss.sys -- (StreamSurge [On_Demand | Running])
[2001/09/26 19:34:32 | 00,799,816 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\LTSM.sys -- (TOSHIBASoftModem [On_Demand | Running])
[2002/04/04 19:12:48 | 00,023,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys -- (tsdhd [On_Demand | Running])
[2001/08/17 14:23:58 | 00,005,264 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD [Boot | Running])
[2001/09/13 19:53:02 | 00,005,936 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG [Boot | Running])
[2006/05/18 22:31:32 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2001/08/17 13:49:04 | 00,024,576 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viairda.sys -- (VIAIRDA [On_Demand | Stopped])
[2003/01/10 21:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2002/07/24 16:42:34 | 00,202,880 | ---- | M] (YAMAHA CORPORATION) -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97 [On_Demand | Running])
[2006/10/12 15:00:22 | 00,019,072 | ---- | M] (ZDC., Inc. (ZDC)) -- C:\WINDOWS\system32\ZDCNDIS5.sys -- (ZDCNDIS5 [Auto | Running])
[2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\PROGRA~1\Belkin\F5D9010\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://search.aol.co.uk/web?isinit=true&query=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://search.aol.co.uk/web?isinit=true&query=%s

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"000StTHK"=000StTHK.exe ()
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe (TOSHIBA Corp.)
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"F5D9010"=C:\Program Files\Belkin\F5D9010\Belkinwcui.exe (Belkin)
"HostManager"=C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe (America Online, Inc.)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"LXCFCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 ()
"MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet /nodetect /keeploaded (NVIDIA Corporation)
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TFncKy"=TFncKy.exe /Type 20 File not found
"TFNF5"=TFNF5.exe (Toshiba Corp.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" (TOSHIBA CORPORATION)
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
"Tpwrtray"=TPWRTRAY.EXE (TOSHIBA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook (NVIDIA Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook (NVIDIA Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

========== (O4) Startup Folders ==========

[2000/01/24 18:54:36 | 00,029,696 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
[1999/09/05 06:23:00 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
[2005/04/27 19:35:34 | 00,029,184 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\WINDOWS\Installer\{F128BA10-362E-11D3-81AB-00C04FB932BA}\4EBD23F5.exe
[2006/02/17 11:30:22 | 00,147,456 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
[2005/10/20 12:04:08 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html [2007/12/20 18:34:46 | 00,000,824 | ---- | M] ()

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html [2007/12/20 18:34:46 | 00,000,824 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{3369AF0D-62E9-4bda-8103-B4C75499B578}: Button: AOL Toolbar -- %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [2001/08/01 17:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{54BE6B6F-3056-470B-97E1-BB92E051B6C4}: http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab -- DeviceEnum Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/microsoftupdat...b?1142551070011 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1226711658519 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab -- Reg Error: Value does not exist or could not be read.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{E8F628B5-259A-4734-97EE-BA914D7BE941}: http://driveragent.com/files/driveragent.cab -- Driver Agent ActiveX Control
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{55DCA314-D665-409C-A3CE-7DC93E2230A1} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{8CF3B6F8-45F4-4ACD-AF1B-161213A012FD} (Servers: | Description: Belkin Wireless G Plus MIMO Notebook Card)
{95880288-7037-4723-9CEA-7DB0C62E850C} (Servers: | Description: 1394 Net Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=WIKI.DLL
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
printpnp: "DllName" = printpnp.dll -- File not found
PRISMAPI.DLL: "DllName" = PRISMAPI.DLL -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 60 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/31 15:51:01 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/31 15:40:32 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTMoveIt3.exe
[2008/12/31 15:35:53 | 00,488,510 | ---- | C] (Marckie ) -- C:\HaxFix.exe
[2008/12/31 15:35:53 | 00,000,000 | ---D | C] -- C:\HaxFix
[2008/12/31 15:34:45 | 00,488,510 | ---- | C] (Marckie ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\haxfix.exe
[2008/12/31 15:32:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/31 15:31:10 | 00,000,711 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/12/31 15:30:53 | 00,000,555 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\NTREGOPT.lnk
[2008/12/31 15:30:53 | 00,000,536 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\ERUNT.lnk
[2008/12/31 15:30:51 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/12/31 15:28:41 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\erunt-setup.exe
[2008/12/26 19:33:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Deliveries
[2008/12/23 16:27:51 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/23 16:27:51 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/23 16:27:51 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/23 16:27:50 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/23 16:27:50 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/23 16:24:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\gmer
[2008/12/23 16:23:46 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\gmer.zip
[2008/12/23 16:17:13 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe
[2008/12/20 20:17:16 | 00,003,186 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\JNewell.zip
[2008/12/08 17:54:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Tools
[2008/12/01 12:52:48 | 00,000,368 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RunThis.bat.lnk
[2008/12/01 12:09:03 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/01 12:09:01 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/01 12:07:49 | 00,000,486 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RSIT.exe.lnk
[2008/11/30 18:11:17 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2008/11/30 14:39:54 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/30 14:38:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/30 14:37:59 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/11/30 14:14:25 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/30 14:12:14 | 00,000,491 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to SDFix.exe.lnk
[2008/11/27 10:41:34 | 00,000,000 | ---D | C] -- C:\PERSONAL
[2008/11/25 17:46:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Newell.LAPTOP\Application Data\ErrorFix
[2008/11/25 17:46:46 | 00,002,201 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2008/11/25 17:46:38 | 00,000,000 | ---D | C] -- C:\Program Files\ErrorFix
[2008/11/23 18:26:53 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Default.rdp
[2008/11/22 21:17:53 | 00,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/22 21:17:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/11/21 23:40:21 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100197.doc
[2008/11/20 22:24:29 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\GPL Stations.doc
[2008/11/19 00:12:06 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Renters.doc
[2008/11/18 22:41:12 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 081006.doc
[2008/11/13 20:54:22 | 00,061,952 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070606.doc
[2008/11/13 20:35:42 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060606.doc
[2008/11/13 20:14:20 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 010206.doc
[2008/11/13 17:44:08 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 110106.doc
[2008/11/13 15:57:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/11/13 01:02:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/11/13 01:02:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/11/13 01:02:46 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2008/11/13 01:02:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/11/13 01:02:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/11/12 21:44:51 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100106.doc
[2008/11/12 21:22:40 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 061005.doc
[2008/11/12 15:21:24 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/09 19:16:28 | 00,057,344 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080605.doc
[2008/11/09 18:44:16 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070605.doc
[2008/11/08 23:14:42 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 160305.doc
[2008/11/07 22:35:32 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070105.doc
[2008/11/07 22:02:56 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060105.doc
[2008/11/07 21:37:47 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 101104.doc
[2008/11/04 18:39:40 | 00,071,680 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 090604.doc
[2008/11/04 18:10:47 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 080604.doc
[2008/11/04 17:46:27 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 170304.doc
[2008/11/03 19:54:28 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/11/03 19:53:47 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/11/03 19:52:37 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/11/03 19:52:36 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/11/03 19:52:35 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/11/03 19:52:34 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/11/03 19:49:50 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/11/03 17:33:02 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080104.doc
[2008/11/03 17:15:36 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/11/03 17:15:28 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/11/03 17:15:25 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/11/03 17:15:23 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/11/03 17:15:19 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/11/03 17:15:16 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/11/03 17:15:15 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/11/03 17:15:15 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/11/03 17:15:12 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/11/03 17:15:12 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/11/03 17:15:10 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/11/03 17:15:10 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/11/03 17:15:09 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/11/03 17:15:08 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/11/03 17:15:08 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/11/03 17:15:03 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/11/03 17:15:02 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/11/03 17:15:02 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/11/03 17:15:00 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/11/03 17:14:57 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/11/03 17:14:57 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/11/03 17:14:57 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/11/03 17:14:56 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/11/03 17:14:55 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/11/03 17:14:54 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/11/03 17:14:52 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/11/03 17:14:52 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/11/03 17:14:49 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/11/03 17:14:49 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/11/03 17:14:49 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/11/03 17:14:47 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/11/03 17:14:46 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/11/03 17:14:46 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/11/03 17:14:45 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/11/03 17:14:45 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/11/03 17:14:44 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/11/03 17:14:44 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/11/03 17:14:42 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/11/03 17:14:41 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/11/03 17:14:41 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/11/03 17:14:34 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/11/03 17:14:32 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/11/03 17:14:30 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/11/03 17:14:23 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/11/03 17:14:23 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/11/03 17:14:23 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/11/03 17:14:23 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/11/03 17:14:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/11/03 17:13:18 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/11/03 16:58:34 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070104.doc
[2008/11/03 16:11:21 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 181003.doc

========== Files - Modified Within 60 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/31 16:16:12 | 00,529,640 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/31 16:16:12 | 00,446,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/31 16:16:12 | 00,073,816 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/31 16:12:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/31 16:12:08 | 00,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2008/12/31 16:11:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/31 16:11:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/31 16:02:08 | 00,000,702 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/31 15:40:36 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTMoveIt3.exe
[2008/12/31 15:34:46 | 00,488,510 | ---- | M] (Marckie ) -- C:\HaxFix.exe
[2008/12/31 15:34:46 | 00,488,510 | ---- | M] (Marckie ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\haxfix.exe
[2008/12/31 15:31:12 | 00,000,711 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/12/31 15:30:54 | 00,000,555 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\NTREGOPT.lnk
[2008/12/31 15:30:54 | 00,000,536 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\ERUNT.lnk
[2008/12/31 15:28:42 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\erunt-setup.exe
[2008/12/31 15:19:36 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/23 16:35:46 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/23 16:27:52 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/23 16:27:52 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/23 16:27:52 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/23 16:23:48 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\gmer.zip
[2008/12/23 16:17:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe
[2008/12/20 20:21:48 | 00,003,186 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\JNewell.zip
[2008/12/20 19:29:02 | 00,000,300 | ---- | M] () -- C:\WINDOWS\tasks\System Restore.job
[2008/12/20 17:27:16 | 00,005,358 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\simon1.wks
[2008/12/20 14:11:18 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 23:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/01 12:52:50 | 00,000,368 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RunThis.bat.lnk
[2008/12/01 12:07:50 | 00,000,486 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RSIT.exe.lnk
[2008/12/01 12:00:10 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2008/11/30 18:11:14 | 00,002,201 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2008/11/30 14:39:56 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/30 14:12:16 | 00,000,491 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to SDFix.exe.lnk
[2008/11/26 21:51:34 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070104.doc
[2008/11/26 21:23:12 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 230802.doc
[2008/11/26 17:21:30 | 01,236,208 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2008/11/26 17:18:26 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2008/11/26 17:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2008/11/26 17:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2008/11/26 17:17:26 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2008/11/26 17:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2008/11/26 17:16:30 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2008/11/26 17:15:36 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2008/11/26 17:15:10 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AVASTSS.scr
[2008/11/23 18:26:54 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Default.rdp
[2008/11/22 22:32:32 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100197.doc
[2008/11/22 21:17:54 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/21 23:34:46 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\GPL Stations.doc
[2008/11/20 22:00:16 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\General Notes Paz.doc
[2008/11/20 18:54:08 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Renters.doc
[2008/11/20 00:15:52 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes.doc
[2008/11/18 22:58:28 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 081006.doc
[2008/11/17 23:49:38 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070606.doc
[2008/11/15 16:57:12 | 00,428,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/15 00:56:04 | 00,001,615 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Command Prompt (2).lnk
[2008/11/13 21:13:20 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060606.doc
[2008/11/13 20:34:30 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 010206.doc
[2008/11/13 20:12:32 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 110106.doc
[2008/11/13 00:53:28 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/11/12 22:00:44 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100106.doc
[2008/11/12 21:43:36 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 061005.doc
[2008/11/12 21:21:32 | 00,057,344 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080605.doc
[2008/11/09 19:15:12 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070605.doc
[2008/11/08 23:17:06 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 160305.doc
[2008/11/08 23:08:00 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070105.doc
[2008/11/07 22:34:40 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060105.doc
[2008/11/07 22:01:50 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 101104.doc
[2008/11/07 21:36:22 | 00,071,680 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 090604.doc
[2008/11/04 18:37:56 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 080604.doc
[2008/11/04 18:09:40 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 170304.doc
[2008/11/03 23:37:22 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080104.doc
[2008/11/03 16:54:50 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 181003.doc
[2008/11/03 16:09:22 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 040603.doc
< End of report >

FRESH EXTRAS.TXT follows
OTViewIt Extras logfile created on: 31/12/2008 16:23:17 - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\John Newell.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.36 Mb Total Physical Memory | 286.70 Mb Available Physical Memory | 56.07% Memory free
1.22 Gb Paging File | 0.95 Gb Available in Paging File | 77.65% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 2.60 Gb Free Space | 13.30% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 7.42 Gb Total Space | 7.35 Gb Free Space | 99.07% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: John Newell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE:*:Enabled:explorer
[2008/04/14 00:12:40 | 00,507,904 | ---- | M] (Microsoft Corporation) -- \??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:explorer
[2005/04/15 21:15:30 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcfcoms.exe:*:Enabled:730 Series
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2007/11/30 14:48:56 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/12/06 21:02:20 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/12/07 15:30:38 | 00,071,008 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Services
[2006/11/10 12:11:58 | 00,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL
[2006/10/13 23:18:26 | 00,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
[2006/11/03 07:17:28 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2006/11/09 11:03:40 | 00,161,328 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information
[2006/11/14 14:01:22 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1201812326\EE\aolsoftware.exe:*:Enabled:AOL Shared Components
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}"=Microsoft Word 2000
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}"=HP Driver Diagnostics
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}"=TOSHIBA Manuals
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{25DB99F1-4681-4391-931F-6F144E8B5F18}"=TOSHIBA Manuals
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{364F2A4B-C161-4E2C-8627-1440BC2E8030}"=Network Device Switch 3
"{3663DDE0-D8AE-11D3-9850-00C04F7AC096}"=YAMAHA AC-XG WDM
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}"=TOSHIBA Console
"{56364334-9530-11D2-BFFC-00C04FA329AA}"=Microsoft Works 2000
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PartitionMagic
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}"=Wireless Hotkey
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD 4
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{A43D5F06-45CC-4040-B85E-AB993D13D73D}"=Belkin Wireless G Plus MIMO Notebook Card
"{A586D09E-1D2C-11D3-9A6B-00105A98B681}"=Microsoft Picture It! Express 2000
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}"=TOSHIBA Controls
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B838AD63-FD0C-482C-B124-7116748BAC45}"=BootMagic
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C5DD42DC-5402-11D3-8072-00C04FA329AA}"=Word in Works Suite add-in
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{F128BA10-362E-11D3-81AB-00C04FB932BA}"=Microsoft Home Publishing 2000
"{F27EFBE2-7B33-4084-8328-00FE19AC4901}"=ArcSoft TotalMedia
"{F632E23B-7E1B-42C9-9262-FC5D3CA4D4D0}"=ErrorFix
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AOL Toolbar"=AOL Toolbar 5.0
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"avast!"=avast! Antivirus
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"DP Editor 1.0"=DP Editor Ver.1.0
"ERUNT_is1"=ERUNT 1.1j
"Exif Launcher 1.0"=Exif Launcher Ver.1.0
"Exif Viewer 1.0"=Exif Viewer Ver.1.1
"ExpressRip"=Express Rip
"Golden"=Golden Records
"HijackThis"=HijackThis 2.0.2
"hp deskjet 3820 series_Driver"=hp deskjet 3820 series
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PowerQuest PartitionMagic 8.0
"InstallShield_{B838AD63-FD0C-482C-B124-7116748BAC45}"=PowerQuest BootMagic 8.0
"Lexmark 730 Series"=Lexmark 730 Series
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft ARX EUR 2000"=Microsoft AutoRoute Express Europe 2000
"Microsoft NetShow Tools 2.0"=Windows Media Tools 4.1
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA"=NVIDIA Windows 2000/XP Display Drivers
"Prism"=Prism Video Converter
"PROSet"=Intel® PRO Ethernet Adapter and Software
"QuickTime"=QuickTime
"RealPlayer 6.0"=RealPlayer
"Registry Mechanic_is1"=Registry Mechanic 7.0
"SoundTap"=SoundTap
"Switch"=Switch
"TFNF5"=Toshiba Hotkey Utility for Display Devices
"TomTom HOME"=TomTom HOME
"ToolBox"=NCH Toolbox
"Toshiba Power Saver"=TOSHIBA Power Saver
"Toshiba screensaver"=Toshiba screensaver
"TOSHIBA Software Modem"=TOSHIBA Software Modem
"TOSHIBA Utilities"=TOSHIBA Utilities
"TouchED"=TOSHIBA TouchPad On/Off Utility V2.04.00
"WavePad"=WavePad Uninstall
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Works2kSetup"=Microsoft Works 2000 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 30/11/2008 11:11:35 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:35 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:36 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:04 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:06 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:07 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:07 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:08 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:09 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:09 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

[ Application Events ]
Error - 06/04/2008 16:55:29 | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 625112620.

Error - 08/04/2008 20:35:46 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware2007.exe, version 7.0.2.7, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/04/2008 20:35:56 | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 708678575.

Error - 27/04/2008 15:55:58 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft .NET Framework 2.0 Service Pack 1 -- Error 1705.A
previous installation for this product is in progress. You must undo the changes
made by that installation to continue. Do you want to undo those changes?

Error - 11/05/2008 16:49:36 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16640, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/05/2008 16:49:43 | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 686628912.

Error - 07/06/2008 14:48:27 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16640, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/06/2008 16:33:59 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

Error - 14/06/2008 16:34:18 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

Error - 14/06/2008 16:34:29 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

[ System Events ]
Error - 31/12/2008 11:56:00 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 31/12/2008 11:56:00 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 31/12/2008 11:56:05 | Computer Name = LAPTOP | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 31/12/2008 12:10:06 | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 31/12/2008 12:10:06 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 31/12/2008 12:10:06 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 31/12/2008 12:10:24 | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 31/12/2008 12:11:58 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 31/12/2008 12:11:58 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 31/12/2008 12:11:58 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.


< End of report >

END OF POSTING

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 PM

Posted 02 January 2009 - 10:56 AM

Hello again.

I'm very sorry for this delay. Let's see what we can find.

Don't worry about the OTMoveIT error it means it didn't find it, however I still see it in your log which is strange, I think there was a little minor error.

Regarding the extended period time of shutdown, it may not be malware, I had that problem to occasionally but it then came back to normal after a several days, not sure why it happened either.

I don't understand what you mean by "I was brought up on DOS and don't really like Windows"? Could you elaborate more on what you mean?


From your logs you look okay, except that orphaned entry that didn't get removed by OTMoveIT, I want to make sure it is still there. Any other problems?
Your log looks okay. The rootkit you had before is probably removed. GMER is one of the best anti-rootkit scan out there and it didn't find anything and also the OTViewIT logs looks okay as well. Let's see if we can remove the leftovers

Run OTMoveIt
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\printpnp]
    :commands
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Export Registry Key using Run...
I need to see a registry key.

Please go to Start>>Run...>> In the open field please type in the following (without the word Code):
regedit /e "%userprofile%\desktop\Peek.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"

On your desktop there will be a file called: "Peek.txt", that is the key that you exported into Notepad. Please copy and paste the contents of that log in your next reply.

Update Java to Version 6 Update 11

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Please Post back with:
-OTMoveIT log
-Peek.txt
-Kaspersky scan
-New OTviewiT logs
-Problems you still have regarding malware issues


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 PM

Posted 02 January 2009 - 10:59 AM

Hello again.

I'm very sorry for this delay. Let's see what we can find.

Don't worry about the OTMoveIT error it means it didn't find it, however I still see it in your log which is strange, I think there was a little minor error.

Regarding the extended period time of shutdown, it may not be malware, I had that problem to occasionally but it then came back to normal after a several days, not sure why it happened either.

I don't understand what you mean by "I was brought up on DOS and don't really like Windows"? Could you elaborate more on what you mean?


From your logs you look okay, except that orphaned entry that didn't get removed by OTMoveIT, I want to make sure it is still there. Any other problems?
Your log looks okay. The rootkit you had before is probably removed. GMER is one of the best anti-rootkit scan out there and it didn't find anything and also the OTViewIT logs looks okay as well. Let's see if we can remove the leftovers

Run OTMoveIt
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\printpnp]
    :commands
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Export Registry Key using Run...
I need to see a registry key.

Please go to Start>>Run...>> In the open field please type in the following (without the word Code):
regedit /e "%userprofile%\desktop\Peek.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"

On your desktop there will be a file called: "Peek.txt", that is the key that you exported into Notepad. Please copy and paste the contents of that log in your next reply.

Update Java to Version 6 Update 11

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Please Post back with:
-OTMoveIT log
-Peek.txt
-Kaspersky scan
-New OTviewiT logs
-Problems you still have regarding malware issues


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 jnewell

jnewell
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colchester UK
  • Local time:04:39 PM

Posted 03 January 2009 - 04:44 PM

Hi Extreme boy.

Herewith the logs etc requested. I still had trouble with the OTMoveIt3.exe as I can't see how to copy and paste into this program. So I typed the lines in from my keyboard. printpnp was again not found although I can see it in the registry. I also had trouble with the code to export the registry key HKLM\...\Notify. I used regedit and exported the key so hopefully this will suffice. There is some strange stuff in the wgalogon\settings areas. This does not appear when viewed by the regedit.exe program.

Java 6. I already had Version6 update 11 loaded, which I left intact but I removed V6 u3, u5, and u7.

Kaspersky scan went OK but found 1 threat, 2 infected objects. I don't think I have any particular problems now with malware (once the present problem is fixed), although I would like to know how this got onto my machine and how I can minimise the probabilty in the future. I always have a firewall (Windows standard so probably not too good!) and I use Avast! home edtion for on access scanning. The main visible problem I have now is that the icons in the Notification Area of the screen have a mind of their own, and on startup will sometimes appear and sometimes not. This may or may not be due to malware. Ive tried using msconfig for selective startup but can't get to the bottom of that.

When I say I was bought up on DOS... I mean the following. DOS was the first operating system I learned many years ago and I was very familiar with it. The computer did what you told it to do and although there are severe limitations in DOS at the point to which it has been developed, it is still a pretty much hands on operating system. I still use DOS commands quite often to do things. If I've got a bit of number crunching to do I will write a program in DOS based GWBasic or something similiar. I only use Visual Basic or C++ if I'm looking for a professional'windows'type appearance and functionality. However I find windows is unpredictable in normal use. Not all operations work the same in all screens, it is quite unjoined up. Also too much invisible stuff goes on in the background, which I know is technically great, but you don't know if a program is updating it self, the disk is being reorganised or your bank details are being uploaded to the world. That's basically why I say I don't like windows.

Once again, thanks for your assistance...
regards jnewell (john)



***OTMoveIt3 log follows

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\printpnp\\ not found.
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01032009_172259


***Peek.txt follows. (nothing seemed to happen when the code was run, not even the creation of an empty peek.txt. I tried without the "HKEY_LOCAL_MACHINE\... " part of the command and this produced a peek.txt of about 70MB. Presumably the whole registry. The output that follows was obtained from running regedit export with the Notify selected.

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Class Name: <NO CLASS>
Last Write Time: 13/11/2008 - 01:03

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
Class Name: <NO CLASS>
Last Write Time: 13/08/2002 - 11:01
Value 0
Name: Asynchronous
Type: REG_DWORD
Data: 0x0

Value 1
Name: Impersonate
Type: REG_DWORD
Data: 0x0

Value 2
Name: DllName
Type: REG_EXPAND_SZ
Data: crypt32.dll

Value 3
Name: Logoff
Type: REG_SZ
Data: ChainWlxLogoffEvent


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
Class Name: <NO CLASS>
Last Write Time: 13/08/2002 - 11:01
Value 0
Name: Asynchronous
Type: REG_DWORD
Data: 0x0

Value 1
Name: Impersonate
Type: REG_DWORD
Data: 0x0

Value 2
Name: DllName
Type: REG_EXPAND_SZ
Data: cryptnet.dll

Value 3
Name: Logoff
Type: REG_SZ
Data: CryptnetWlxLogoffEvent


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
Class Name: <NO CLASS>
Last Write Time: 13/08/2002 - 11:01
Value 0
Name: DLLName
Type: REG_SZ
Data: cscdll.dll

Value 1
Name: Logon
Type: REG_SZ
Data: WinlogonLogonEvent

Value 2
Name: Logoff
Type: REG_SZ
Data: WinlogonLogoffEvent

Value 3
Name: ScreenSaver
Type: REG_SZ
Data: WinlogonScreenSaverEvent

Value 4
Name: Startup
Type: REG_SZ
Data: WinlogonStartupEvent

Value 5
Name: Shutdown
Type: REG_SZ
Data: WinlogonShutdownEvent

Value 6
Name: StartShell
Type: REG_SZ
Data: WinlogonStartShellEvent

Value 7
Name: Impersonate
Type: REG_DWORD
Data: 0x0

Value 8
Name: Asynchronous
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
Class Name: <NO CLASS>
Last Write Time: 13/11/2008 - 01:03
Value 0
Name: Asynchronous
Type: REG_DWORD
Data: 0x1

Value 1
Name: DllName
Type: REG_EXPAND_SZ
Data: %SystemRoot%\System32\dimsntfy.dll

Value 2
Name: Startup
Type: REG_SZ
Data: WlDimsStartup

Value 3
Name: Shutdown
Type: REG_SZ
Data: WlDimsShutdown

Value 4
Name: Logon
Type: REG_SZ
Data: WlDimsLogon

Value 5
Name: Logoff
Type: REG_SZ
Data: WlDimsLogoff

Value 6
Name: StartShell
Type: REG_SZ
Data: WlDimsStartShell

Value 7
Name: Lock
Type: REG_SZ
Data: WlDimsLock

Value 8
Name: Unlock
Type: REG_SZ
Data: WlDimsUnlock


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\printpnp
Class Name: <NO CLASS>
Last Write Time: 02/01/2006 - 15:12
Value 0
Name: DllName
Type: REG_EXPAND_SZ
Data: printpnp.dll

Value 1
Name: Startup
Type: REG_SZ
Data: printpnp

Value 2
Name: Impersonate
Type: REG_DWORD
Data: 0x1

Value 3
Name: Asynchronous
Type: REG_DWORD
Data: 0x1

Value 4
Name: MaxWait
Type: REG_DWORD
Data: 0x1

Value 5
Name: nuk45key
Type: REG_SZ
Data: [3893226516094-USR-]


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PRISMAPI.DLL
Class Name: <NO CLASS>
Last Write Time: 05/12/2007 - 13:38
Value 0
Name: Asynchronous
Type: REG_DWORD
Data: 0x1

Value 1
Name: DllName
Type: REG_SZ
Data: PRISMAPI.DLL

Value 2
Name: Impersonate
Type: REG_DWORD
Data: 0x0

Value 3
Name: Logoff
Type: REG_SZ
Data: NPLogoffEvent

Value 4
Name: Shutdown
Type: REG_SZ
Data: NPShutdownEvent


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
Class Name: <NO CLASS>
Last Write Time: 13/08/2002 - 11:01
Value 0
Name: DLLName
Type: REG_SZ
Data: wlnotify.dll

Value 1
Name: Logon
Type: REG_SZ
Data: SCardStartCertProp

Value 2
Name: Logoff
Type: REG_SZ
Data: SCardStopCertProp

Value 3
Name: Lock
Type: REG_SZ
Data: SCardSuspendCertProp

Value 4
Name: Unlock
Type: REG_SZ
Data: SCardResumeCertProp

Value 5
Name: Enabled
Type: REG_DWORD
Data: 0x1

Value 6
Name: Impersonate
Type: REG_DWORD
Data: 0x1

Value 7
Name: Asynchronous
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
Class Name: <NO CLASS>
Last Write Time: 13/08/2002 - 10:08
Value 0
Name: Asynchronous
Type: REG_DWORD
Data: 0x0

Value 1
Name: DllName
Type: REG_EXPAND_SZ
Data: wlnotify.dll

Value 2
Name: Impersonate
Type: REG_DWORD
Data: 0x0

Value 3
Name: StartShell
Type: REG_SZ
Data: SchedStartShell

Value 4
Name: Logoff
Type: REG_SZ
Data: SchedEventLogOff


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
Class Name: <NO CLASS>
Last Write Time: 13/08/2002 - 10:09
Value 0
Name: Logoff
Type: REG_SZ
Data: WLEventLogoff

Value 1
Name: Impersonate
Type: REG_DWORD
Data: 0x0

Value 2
Name: Asynchronous
Type: REG_DWORD
Data: 0x1

Value 3
Name: DllName
Type: REG_EXPAND_SZ
Data: sclgntfy.dll


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
Class Name: <NO CLASS>
Last Write Time: 13/08/2002 - 11:01
Value 0
Name: DLLName
Type: REG_SZ
Data: WlNotify.dll

Value 1
Name: Lock
Type: REG_SZ
Data: SensLockEvent

Value 2
Name: Logon
Type: REG_SZ
Data: SensLogonEvent

Value 3
Name: Logoff
Type: REG_SZ
Data: SensLogoffEvent

Value 4
Name: Safe
Type: REG_DWORD
Data: 0x1

Value 5
Name: MaxWait
Type: REG_DWORD
Data: 0x258

Value 6
Name: StartScreenSaver
Type: REG_SZ
Data: SensStartScreenSaverEvent

Value 7
Name: StopScreenSaver
Type: REG_SZ
Data: SensStopScreenSaverEvent

Value 8
Name: Startup
Type: REG_SZ
Data: SensStartupEvent

Value 9
Name: Shutdown
Type: REG_SZ
Data: SensShutdownEvent

Value 10
Name: StartShell
Type: REG_SZ
Data: SensStartShellEvent

Value 11
Name: PostShell
Type: REG_SZ
Data: SensPostShellEvent

Value 12
Name: Disconnect
Type: REG_SZ
Data: SensDisconnectEvent

Value 13
Name: Reconnect
Type: REG_SZ
Data: SensReconnectEvent

Value 14
Name: Unlock
Type: REG_SZ
Data: SensUnlockEvent

Value 15
Name: Impersonate
Type: REG_DWORD
Data: 0x1

Value 16
Name: Asynchronous
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
Class Name: <NO CLASS>
Last Write Time: 13/08/2002 - 10:06
Value 0
Name: Asynchronous
Type: REG_DWORD
Data: 0x0

Value 1
Name: DllName
Type: REG_EXPAND_SZ
Data: wlnotify.dll

Value 2
Name: Impersonate
Type: REG_DWORD
Data: 0x0

Value 3
Name: Logoff
Type: REG_SZ
Data: TSEventLogoff

Value 4
Name: Logon
Type: REG_SZ
Data: TSEventLogon

Value 5
Name: PostShell
Type: REG_SZ
Data: TSEventPostShell

Value 6
Name: Shutdown
Type: REG_SZ
Data: TSEventShutdown

Value 7
Name: StartShell
Type: REG_SZ
Data: TSEventStartShell

Value 8
Name: Startup
Type: REG_SZ
Data: TSEventStartup

Value 9
Name: MaxWait
Type: REG_DWORD
Data: 0x258

Value 10
Name: Reconnect
Type: REG_SZ
Data: TSEventReconnect

Value 11
Name: Disconnect
Type: REG_SZ
Data: TSEventDisconnect


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
Class Name: <NO CLASS>
Last Write Time: 17/06/2007 - 20:02
Value 0
Name: Logon
Type: REG_SZ
Data: WLEventLogon

Value 1
Name: Logoff
Type: REG_SZ
Data: WLEventLogoff

Value 2
Name: Startup
Type: REG_SZ
Data: WLEventStartup

Value 3
Name: Shutdown
Type: REG_SZ
Data: WLEventShutdown

Value 4
Name: StartScreenSaver
Type: REG_SZ
Data: WLEventStartScreenSaver

Value 5
Name: StopScreenSaver
Type: REG_SZ
Data: WLEventStopScreenSaver

Value 6
Name: Lock
Type: REG_SZ
Data: WLEventLock

Value 7
Name: Unlock
Type: REG_SZ
Data: WLEventUnlock

Value 8
Name: StartShell
Type: REG_SZ
Data: WLEventStartShell

Value 9
Name: PostShell
Type: REG_SZ
Data: WLEventPostShell

Value 10
Name: Disconnect
Type: REG_SZ
Data: WLEventDisconnect

Value 11
Name: Reconnect
Type: REG_SZ
Data: WLEventReconnect

Value 12
Name: Impersonate
Type: REG_DWORD
Data: 0x1

Value 13
Name: Asynchronous
Type: REG_DWORD
Data: 0x0

Value 14
Name: SafeMode
Type: REG_DWORD
Data: 0x1

Value 15
Name: MaxWait
Type: REG_DWORD
Data: 0xffffffff

Value 16
Name: DllName
Type: REG_EXPAND_SZ
Data: WgaLogon.dll

Value 17
Name: Event
Type: REG_DWORD
Data: 0x0

Value 18
Name: EulaAccepted
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings
Class Name: <NO CLASS>
Last Write Time: 03/01/2009 - 17:25
Value 0
Name: Data
Type: REG_BINARY
Data:
00000000 01 00 00 00 d0 8c 9d df - 01 15 d1 11 8c 7a 00 c0 ..........z.
00000010 4f c2 97 eb 01 00 00 00 - 3f b1 de dd 13 ce 41 44 O.....?.AD
00000020 91 1d 86 88 6b 15 57 f7 - 04 00 00 00 04 00 00 00 ....k.W........
00000030 53 00 00 00 03 66 00 00 - a8 00 00 00 10 00 00 00 S....f.........
00000040 58 67 dd b5 75 ea dc e0 - a4 40 bb a5 47 4a 11 22 Xgݵu@GJ."
00000050 00 00 00 00 04 80 00 00 - a0 00 00 00 10 00 00 00 ...............
00000060 53 81 28 11 b7 9b 60 ad - d5 55 2e ba bc 7c 9b cf S.(..`U.|.
00000070 b0 01 00 00 c9 9b 20 2e - ec 29 2d 3e cb 16 b1 ea .... .)->.
00000080 d5 e5 47 c4 3e 39 17 65 - 71 f6 a9 08 2d 7b 63 72 G>9.eq.-{cr
00000090 08 92 3c 64 5b 38 d4 c9 - 86 b1 20 6b 56 8d a3 ca ..<d[8. kV.
000000a0 81 d2 ae 40 09 0a bb ae - 80 10 ef 66 f0 7d 05 93 .Ү@ ...f}..
000000b0 0d 7e 3e 5b 3b fd 0f 27 - 94 21 7b f6 92 82 e3 47 .~>[;.'.!{..G
000000c0 84 e7 da 48 1f a8 0b c0 - df e1 0e 17 e5 4b e9 be .H....K
000000d0 25 79 8e 7c de c0 8f a8 - 2d 94 36 a5 a0 1a a9 2e %y.|.-.6..
000000e0 0f 49 ed 5e a2 cb ed 03 - 9d 12 d9 38 47 72 99 66 .I^...8Gr.f
000000f0 2f 07 e5 4b 3a 36 80 e2 - 2f 9b 2a 1c 99 a8 f1 b6 /.K:6./.*..
00000100 5b 64 6f 45 9c 88 04 69 - c0 ec 99 8a 2c 73 f5 4e [doE...i..,sN
00000110 f1 74 ef ab 51 34 76 1a - 7c dc b8 e2 56 d7 7c 62 tQ4v.|ܸV|b
00000120 48 3c f1 68 01 b8 dc 71 - b1 af 80 e3 b7 a2 ea db H<h.q.㷢
00000130 3a 6a c8 d0 f3 c2 56 0e - aa e1 3b d4 50 1f 26 4d :jV.;P.&M
00000140 78 2b a5 33 de 38 51 25 - f9 0d b1 ad c3 8b 7e ee x+38Q%..~
00000150 d0 85 44 c9 87 45 73 7b - b5 d9 d1 15 a7 fc 3f 54 .D.Es{.?T
00000160 9d 12 1e 93 4a 87 86 3e - 54 aa b6 9c e8 b3 ec b6 ....J..>T.
00000170 0a 08 13 5b 39 bb f7 16 - 49 aa dd 0f 20 53 fe fd ...[9.I. S
00000180 f4 ba 6a 06 5b 2f ef 2d - 6b d9 e0 d0 6c 5f cf 4f j.[/-kl_O
00000190 bc 09 bb 72 e3 7c f9 1b - 65 b6 56 5d df b9 d5 5b r|.eV]߹[
000001a0 25 c2 7b f7 b8 36 3f 6f - 85 8e ee 9a 0d 55 6b 36 %{6?o....Uk6
000001b0 dc 73 38 00 a7 20 74 3d - 8b 9b bf 72 25 c9 71 af s8. t=..r%q
000001c0 84 9a 00 97 2a d9 bb ec - 84 52 75 f6 91 3f 84 1e ....*ٻ.Ru.?..
000001d0 2b 1d 93 9b 66 a5 6c 6f - ef 47 77 38 5e dc 56 66 +...floGw8^Vf
000001e0 18 67 60 8d 56 21 b4 34 - 4d 04 96 27 22 25 82 89 .g`.V!4M..'"%..
000001f0 6e a1 f1 d3 09 bf cb 99 - 1e 7f b8 a6 87 5b 6e 66 n ....[nf
00000200 c5 ac de 08 fd 97 95 3f - dc 06 60 9f 8b 00 8e 18 Ŭ...?.`.....
00000210 b5 66 36 f0 8f 47 d8 5a - b8 a2 d4 ea c9 04 70 3b f6.GZ.p;
00000220 41 90 a3 74 14 00 00 00 - e0 a9 b7 fb 19 9f fd 4a A.t....੷..J
00000230 a1 39 77 e5 c7 f5 8f 62 - 68 87 96 38 9w.bh..8


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
Class Name: <NO CLASS>
Last Write Time: 13/08/2002 - 11:01
Value 0
Name: DLLName
Type: REG_SZ
Data: wlnotify.dll

Value 1
Name: Logon
Type: REG_SZ
Data: RegisterTicketExpiredNotificationEvent

Value 2
Name: Logoff
Type: REG_SZ
Data: UnregisterTicketExpiredNotificationEvent

Value 3
Name: Impersonate
Type: REG_DWORD
Data: 0x1

Value 4
Name: Asynchronous
Type: REG_DWORD
Data: 0x1


***kaspersky scan results follows.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 3, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 03, 2009 17:48:09
Records in database: 1554470
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 60065
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:15:44


File name / Threat name / Threats count
C:\Documents and Settings\John Newell.LAPTOP\Desktop\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2

The selected area was scanned.


*** New OTViewIt log follows

OTViewIt logfile created on: 03/01/2009 20:29:30 - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\John Newell.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.36 Mb Total Physical Memory | 236.71 Mb Available Physical Memory | 46.29% Memory free
1.22 Gb Paging File | 0.68 Gb Available in Paging File | 55.47% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 2.56 Gb Free Space | 13.10% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 7.42 Gb Total Space | 7.35 Gb Free Space | 99.07% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: John Newell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2008/11/26 17:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/11/26 17:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2002/05/13 09:12:46 | 00,245,760 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\System32\00THotkey.exe
[2002/03/19 20:38:26 | 00,217,088 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE
[2002/04/25 10:09:18 | 00,147,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
[2002/01/22 18:20:50 | 00,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
[2001/08/03 18:08:28 | 00,073,728 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\system32\TFNF5.exe
[2002/07/16 01:41:56 | 00,126,976 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
[2002/08/09 12:06:52 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
[2008/11/26 17:18:52 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[2007/11/30 14:48:52 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
[2006/07/20 06:55:42 | 01,617,920 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
[2006/11/14 14:01:22 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe
[2002/03/28 08:53:58 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
[2008/12/20 17:13:52 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/05/06 09:42:14 | 00,202,088 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
[2008/12/20 17:13:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2000/01/24 18:54:36 | 00,029,696 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\Exif Launcher\QuickDCF.exe
[2008/04/14 00:12:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[1999/09/05 06:23:00 | 00,053,317 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
[2006/02/17 11:30:22 | 00,147,456 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
[2001/07/13 20:44:24 | 00,032,768 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
[2003/10/17 16:02:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/11/10 12:11:58 | 00,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe
[2007/01/22 11:05:26 | 00,054,832 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\shellmon.exe
[2006/10/13 23:18:26 | 00,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
[2008/12/20 17:13:50 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
[2009/01/03 18:54:44 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\John Newell.LAPTOP\Local Settings\Temp\jkos-John Newell\binaries\ScanningProcess.exe
[2008/11/26 17:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/11/26 17:16:24 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/12/23 16:17:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe
[2008/04/14 00:12:30 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

========== (O23) Win32 Services ==========

[2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/26 17:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/11/26 17:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/11/26 17:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/11/26 17:16:24 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/12/20 17:13:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
[2005/04/15 21:15:30 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/10/17 16:02:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/11/26 17:15:36 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
[2008/01/01 15:50:10 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
[2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
[2002/05/17 05:56:02 | 00,063,501 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2008/11/26 17:17:26 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/11/26 17:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/11/26 17:16:30 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/11/26 17:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/11/26 17:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2006/05/08 08:56:50 | 00,018,944 | ---- | M] (WideView Technology Inc.) -- C:\WINDOWS\System32\Drivers\BDA_Loader_225.sys -- (BDA_Loader_225 [On_Demand | Stopped])
[2001/11/16 15:07:30 | 00,119,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/12/23 16:27:52 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [System | Running])
[2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Stopped])
[2008/01/26 18:17:52 | 00,026,112 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Running])
[2003/10/17 16:02:00 | 01,371,740 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
[2008/04/13 18:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2001/08/18 14:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2001/08/18 14:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2002/01/07 19:16:40 | 00,015,111 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys -- (pciSd [On_Demand | Stopped])
[2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
[2001/08/18 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/08/26 23:39:08 | 00,352,768 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Running])
[2007/11/13 10:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/09/11 12:54:32 | 00,038,425 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Running])
[2005/06/18 02:48:46 | 00,019,968 | ---- | M] (WikiTek Inc.) -- C:\WINDOWS\system32\DRIVERS\ss.sys -- (StreamSurge [On_Demand | Running])
[2001/09/26 19:34:32 | 00,799,816 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\LTSM.sys -- (TOSHIBASoftModem [On_Demand | Running])
[2002/04/04 19:12:48 | 00,023,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys -- (tsdhd [On_Demand | Running])
[2001/08/17 14:23:58 | 00,005,264 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD [Boot | Running])
[2001/09/13 19:53:02 | 00,005,936 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG [Boot | Running])
[2006/05/18 22:31:32 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2001/08/17 13:49:04 | 00,024,576 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viairda.sys -- (VIAIRDA [On_Demand | Stopped])
[2003/01/10 21:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2002/07/24 16:42:34 | 00,202,880 | ---- | M] (YAMAHA CORPORATION) -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97 [On_Demand | Running])
[2006/10/12 15:00:22 | 00,019,072 | ---- | M] (ZDC., Inc. (ZDC)) -- C:\WINDOWS\system32\ZDCNDIS5.sys -- (ZDCNDIS5 [Auto | Running])
[2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\PROGRA~1\Belkin\F5D9010\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://search.aol.co.uk/web?isinit=true&query=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://search.aol.co.uk/web?isinit=true&query=%s

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"000StTHK"=000StTHK.exe ()
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe (TOSHIBA Corp.)
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"F5D9010"=C:\Program Files\Belkin\F5D9010\Belkinwcui.exe (Belkin)
"HostManager"=C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe (America Online, Inc.)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"LXCFCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 ()
"MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet /nodetect /keeploaded (NVIDIA Corporation)
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TFncKy"=TFncKy.exe /Type 20 File not found
"TFNF5"=TFNF5.exe (Toshiba Corp.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" (TOSHIBA CORPORATION)
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
"Tpwrtray"=TPWRTRAY.EXE (TOSHIBA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook (NVIDIA Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook (NVIDIA Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

========== (O4) Startup Folders ==========

[2000/01/24 18:54:36 | 00,029,696 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
[1999/09/05 06:23:00 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
[2005/04/27 19:35:34 | 00,029,184 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\WINDOWS\Installer\{F128BA10-362E-11D3-81AB-00C04FB932BA}\4EBD23F5.exe
[2006/02/17 11:30:22 | 00,147,456 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
[2005/10/20 12:04:08 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html [2007/12/20 18:34:46 | 00,000,824 | ---- | M] ()

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html [2007/12/20 18:34:46 | 00,000,824 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [2008/12/20 17:13:52 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
{3369AF0D-62E9-4bda-8103-B4C75499B578}: Button: AOL Toolbar -- %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [2001/08/01 17:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{54BE6B6F-3056-470B-97E1-BB92E051B6C4}: http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab -- DeviceEnum Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/microsoftupdat...b?1142551070011 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1226711658519 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab -- Reg Error: Value does not exist or could not be read.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{E8F628B5-259A-4734-97EE-BA914D7BE941}: http://driveragent.com/files/driveragent.cab -- Driver Agent ActiveX Control
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{55DCA314-D665-409C-A3CE-7DC93E2230A1} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{8CF3B6F8-45F4-4ACD-AF1B-161213A012FD} (Servers: | Description: Belkin Wireless G Plus MIMO Notebook Card)
{95880288-7037-4723-9CEA-7DB0C62E850C} (Servers: | Description: 1394 Net Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=WIKI.DLL
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
printpnp: "DllName" = printpnp.dll -- File not found
PRISMAPI.DLL: "DllName" = PRISMAPI.DLL -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 60 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/31 15:51:01 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/31 15:40:32 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTMoveIt3.exe
[2008/12/31 15:35:53 | 00,488,510 | ---- | C] (Marckie ) -- C:\HaxFix.exe
[2008/12/31 15:35:53 | 00,000,000 | ---D | C] -- C:\HaxFix
[2008/12/31 15:34:45 | 00,488,510 | ---- | C] (Marckie ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\haxfix.exe
[2008/12/31 15:32:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/31 15:31:10 | 00,000,711 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/12/31 15:30:53 | 00,000,555 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\NTREGOPT.lnk
[2008/12/31 15:30:53 | 00,000,536 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\ERUNT.lnk
[2008/12/31 15:30:51 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/12/31 15:28:41 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\erunt-setup.exe
[2008/12/26 19:33:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Deliveries
[2008/12/23 16:27:51 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/23 16:27:51 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/23 16:27:51 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/23 16:27:50 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/23 16:27:50 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/23 16:24:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\gmer
[2008/12/23 16:23:46 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\gmer.zip
[2008/12/23 16:17:13 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe
[2008/12/20 20:17:16 | 00,003,186 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\JNewell.zip
[2008/12/08 17:54:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Tools
[2008/12/01 12:52:48 | 00,000,368 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RunThis.bat.lnk
[2008/12/01 12:09:03 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/01 12:09:01 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/01 12:07:49 | 00,000,486 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RSIT.exe.lnk
[2008/11/30 18:11:17 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2008/11/30 14:39:54 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/30 14:38:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/30 14:37:59 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/11/30 14:14:25 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/30 14:12:14 | 00,000,491 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to SDFix.exe.lnk
[2008/11/27 10:41:34 | 00,000,000 | ---D | C] -- C:\PERSONAL
[2008/11/25 17:46:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Newell.LAPTOP\Application Data\ErrorFix
[2008/11/25 17:46:46 | 00,002,201 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2008/11/25 17:46:38 | 00,000,000 | ---D | C] -- C:\Program Files\ErrorFix
[2008/11/23 18:26:53 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Default.rdp
[2008/11/22 21:17:53 | 00,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/22 21:17:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/11/21 23:40:21 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100197.doc
[2008/11/20 22:24:29 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\GPL Stations.doc
[2008/11/19 00:12:06 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Renters.doc
[2008/11/18 22:41:12 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 081006.doc
[2008/11/13 20:54:22 | 00,061,952 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070606.doc
[2008/11/13 20:35:42 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060606.doc
[2008/11/13 20:14:20 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 010206.doc
[2008/11/13 17:44:08 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 110106.doc
[2008/11/13 15:57:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/11/13 01:02:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/11/13 01:02:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/11/13 01:02:46 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2008/11/13 01:02:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/11/13 01:02:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/11/12 21:44:51 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100106.doc
[2008/11/12 21:22:40 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 061005.doc
[2008/11/12 15:21:24 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/09 19:16:28 | 00,057,344 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080605.doc
[2008/11/09 18:44:16 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070605.doc
[2008/11/08 23:14:42 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 160305.doc
[2008/11/07 22:35:32 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070105.doc
[2008/11/07 22:02:56 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060105.doc
[2008/11/07 21:37:47 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 101104.doc

========== Files - Modified Within 60 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/01/03 19:29:04 | 00,000,300 | ---- | M] () -- C:\WINDOWS\tasks\System Restore.job
[2009/01/03 18:52:42 | 00,076,520 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/03 18:50:00 | 00,529,640 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/03 18:50:00 | 00,446,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/03 18:50:00 | 00,073,816 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/03 18:47:40 | 00,000,702 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/03 18:46:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/03 18:45:54 | 00,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2009/01/03 18:45:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/03 18:45:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/03 18:01:26 | 00,001,655 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Command Prompt (2).lnk
[2009/01/03 14:43:30 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\RECIPES.doc
[2008/12/31 15:40:36 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTMoveIt3.exe
[2008/12/31 15:34:46 | 00,488,510 | ---- | M] (Marckie ) -- C:\HaxFix.exe
[2008/12/31 15:34:46 | 00,488,510 | ---- | M] (Marckie ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\haxfix.exe
[2008/12/31 15:31:12 | 00,000,711 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/12/31 15:30:54 | 00,000,555 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\NTREGOPT.lnk
[2008/12/31 15:30:54 | 00,000,536 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\ERUNT.lnk
[2008/12/31 15:28:42 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\erunt-setup.exe
[2008/12/31 15:19:36 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/23 16:35:46 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/23 16:27:52 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/23 16:27:52 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/23 16:27:52 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/23 16:23:48 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\gmer.zip
[2008/12/23 16:17:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe
[2008/12/20 20:21:48 | 00,003,186 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\JNewell.zip
[2008/12/20 17:27:16 | 00,005,358 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\simon1.wks
[2008/12/20 14:11:18 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 23:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/01 12:52:50 | 00,000,368 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RunThis.bat.lnk
[2008/12/01 12:07:50 | 00,000,486 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RSIT.exe.lnk
[2008/12/01 12:00:10 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2008/11/30 18:11:14 | 00,002,201 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2008/11/30 14:39:56 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/30 14:12:16 | 00,000,491 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to SDFix.exe.lnk
[2008/11/26 21:51:34 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070104.doc
[2008/11/26 21:23:12 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 230802.doc
[2008/11/26 17:21:30 | 01,236,208 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2008/11/26 17:18:26 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2008/11/26 17:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2008/11/26 17:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2008/11/26 17:17:26 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2008/11/26 17:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2008/11/26 17:16:30 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2008/11/26 17:15:36 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2008/11/26 17:15:10 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AVASTSS.scr
[2008/11/23 18:26:54 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Default.rdp
[2008/11/22 22:32:32 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100197.doc
[2008/11/22 21:17:54 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/21 23:34:46 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\GPL Stations.doc
[2008/11/20 22:00:16 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\General Notes Paz.doc
[2008/11/20 18:54:08 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Renters.doc
[2008/11/20 00:15:52 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes.doc
[2008/11/18 22:58:28 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 081006.doc
[2008/11/17 23:49:38 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070606.doc
[2008/11/15 16:57:12 | 00,428,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/13 21:13:20 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060606.doc
[2008/11/13 20:34:30 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 010206.doc
[2008/11/13 20:12:32 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 110106.doc
[2008/11/13 00:53:28 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/11/12 22:00:44 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100106.doc
[2008/11/12 21:43:36 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 061005.doc
[2008/11/12 21:21:32 | 00,057,344 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080605.doc
[2008/11/09 19:15:12 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070605.doc
[2008/11/08 23:17:06 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 160305.doc
[2008/11/08 23:08:00 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070105.doc
[2008/11/07 22:34:40 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060105.doc
[2008/11/07 22:01:50 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 101104.doc
[2008/11/07 21:36:22 | 00,071,680 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 090604.doc
< End of report >


***New Extras.txt log file follows

OTViewIt Extras logfile created on: 03/01/2009 20:29:30 - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\John Newell.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.36 Mb Total Physical Memory | 236.71 Mb Available Physical Memory | 46.29% Memory free
1.22 Gb Paging File | 0.68 Gb Available in Paging File | 55.47% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 2.56 Gb Free Space | 13.10% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 7.42 Gb Total Space | 7.35 Gb Free Space | 99.07% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: John Newell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE:*:Enabled:explorer
[2008/04/14 00:12:40 | 00,507,904 | ---- | M] (Microsoft Corporation) -- \??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:explorer
[2005/04/15 21:15:30 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcfcoms.exe:*:Enabled:730 Series
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2007/11/30 14:48:56 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/12/06 21:02:20 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/12/07 15:30:38 | 00,071,008 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Services
[2006/11/10 12:11:58 | 00,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL
[2006/10/13 23:18:26 | 00,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
[2006/11/03 07:17:28 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2006/11/09 11:03:40 | 00,161,328 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information
[2006/11/14 14:01:22 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1201812326\EE\aolsoftware.exe:*:Enabled:AOL Shared Components
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}"=Microsoft Word 2000
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}"=HP Driver Diagnostics
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}"=TOSHIBA Manuals
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{25DB99F1-4681-4391-931F-6F144E8B5F18}"=TOSHIBA Manuals
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{364F2A4B-C161-4E2C-8627-1440BC2E8030}"=Network Device Switch 3
"{3663DDE0-D8AE-11D3-9850-00C04F7AC096}"=YAMAHA AC-XG WDM
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}"=TOSHIBA Console
"{56364334-9530-11D2-BFFC-00C04FA329AA}"=Microsoft Works 2000
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PartitionMagic
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}"=Wireless Hotkey
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD 4
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{A43D5F06-45CC-4040-B85E-AB993D13D73D}"=Belkin Wireless G Plus MIMO Notebook Card
"{A586D09E-1D2C-11D3-9A6B-00105A98B681}"=Microsoft Picture It! Express 2000
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}"=TOSHIBA Controls
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B838AD63-FD0C-482C-B124-7116748BAC45}"=BootMagic
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C5DD42DC-5402-11D3-8072-00C04FA329AA}"=Word in Works Suite add-in
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{F128BA10-362E-11D3-81AB-00C04FB932BA}"=Microsoft Home Publishing 2000
"{F27EFBE2-7B33-4084-8328-00FE19AC4901}"=ArcSoft TotalMedia
"{F632E23B-7E1B-42C9-9262-FC5D3CA4D4D0}"=ErrorFix
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AOL Toolbar"=AOL Toolbar 5.0
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"avast!"=avast! Antivirus
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"DP Editor 1.0"=DP Editor Ver.1.0
"ERUNT_is1"=ERUNT 1.1j
"Exif Launcher 1.0"=Exif Launcher Ver.1.0
"Exif Viewer 1.0"=Exif Viewer Ver.1.1
"ExpressRip"=Express Rip
"Golden"=Golden Records
"HijackThis"=HijackThis 2.0.2
"hp deskjet 3820 series_Driver"=hp deskjet 3820 series
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PowerQuest PartitionMagic 8.0
"InstallShield_{B838AD63-FD0C-482C-B124-7116748BAC45}"=PowerQuest BootMagic 8.0
"Lexmark 730 Series"=Lexmark 730 Series
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft ARX EUR 2000"=Microsoft AutoRoute Express Europe 2000
"Microsoft NetShow Tools 2.0"=Windows Media Tools 4.1
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA"=NVIDIA Windows 2000/XP Display Drivers
"Prism"=Prism Video Converter
"PROSet"=Intel® PRO Ethernet Adapter and Software
"QuickTime"=QuickTime
"RealPlayer 6.0"=RealPlayer
"Registry Mechanic_is1"=Registry Mechanic 7.0
"SoundTap"=SoundTap
"Switch"=Switch
"TFNF5"=Toshiba Hotkey Utility for Display Devices
"TomTom HOME"=TomTom HOME
"ToolBox"=NCH Toolbox
"Toshiba Power Saver"=TOSHIBA Power Saver
"Toshiba screensaver"=Toshiba screensaver
"TOSHIBA Software Modem"=TOSHIBA Software Modem
"TOSHIBA Utilities"=TOSHIBA Utilities
"TouchED"=TOSHIBA TouchPad On/Off Utility V2.04.00
"WavePad"=WavePad Uninstall
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Works2kSetup"=Microsoft Works 2000 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 30/11/2008 11:11:35 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:35 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:36 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:04 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:06 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:07 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:07 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:08 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:09 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:09 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

[ Application Events ]
Error - 08/04/2008 20:35:46 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware2007.exe, version 7.0.2.7, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/04/2008 20:35:56 | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 708678575.

Error - 27/04/2008 15:55:58 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft .NET Framework 2.0 Service Pack 1 -- Error 1705.A
previous installation for this product is in progress. You must undo the changes
made by that installation to continue. Do you want to undo those changes?

Error - 11/05/2008 16:49:36 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16640, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/05/2008 16:49:43 | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 686628912.

Error - 07/06/2008 14:48:27 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16640, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/06/2008 16:33:59 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

Error - 14/06/2008 16:34:18 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

Error - 14/06/2008 16:34:29 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

Error - 28/08/2008 05:07:01 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 9.0.0.2717, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

[ System Events ]
Error - 03/01/2009 14:41:22 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/01/2009 14:41:22 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/01/2009 14:41:22 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 03/01/2009 14:43:51 | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 03/01/2009 14:43:51 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 03/01/2009 14:43:51 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 03/01/2009 14:44:06 | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 03/01/2009 14:45:53 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 03/01/2009 14:45:53 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 03/01/2009 14:45:53 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.


< End of report >

***END OF POSTING*** :thumbsup: :)

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 PM

Posted 03 January 2009 - 08:41 PM

Hello.

I had that problem before too, don't know what's going on sometimes with computers. It should go back to normal soon.

Also I know you had to manually type it but please be carefull when typing it manually. You typed it wrong..

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\printpnp\\ not found.

The reason you got that error is because there should be a space after Windows and NT like this:
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\printpnp]

Notice the space: \Windows Nt\Currentversion\etc....

Please re run OTMoveIT and make sure you type it exactly how I provided it in my previous post.

Post back with the log after your done.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 jnewell

jnewell
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colchester UK
  • Local time:04:39 PM

Posted 05 January 2009 - 11:10 AM

Hi Extremeboy,

OK. The HKLM\...\printpnp has now been removed. I didn't see the space between windows & NT because
my screen and printer wrapped the output at the CHR$(32) character (space)! Something for me to watch out for.

The OTMoveIt3 log, new reg key printout, OTViewIt outputs follow:

***OTmoveIt3 log follows

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\printpnp\\ deleted successfully.
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01052009_151106


***reg key HKLM\...\Notify follows

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
"Asynchronous"=dword:00000001
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
00,69,00,6d,00,73,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,00,00,00
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PRISMAPI.DLL]
"Asynchronous"=dword:00000001
"DllName"="PRISMAPI.DLL"
"Impersonate"=dword:00000000
"Logoff"="NPLogoffEvent"
"Shutdown"="NPShutdownEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
"EulaAccepted"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,3f,b1,de,dd,13,ce,41,44,91,1d,86,88,6b,15,57,f7,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,e8,c1,9e,67,7e,e2,68,9a,\
0b,63,ec,07,9d,df,09,88,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,22,\
46,69,b4,ca,98,ab,68,53,82,58,44,4d,da,7d,de,b0,01,00,00,9d,08,a9,1b,d3,5c,\
de,22,8e,7f,f1,8a,a0,6d,3f,dc,bd,f2,4d,c2,07,66,5d,10,ca,b3,61,42,c1,b7,ab,\
5e,e2,5e,54,7b,da,be,42,14,66,e4,28,a0,9a,6f,7e,d0,b1,aa,c8,3c,a9,35,2d,62,\
df,d7,54,d3,77,44,c8,5d,54,2b,91,1c,64,f6,9a,18,5b,4a,9e,30,37,73,9e,7b,6b,\
38,63,9b,2d,a9,b3,f2,a4,03,94,48,3b,db,89,2c,77,3d,6c,37,c7,49,f4,4e,7e,e9,\
d2,4c,75,01,44,f4,26,08,f9,24,20,b8,3d,1f,b7,e6,59,b6,18,62,2a,a6,17,34,ce,\
fa,da,e7,f3,7a,ee,2b,14,06,77,4e,98,fa,0e,b6,77,1a,dc,c3,5a,94,81,e0,c0,b0,\
9a,7e,b1,00,89,eb,41,75,32,12,c3,6e,ac,04,d1,86,56,c6,e0,d3,dc,65,77,e0,d1,\
9f,4b,c5,a0,b4,81,46,15,53,c6,e4,67,91,94,c3,f5,b4,7f,8b,67,76,3a,b6,09,80,\
33,cf,1d,1e,d4,71,2c,a3,54,7e,c5,91,a3,65,67,b8,92,8c,9b,6a,3f,3f,64,e6,a2,\
4f,3f,0e,b2,c9,dd,e6,dc,5d,81,5f,72,2f,22,e7,f2,ff,48,5f,4c,f9,95,93,df,15,\
c4,e6,aa,b9,aa,0e,ce,70,1d,13,20,bb,de,a6,6c,9d,a6,86,f2,b4,13,22,cb,c4,f6,\
61,da,09,26,d6,f9,97,c8,ee,a1,e0,b3,8e,f1,c0,b6,3a,ea,f9,31,88,29,b3,f4,f3,\
f9,ba,f0,4c,9c,73,2d,19,ea,cb,80,3d,a6,bd,05,e0,00,2f,15,d3,25,25,22,f5,90,\
57,99,fd,f4,fd,e2,d5,ff,ca,72,7f,50,9e,aa,36,fa,76,38,65,87,11,20,bd,37,4b,\
1b,51,68,af,d9,7d,18,c6,41,9e,26,2e,3c,c1,8f,32,86,3d,e0,9b,41,ff,89,1d,e9,\
c3,fd,32,1f,2a,d9,88,30,e2,52,58,3b,92,21,c7,1c,77,58,d5,43,70,ca,44,83,fc,\
52,6d,43,e2,3f,7b,ee,b6,99,c0,e3,80,ec,f3,57,33,88,c4,76,e1,8e,ac,44,ee,89,\
8f,14,00,00,00,d0,54,81,a6,84,9d,f2,2f,80,7e,26,8c,8b,f1,3c,bd,b5,c3,1b,65

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


***OTViewIt log follows

OTViewIt logfile created on: 05/01/2009 15:52:11 - Run 5
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\John Newell.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.36 Mb Total Physical Memory | 294.85 Mb Available Physical Memory | 57.66% Memory free
1.22 Gb Paging File | 0.96 Gb Available in Paging File | 78.49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 2.63 Gb Free Space | 13.46% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 7.42 Gb Total Space | 7.35 Gb Free Space | 99.07% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: John Newell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2008/11/26 17:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/11/26 17:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2002/05/13 09:12:46 | 00,245,760 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\System32\00THotkey.exe
[2002/03/19 20:38:26 | 00,217,088 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE
[2002/04/25 10:09:18 | 00,147,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
[2002/01/22 18:20:50 | 00,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
[2001/08/03 18:08:28 | 00,073,728 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\system32\TFNF5.exe
[2002/07/16 01:41:56 | 00,126,976 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
[2002/08/09 12:06:52 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
[2008/11/26 17:18:52 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[2007/11/30 14:48:52 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2006/07/20 06:55:42 | 01,617,920 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
[2006/11/14 14:01:22 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe
[2002/03/28 08:53:58 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
[2008/12/20 17:13:52 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/05/06 09:42:14 | 00,202,088 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
[2008/12/20 17:13:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2000/01/24 18:54:36 | 00,029,696 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\Exif Launcher\QuickDCF.exe
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
[2008/04/14 00:12:34 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[1999/09/05 06:23:00 | 00,053,317 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
[2006/02/17 11:30:22 | 00,147,456 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
[2003/10/17 16:02:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2001/07/13 20:44:24 | 00,032,768 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
[2008/11/26 17:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/11/26 17:16:24 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/12/23 16:17:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/26 17:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/11/26 17:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/11/26 17:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/11/26 17:16:24 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/12/20 17:13:52 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
[2005/04/15 21:15:30 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/10/17 16:02:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/11/26 17:15:36 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
[2008/01/01 15:50:10 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
[2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\Afc.sys -- (Afc [On_Demand | Running])
[2002/05/17 05:56:02 | 00,063,501 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2008/11/26 17:17:26 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/11/26 17:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/11/26 17:16:30 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/11/26 17:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/11/26 17:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2006/05/08 08:56:50 | 00,018,944 | ---- | M] (WideView Technology Inc.) -- C:\WINDOWS\System32\Drivers\BDA_Loader_225.sys -- (BDA_Loader_225 [On_Demand | Stopped])
[2001/11/16 15:07:30 | 00,119,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/12/23 16:27:52 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [System | Running])
[2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Stopped])
[2008/01/26 18:17:52 | 00,026,112 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Running])
[2003/10/17 16:02:00 | 01,371,740 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
[2008/04/13 18:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
[2001/08/18 14:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2001/08/18 14:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2002/01/07 19:16:40 | 00,015,111 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\tossdpci.sys -- (pciSd [On_Demand | Stopped])
[2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Running])
[2001/08/18 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/08/26 23:39:08 | 00,352,768 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Stopped])
[2007/11/13 10:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/09/11 12:54:32 | 00,038,425 | ---- | M] (SMC) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Running])
[2005/06/18 02:48:46 | 00,019,968 | ---- | M] (WikiTek Inc.) -- C:\WINDOWS\system32\DRIVERS\ss.sys -- (StreamSurge [On_Demand | Running])
[2001/09/26 19:34:32 | 00,799,816 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\LTSM.sys -- (TOSHIBASoftModem [On_Demand | Running])
[2002/04/04 19:12:48 | 00,023,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tsdhd.sys -- (tsdhd [On_Demand | Running])
[2001/08/17 14:23:58 | 00,005,264 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS -- (TVALD [Boot | Running])
[2001/09/13 19:53:02 | 00,005,936 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS -- (TVALG [Boot | Running])
[2006/05/18 22:31:32 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2001/08/17 13:49:04 | 00,024,576 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viairda.sys -- (VIAIRDA [On_Demand | Stopped])
[2003/01/10 21:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2002/07/24 16:42:34 | 00,202,880 | ---- | M] (YAMAHA CORPORATION) -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97 [On_Demand | Running])
[2006/10/12 15:00:22 | 00,019,072 | ---- | M] (ZDC., Inc. (ZDC)) -- C:\WINDOWS\system32\ZDCNDIS5.sys -- (ZDCNDIS5 [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://search.aol.co.uk/web?isinit=true&query=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://search.aol.co.uk/web?isinit=true&query=%s

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"000StTHK"=000StTHK.exe ()
"00THotkey"=C:\WINDOWS\System32\00THotkey.exe (TOSHIBA Corp.)
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"F5D9010"=C:\Program Files\Belkin\F5D9010\Belkinwcui.exe (Belkin)
"HostManager"=C:\Program Files\Common Files\AOL\1201812326\ee\AOLSoftware.exe (America Online, Inc.)
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"LXCFCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 ()
"MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet /nodetect /keeploaded (NVIDIA Corporation)
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TFncKy"=TFncKy.exe /Type 20 File not found
"TFNF5"=TFNF5.exe (Toshiba Corp.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" (TOSHIBA CORPORATION)
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
"Tpwrtray"=TPWRTRAY.EXE (TOSHIBA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook (NVIDIA Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook (NVIDIA Corporation)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

========== (O4) Startup Folders ==========

[2000/01/24 18:54:36 | 00,029,696 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
[1999/09/05 06:23:00 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
[2005/04/27 19:35:34 | 00,029,184 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\WINDOWS\Installer\{F128BA10-362E-11D3-81AB-00C04FB932BA}\4EBD23F5.exe
[2006/02/17 11:30:22 | 00,147,456 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe
[2005/10/20 12:04:08 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html [2007/12/20 18:34:46 | 00,000,824 | ---- | M] ()

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\Software\Microsoft\Internet Explorer\MenuExt\]
&AOL Toolbar Search: c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html [2007/12/20 18:34:46 | 00,000,824 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [2008/12/20 17:13:52 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
{3369AF0D-62E9-4bda-8103-B4C75499B578}: Button: AOL Toolbar -- %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> [2007/12/20 18:42:32 | 01,086,816 | ---- | M] (AOL LLC)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [2001/08/01 17:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-608057341-2136417557-3852222622-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{54BE6B6F-3056-470B-97E1-BB92E051B6C4}: http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab -- DeviceEnum Class
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/microsoftupdat...b?1142551070011 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1226711658519 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab -- Reg Error: Value does not exist or could not be read.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{E8F628B5-259A-4734-97EE-BA914D7BE941}: http://driveragent.com/files/driveragent.cab -- Driver Agent ActiveX Control
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{55DCA314-D665-409C-A3CE-7DC93E2230A1} (Servers: | Description: Intel® PRO/100 VE Network Connection)
{8CF3B6F8-45F4-4ACD-AF1B-161213A012FD} (Servers: | Description: Belkin Wireless G Plus MIMO Notebook Card)
{95880288-7037-4723-9CEA-7DB0C62E850C} (Servers: | Description: 1394 Net Adapter)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=WIKI.DLL
>File not found --

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
PRISMAPI.DLL: "DllName" = PRISMAPI.DLL -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 60 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/31 15:51:01 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/31 15:40:32 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTMoveIt3.exe
[2008/12/31 15:35:53 | 00,488,510 | ---- | C] (Marckie ) -- C:\HaxFix.exe
[2008/12/31 15:35:53 | 00,000,000 | ---D | C] -- C:\HaxFix
[2008/12/31 15:34:45 | 00,488,510 | ---- | C] (Marckie ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\haxfix.exe
[2008/12/31 15:32:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/31 15:31:10 | 00,000,711 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/12/31 15:30:53 | 00,000,555 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\NTREGOPT.lnk
[2008/12/31 15:30:53 | 00,000,536 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\ERUNT.lnk
[2008/12/31 15:30:51 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/12/31 15:28:41 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\erunt-setup.exe
[2008/12/26 19:33:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Deliveries
[2008/12/23 16:27:51 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/23 16:27:51 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/12/23 16:27:51 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/23 16:27:50 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/12/23 16:27:50 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/12/23 16:24:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\gmer
[2008/12/23 16:23:46 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\gmer.zip
[2008/12/23 16:17:13 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe
[2008/12/20 20:17:16 | 00,003,186 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\JNewell.zip
[2008/12/08 17:54:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Tools
[2008/12/01 12:52:48 | 00,000,368 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RunThis.bat.lnk
[2008/12/01 12:09:03 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/12/01 12:09:01 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/01 12:07:49 | 00,000,486 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RSIT.exe.lnk
[2008/11/30 18:11:17 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2008/11/30 14:39:54 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/30 14:38:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/30 14:37:59 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/11/30 14:14:25 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/30 14:12:14 | 00,000,491 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to SDFix.exe.lnk
[2008/11/27 10:41:34 | 00,000,000 | ---D | C] -- C:\PERSONAL
[2008/11/25 17:46:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John Newell.LAPTOP\Application Data\ErrorFix
[2008/11/25 17:46:46 | 00,002,201 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2008/11/25 17:46:38 | 00,000,000 | ---D | C] -- C:\Program Files\ErrorFix
[2008/11/23 18:26:53 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Default.rdp
[2008/11/22 21:17:53 | 00,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/22 21:17:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/11/21 23:40:21 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100197.doc
[2008/11/20 22:24:29 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\GPL Stations.doc
[2008/11/19 00:12:06 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Renters.doc
[2008/11/18 22:41:12 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 081006.doc
[2008/11/13 20:54:22 | 00,061,952 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070606.doc
[2008/11/13 20:35:42 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060606.doc
[2008/11/13 20:14:20 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 010206.doc
[2008/11/13 17:44:08 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 110106.doc
[2008/11/13 15:57:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/11/13 01:02:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/11/13 01:02:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/11/13 01:02:46 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2008/11/13 01:02:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/11/13 01:02:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/11/12 21:44:51 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100106.doc
[2008/11/12 21:22:40 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 061005.doc
[2008/11/12 15:21:24 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/09 19:16:28 | 00,057,344 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080605.doc
[2008/11/09 18:44:16 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070605.doc
[2008/11/08 23:14:42 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 160305.doc
[2008/11/07 22:35:32 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070105.doc
[2008/11/07 22:02:56 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060105.doc
[2008/11/07 21:37:47 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 101104.doc

========== Files - Modified Within 60 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/01/05 15:06:58 | 00,529,640 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/05 15:06:58 | 00,446,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/05 15:06:58 | 00,073,816 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/05 15:03:22 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/05 15:02:52 | 00,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2009/01/05 15:02:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/05 15:02:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/03 19:29:04 | 00,000,300 | ---- | M] () -- C:\WINDOWS\tasks\System Restore.job
[2009/01/03 18:52:42 | 00,076,520 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/03 18:47:40 | 00,000,702 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/03 18:01:26 | 00,001,655 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Command Prompt (2).lnk
[2009/01/03 14:43:30 | 00,066,048 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\RECIPES.doc
[2008/12/31 15:40:36 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTMoveIt3.exe
[2008/12/31 15:34:46 | 00,488,510 | ---- | M] (Marckie ) -- C:\HaxFix.exe
[2008/12/31 15:34:46 | 00,488,510 | ---- | M] (Marckie ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\haxfix.exe
[2008/12/31 15:31:12 | 00,000,711 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2008/12/31 15:30:54 | 00,000,555 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\NTREGOPT.lnk
[2008/12/31 15:30:54 | 00,000,536 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\ERUNT.lnk
[2008/12/31 15:28:42 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\erunt-setup.exe
[2008/12/31 15:19:36 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/23 16:35:46 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/12/23 16:27:52 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/12/23 16:27:52 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/12/23 16:27:52 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/12/23 16:23:48 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\gmer.zip
[2008/12/23 16:17:14 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\OTViewIt.exe
[2008/12/20 20:21:48 | 00,003,186 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\JNewell.zip
[2008/12/20 17:27:16 | 00,005,358 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\simon1.wks
[2008/12/20 14:11:18 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 23:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/01 12:52:50 | 00,000,368 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RunThis.bat.lnk
[2008/12/01 12:07:50 | 00,000,486 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to RSIT.exe.lnk
[2008/12/01 12:00:10 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\ErrorFix Scan.job
[2008/11/30 18:11:14 | 00,002,201 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ErrorFix.lnk
[2008/11/30 14:39:56 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/30 14:12:16 | 00,000,491 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\Desktop\Shortcut to SDFix.exe.lnk
[2008/11/26 21:51:34 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070104.doc
[2008/11/26 21:23:12 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 230802.doc
[2008/11/26 17:21:30 | 01,236,208 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2008/11/26 17:18:26 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2008/11/26 17:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2008/11/26 17:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2008/11/26 17:17:26 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2008/11/26 17:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2008/11/26 17:16:30 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2008/11/26 17:15:36 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2008/11/26 17:15:10 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AVASTSS.scr
[2008/11/23 18:26:54 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Default.rdp
[2008/11/22 22:32:32 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100197.doc
[2008/11/22 21:17:54 | 00,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[2008/11/21 23:34:46 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\GPL Stations.doc
[2008/11/20 22:00:16 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\General Notes Paz.doc
[2008/11/20 18:54:08 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Renters.doc
[2008/11/20 00:15:52 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes.doc
[2008/11/18 22:58:28 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 081006.doc
[2008/11/17 23:49:38 | 00,061,952 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070606.doc
[2008/11/15 16:57:12 | 00,428,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/13 21:13:20 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060606.doc
[2008/11/13 20:34:30 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 010206.doc
[2008/11/13 20:12:32 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 110106.doc
[2008/11/13 00:53:28 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/11/12 22:00:44 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 100106.doc
[2008/11/12 21:43:36 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 061005.doc
[2008/11/12 21:21:32 | 00,057,344 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 080605.doc
[2008/11/09 19:15:12 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 070605.doc
[2008/11/08 23:17:06 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 160305.doc
[2008/11/08 23:08:00 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 070105.doc
[2008/11/07 22:34:40 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 060105.doc
[2008/11/07 22:01:50 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Travel Notes 101104.doc
[2008/11/07 21:36:22 | 00,071,680 | ---- | M] () -- C:\Documents and Settings\John Newell.LAPTOP\My Documents\Diary 090604.doc
< End of report >

***EXTRAS for OTViewIt log follows

OTViewIt Extras logfile created on: 05/01/2009 15:52:11 - Run 5
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\John Newell.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.36 Mb Total Physical Memory | 294.85 Mb Available Physical Memory | 57.66% Memory free
1.22 Gb Paging File | 0.96 Gb Available in Paging File | 78.49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 2.63 Gb Free Space | 13.46% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 7.42 Gb Total Space | 7.35 Gb Free Space | 99.07% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: John Newell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE:*:Enabled:explorer
[2008/04/14 00:12:40 | 00,507,904 | ---- | M] (Microsoft Corporation) -- \??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:explorer
[2005/04/15 21:15:30 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\lxcfcoms.exe:*:Enabled:730 Series
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2007/11/30 14:48:56 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008/12/06 21:02:20 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/12/07 15:30:38 | 00,071,008 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler
[2006/10/23 12:50:36 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Services
[2006/11/10 12:11:58 | 00,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL
[2006/10/13 23:18:26 | 00,063,120 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
[2006/11/03 07:17:28 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2006/11/09 11:03:40 | 00,161,328 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information
[2006/11/14 14:01:22 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1201812326\EE\aolsoftware.exe:*:Enabled:AOL Shared Components
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}"=Microsoft Word 2000
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}"=HP Driver Diagnostics
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}"=TOSHIBA Manuals
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{25DB99F1-4681-4391-931F-6F144E8B5F18}"=TOSHIBA Manuals
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{364F2A4B-C161-4E2C-8627-1440BC2E8030}"=Network Device Switch 3
"{3663DDE0-D8AE-11D3-9850-00C04F7AC096}"=YAMAHA AC-XG WDM
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}"=TOSHIBA Console
"{56364334-9530-11D2-BFFC-00C04FA329AA}"=Microsoft Works 2000
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PartitionMagic
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}"=Wireless Hotkey
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{98E8A2EF-4EAE-43B8-A172-74842B764777}"=InterVideo WinDVD 4
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{A43D5F06-45CC-4040-B85E-AB993D13D73D}"=Belkin Wireless G Plus MIMO Notebook Card
"{A586D09E-1D2C-11D3-9A6B-00105A98B681}"=Microsoft Picture It! Express 2000
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}"=TOSHIBA Controls
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B838AD63-FD0C-482C-B124-7116748BAC45}"=BootMagic
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{C5DD42DC-5402-11D3-8072-00C04FA329AA}"=Word in Works Suite add-in
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{F128BA10-362E-11D3-81AB-00C04FB932BA}"=Microsoft Home Publishing 2000
"{F27EFBE2-7B33-4084-8328-00FE19AC4901}"=ArcSoft TotalMedia
"{F632E23B-7E1B-42C9-9262-FC5D3CA4D4D0}"=ErrorFix
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AOL Toolbar"=AOL Toolbar 5.0
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"avast!"=avast! Antivirus
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"DP Editor 1.0"=DP Editor Ver.1.0
"ERUNT_is1"=ERUNT 1.1j
"Exif Launcher 1.0"=Exif Launcher Ver.1.0
"Exif Viewer 1.0"=Exif Viewer Ver.1.1
"ExpressRip"=Express Rip
"Golden"=Golden Records
"HijackThis"=HijackThis 2.0.2
"hp deskjet 3820 series_Driver"=hp deskjet 3820 series
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}"=PowerQuest PartitionMagic 8.0
"InstallShield_{B838AD63-FD0C-482C-B124-7116748BAC45}"=PowerQuest BootMagic 8.0
"Lexmark 730 Series"=Lexmark 730 Series
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft ARX EUR 2000"=Microsoft AutoRoute Express Europe 2000
"Microsoft NetShow Tools 2.0"=Windows Media Tools 4.1
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA"=NVIDIA Windows 2000/XP Display Drivers
"Prism"=Prism Video Converter
"PROSet"=Intel® PRO Ethernet Adapter and Software
"QuickTime"=QuickTime
"RealPlayer 6.0"=RealPlayer
"Registry Mechanic_is1"=Registry Mechanic 7.0
"SoundTap"=SoundTap
"Switch"=Switch
"TFNF5"=Toshiba Hotkey Utility for Display Devices
"TomTom HOME"=TomTom HOME
"ToolBox"=NCH Toolbox
"Toshiba Power Saver"=TOSHIBA Power Saver
"Toshiba screensaver"=Toshiba screensaver
"TOSHIBA Software Modem"=TOSHIBA Software Modem
"TOSHIBA Utilities"=TOSHIBA Utilities
"TouchED"=TOSHIBA TouchPad On/Off Utility V2.04.00
"WavePad"=WavePad Uninstall
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Works2kSetup"=Microsoft Works 2000 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 30/11/2008 11:11:35 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:35 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 30/11/2008 11:11:36 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:04 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:06 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:07 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:07 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:08 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:09 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

Error - 23/12/2008 13:24:09 | Computer Name = LAPTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000007B.

[ Application Events ]
Error - 08/04/2008 20:35:46 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware2007.exe, version 7.0.2.7, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/04/2008 20:35:56 | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 708678575.

Error - 27/04/2008 15:55:58 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft .NET Framework 2.0 Service Pack 1 -- Error 1705.A
previous installation for this product is in progress. You must undo the changes
made by that installation to continue. Do you want to undo those changes?

Error - 11/05/2008 16:49:36 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16640, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/05/2008 16:49:43 | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 686628912.

Error - 07/06/2008 14:48:27 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16640, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/06/2008 16:33:59 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

Error - 14/06/2008 16:34:18 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

Error - 14/06/2008 16:34:29 | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Word 2000 -- Error 1706. No valid source could
be found for product Microsoft Word 2000. The Windows installer cannot continue.

Error - 28/08/2008 05:07:01 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 9.0.0.2717, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

[ System Events ]
Error - 03/01/2009 14:45:53 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 03/01/2009 14:45:53 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 03/01/2009 14:45:53 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 03/01/2009 18:35:48 | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 03/01/2009 18:35:48 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 03/01/2009 18:35:48 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 03/01/2009 18:36:14 | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 03/01/2009 18:36:14 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 03/01/2009 18:36:14 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 05/01/2009 11:02:42 | Computer Name = LAPTOP | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.


< End of report >







***END of LOGS

Once again thanks for your help. Best regards... jnewell (John)
***END OF POSTING***

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 PM

Posted 05 January 2009 - 05:36 PM

Hello.

Great then, everything looks fine now. :)

Any Problems still?

Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :)

Uninstall GMER
We will now remove GMER.
  • Go to Start ---> Run ----> In the Open Field type in: C:\WINDOWS\gmer_uninstall.cmd
  • Now Click Ok
  • This shall uninstall GMER and everything related to it.
Cleanup! with OTMoveIt3
Let's remove all the other tools we've used so far.
  • Double click the OTMoveIt3.exe to run it.
  • Click Posted Image. If you recieve a warning from your security program, select allow to download the packet.
  • A pop-up box will appear saying "Cleanup list download succesfully Begin Removal Process?". Click Yes.
  • If required for a reboot click Yes
Create a New System Restore Point<- Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.


Congratulations! You now appear clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Install a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Update your Firewall Program - It is imperitive that you update your Firewall at least once a week (Even more if you wish). If you do not update your firewall then it will not be able to catch any of the new variants that may come out.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smrgsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. <--- Very Important

Follow this list and your potential for being infected again will reduce dramatically.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbsup:


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users