Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Vundo.H


  • This topic is locked This topic is locked
26 replies to this topic

#1 kanesw

kanesw

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 19 December 2008 - 06:07 PM

I thought i had got rid of Trojan.Vundo.H and Prunnet.exe, as neither appear with SUPERantispyware and Malwarebytes. However i just got blue screen and pop ups. :thumbsup::( This is really stressing me out as i have work to do.

Please help and i hope my log is appropriate.

Thank you in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:34, on 20/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\V0250Mon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Kane1\Application Data\gadcom\gadcom.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\philips\Philips SNU6500 Wireless USB Adapter Utility\PHUSBMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [cc9a6972] rundll32.exe "C:\WINDOWS\system32\wrhevela.dll",b
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Kane1\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Philips Wireless USB Adapter 11g.lnk = C:\Program Files\philips\Philips SNU6500 Wireless USB Adapter Utility\PHUSBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 7208 bytes


Edited by kanesw, 20 December 2008 - 05:16 AM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 27 December 2008 - 07:01 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log
  • Description of Problems you still have.

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 kanesw

kanesw
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 29 December 2008 - 07:38 AM

Thank you for the reply, since my first post i have done alot of scans etc. It was clean for 5 days or so, and it just came back saying 'Antivirus 2009' DOWNLOAD. Etc. I ran Malwarebytes and Trojan.Vundo.H was again present. So he is my new hijackthis log.

Thank you for your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:31, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\V0250Mon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\philips\Philips SNU6500 Wireless USB Adapter Utility\PHUSBMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Philips Wireless USB Adapter 11g.lnk = C:\Program Files\philips\Philips SNU6500 Wireless USB Adapter Utility\PHUSBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 8333 bytes

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 29 December 2008 - 08:06 PM

Hello.

I do not need to see another Hijackthis log. Please follow the instructions in my previous post.

Post back with the logs and questions I asked you in my previous post when you are ready.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 02 January 2009 - 10:43 AM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed. I know it's the holidays so I will wait a bit longer than usual before closing.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 kanesw

kanesw
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 06 January 2009 - 05:17 PM

OTViewIt logfile created on: 06/01/2009 22:12:31 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Kane1\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.45% Memory free
3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 71.43 Gb Free Space | 23.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KANE
Current User Name: Kane1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/06/08 00:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/09/05 21:26:28 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/06/15 17:48:53 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 20:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/12/03 19:52:34 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
[2008/12/13 02:26:04 | 01,402,568 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
[2006/06/09 01:11:00 | 00,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
[2006/01/03 00:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/06/08 01:00:00 | 00,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0250Mon.exe
[2006/03/20 23:00:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2005/08/05 20:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2008/05/17 20:02:02 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/10/09 15:52:54 | 00,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
[2005/08/05 20:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2007/01/19 19:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2008/02/27 17:56:54 | 01,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
[2008/02/14 22:07:07 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2005/05/17 00:10:40 | 00,450,560 | ---- | M] () -- C:\Program Files\philips\Philips SNU6500 Wireless USB Adapter Utility\PHUSBMonitor.exe
[2006/01/03 00:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/12/03 19:52:32 | 01,265,296 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[2007/01/19 19:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
[2008/12/12 07:40:33 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
[2009/01/06 22:12:17 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kane1\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 02:57:22 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/09/05 21:26:28 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/04/13 10:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/06/08 00:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/06/07 23:27:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/06/15 17:48:53 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/04/13 10:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 20:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
File not found -- -- (Emproxy [Disabled | Stopped])
[2007/11/28 22:09:13 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/11/27 15:50:29 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/09/08 22:02:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Disabled | Stopped])
[2008/11/07 16:40:52 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2008/12/03 19:52:34 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
File not found -- -- (McAfee HackerWatch Service [Disabled | Stopped])
File not found -- -- (mcmispupdmgr [Disabled | Stopped])
File not found -- -- (mcmscsvc [Disabled | Stopped])
File not found -- -- (McNASvc [Disabled | Stopped])
File not found -- -- (McODS [On_Demand | Stopped])
File not found -- -- (mcpromgr [Disabled | Stopped])
[2005/08/05 20:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Disabled | Stopped])
File not found -- -- (McRedirector [Disabled | Stopped])
File not found -- -- (McShield [Unknown | Stopped])
File not found -- -- (McSysmon [On_Demand | Stopped])
File not found -- -- (MpfService [On_Demand | Stopped])
[2008/12/13 02:26:04 | 01,402,568 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe -- (OAcat [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/11/02 17:24:58 | 00,311,112 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\svcntaux.exe -- (sdAuxService [On_Demand | Stopped])
[2007/11/02 17:25:04 | 01,418,056 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\swdsvc.exe -- (sdCoreService [On_Demand | Stopped])
[2008/12/13 02:25:56 | 03,321,032 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor [Auto | Stopped])
[2007/10/22 03:27:51 | 01,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Disabled | Stopped])
[2007/01/19 19:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/19 03:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/06/21 08:50:45 | 00,043,392 | R--- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL [On_Demand | Stopped])
[2006/06/08 00:08:58 | 01,580,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/01/04 13:55:14 | 00,278,728 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2007/01/11 05:39:12 | 00,243,584 | ---- | M] (YewSoft) -- C:\WINDOWS\system32\drivers\CamthWDM.sys -- (CamthWDM [Auto | Running])
[2008/06/15 17:48:53 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2004/12/13 21:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2005/06/21 08:50:45 | 00,285,696 | R--- | M] (Royal Philips Electronics N.V.) -- C:\WINDOWS\system32\drivers\CPWUA6D1.sys -- (CPWUA6D [On_Demand | Running])
[2006/06/05 20:49:08 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/05/03 14:15:33 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/10/18 00:14:00 | 00,041,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [On_Demand | Stopped])
[2007/12/16 11:39:46 | 00,056,832 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (iksysflt [On_Demand | Stopped])
[2007/12/16 11:39:45 | 00,074,240 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [On_Demand | Stopped])
[2008/04/13 18:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/04/28 23:51:02 | 00,110,360 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [System | Running])
[2007/05/18 23:18:42 | 00,185,616 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [On_Demand | Stopped])
[2008/09/26 09:52:00 | 00,035,472 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2008/01/04 13:55:13 | 00,025,416 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2008/09/26 09:53:00 | 00,037,392 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
[2007/10/22 03:18:49 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2006/07/08 22:46:16 | 00,084,744 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Stopped])
[2006/07/14 07:09:34 | 00,033,896 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Stopped])
[2006/07/14 07:09:48 | 00,161,768 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Stopped])
[2006/07/14 07:09:54 | 00,031,560 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2006/07/14 07:10:00 | 00,037,800 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
[2008/12/13 02:26:30 | 00,178,376 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice [System | Running])
[2008/12/13 02:26:30 | 00,030,920 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon [System | Running])
[2008/12/13 02:26:30 | 00,028,872 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet [System | Running])
[2008/01/11 22:32:19 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
[2004/08/10 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/09/28 16:07:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/12/04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/12/04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/12/04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2008/11/02 08:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2008/04/13 16:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/02/19 01:30:52 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2005/08/30 17:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
[2005/08/30 17:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
[2005/08/30 17:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
[2006/07/24 16:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
[2006/03/20 23:06:04 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2007/09/06 20:28:16 | 00,030,336 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/06/27 11:25:26 | 00,185,504 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\V0250Dev.sys -- (V0250Dev [On_Demand | Running])
[2006/03/24 16:24:32 | 00,006,272 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\drivers\V0250Vfx.sys -- (V0250Vfx [On_Demand | Running])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2004/04/22 00:51:00 | 00,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5 [On_Demand | Running])
[2004/08/10 11:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com/
"Default_Search_URL"=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.yahoo.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.co.uk

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.co.uk

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC}" (HKLM) -- C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" (Tall Emu)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"AVFX Engine"=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u File not found
"V0250Mon.exe"=C:\WINDOWS\V0250Mon.exe (Creative Technology Ltd.)
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2005/05/17 00:10:40 | 00,450,560 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips Wireless USB Adapter 11g.lnk = C:\Program Files\philips\Philips SNU6500 Wireless USB Adapter Utility\PHUSBMonitor.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab -- Minesweeper Flags Class

========== (O17) DNS Name Servers ==========

{2C67D1EF-39BC-4316-B3EB-36B94980F193} (Servers: | Description: )
{8A846D81-2973-42C2-84B3-A6159ECBFB23} (Servers: | Description: Philips SNU6500 Wireless USB Adapter)
{AD35648C-E175-4134-82F8-114309C4E682} (Servers: | Description: Intel® 82562V 10/100 Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
LBTWlgn: "DllName" = c:\program files\common files\logitech\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/10/22 01:25:41 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b6d33a8-9214-11dc-8ce5-0012bf16df3f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b6d33a8-9214-11dc-8ce5-0012bf16df3f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b6d33a8-9214-11dc-8ce5-0012bf16df3f}\Shell\AutoRun\command]
""=I:\laucher.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/01/06 22:11:47 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kane1\Desktop\OTViewIt.exe
[2009/01/06 21:58:20 | 01,247,602 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how it workss.ai
[2009/01/06 21:57:22 | 02,273,519 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\howitworksfinal.ai
[2009/01/06 21:51:23 | 23,978,301 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works.psd
[2009/01/06 20:00:43 | 04,079,748 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Untitled-1.jpg
[2009/01/06 19:30:41 | 00,513,618 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works-final.jpg
[2009/01/06 18:54:44 | 00,309,175 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works-2.jpg
[2009/01/06 16:53:10 | 00,327,015 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works.jpg
[2009/01/06 11:33:05 | 01,625,420 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how it works.ai
[2009/01/05 22:24:44 | 08,257,400 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\01-white_lies-to_lose_my_life_(filthy_dukes_remix).mp3
[2009/01/05 21:47:16 | 09,457,664 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\07 - My Sharona.mp3
[2009/01/05 21:35:00 | 00,000,347 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\The Knack - My Sharona.mp3
[2009/01/05 20:16:28 | 04,609,253 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Twilight Omens - Tonight - Franz Ferdinand.mp3
[2009/01/05 14:47:45 | 03,836,881 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\van.psd
[2009/01/05 12:28:25 | 00,049,128 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\n895720346_5459989_760.jpg
[2009/01/04 18:33:56 | 02,547,506 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\GoAudio - Why Piano version.mp3
[2009/01/04 12:41:40 | 00,001,396 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Veoh.com.lnk
[2009/01/04 12:41:37 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2009/01/04 12:40:55 | 09,708,400 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\VeohWebPlayerSetup_eng.exe
[2009/01/03 15:31:02 | 00,025,311 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\54ezav.jpg
[2009/01/03 00:48:57 | 00,022,316 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\3f0ca8.gif
[2009/01/02 19:02:25 | 00,002,269 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\imag es.jpg
[2009/01/01 20:55:16 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2008/12/30 19:55:57 | 00,002,450 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\jazz.gif
[2008/12/30 19:55:24 | 00,004,927 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\jazzz.png
[2008/12/30 15:21:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Local Settings\Application Data\Yahoo
[2008/12/30 15:17:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/12/30 11:11:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Desktop\91.121.188.187
[2008/12/29 20:52:18 | 00,002,555 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\webb2.gif
[2008/12/29 20:52:00 | 00,004,815 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-6.png
[2008/12/29 20:47:28 | 00,002,647 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\webbbb.gif
[2008/12/29 20:43:11 | 00,002,788 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\webb.gif
[2008/12/29 20:42:55 | 00,005,932 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-5.png
[2008/12/29 20:34:08 | 00,002,614 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\41bde0.gif
[2008/12/29 20:33:50 | 00,004,786 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-4.png
[2008/12/29 20:27:09 | 00,002,794 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\e66314.gif
[2008/12/29 20:26:22 | 00,005,478 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-3.png
[2008/12/29 12:42:02 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\SpywareBlaster.lnk
[2008/12/29 12:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/12/29 12:33:23 | 02,869,536 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Kane1\Desktop\spywareblastersetup41.exe
[2008/12/29 12:32:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Application Data\OnlineArmor
[2008/12/29 12:32:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2008/12/29 12:32:06 | 00,178,376 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2008/12/29 12:32:06 | 00,030,920 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2008/12/29 12:32:06 | 00,028,872 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2008/12/29 12:32:04 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2008/12/29 12:29:11 | 13,229,544 | ---- | C] (Tall Emu Pty Ltd ) -- C:\Documents and Settings\Kane1\Desktop\OA190Free.exe
[2008/12/29 12:27:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Application Data\WinPatrol
[2008/12/29 12:27:01 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2008/12/29 12:26:50 | 00,726,384 | ---- | C] (BillP Studios) -- C:\Documents and Settings\Kane1\Desktop\wpsetup.exe
[2008/12/28 19:36:48 | 00,003,097 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\20215d.gif
[2008/12/28 19:36:16 | 00,002,729 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\5b2d62.gif
[2008/12/28 19:36:04 | 00,005,027 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-2.png
[2008/12/28 14:54:33 | 83,066,121 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\036 Russell Brand - 07 January 2007 FULL.mp3
[2008/12/27 23:03:15 | 00,042,048 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\n581000914_2293682_8289.jpg
[2008/12/27 00:32:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Desktop\gamma.videofriender.com
[2008/12/24 23:51:35 | 00,002,389 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\fd3e92.gif
[2008/12/24 23:51:24 | 00,002,353 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\monies.gif
[2008/12/24 23:50:39 | 00,001,840 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\2ef0cf.gif
[2008/12/24 23:50:22 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\msmile.gif
[2008/12/24 23:42:10 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part1.rar
[2008/12/24 22:27:10 | 77,428,465 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part5(2).rar
[2008/12/24 22:07:30 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part4.rar
[2008/12/24 21:59:48 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part3.rar
[2008/12/24 21:48:00 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part2.rar
[2008/12/24 21:35:47 | 77,428,465 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part5.rar
[2008/12/23 22:57:47 | 00,011,667 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\hat.png
[2008/12/23 20:00:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/12/23 14:51:42 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/12/23 14:51:42 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/12/23 14:51:42 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/12/23 14:51:42 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/12/23 14:51:42 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/12/23 14:51:41 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/12/23 14:51:41 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/12/23 14:51:41 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/12/23 14:51:40 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/12/23 10:45:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Desktop\Temporary Downloaded Files
[2008/12/23 09:45:10 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[2008/12/23 09:42:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/22 23:37:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Desktop\To_Riches(full_album_unreleased_demo)
[2008/12/22 23:23:35 | 08,164,612 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\1-02 You Still Love Him.mp3
[2008/12/22 23:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/12/22 23:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/22 23:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/12/22 23:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/12/22 23:00:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/12/22 22:54:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/12/22 21:04:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/22 21:04:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/12/22 21:03:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/22 21:02:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/22 21:02:37 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/22 21:02:13 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/12/22 21:01:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/12/21 18:13:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/12/21 18:09:11 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/12/21 18:09:02 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/12/20 23:52:37 | 01,822,979 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\MagicBullets.pdf
[2008/12/20 14:27:53 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/12/20 14:27:52 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/12/20 14:27:51 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/12/20 14:27:51 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/12/20 14:27:51 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/12/20 14:27:50 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/12/20 14:27:49 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/12/20 14:27:49 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/12/20 14:27:49 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/12/20 14:27:48 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/12/20 14:27:48 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/12/20 14:27:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/12/20 14:27:46 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/12/20 14:27:43 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/12/20 14:27:41 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/12/20 14:27:41 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/12/20 14:27:39 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/12/20 14:27:39 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/12/20 14:27:39 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/12/20 14:27:39 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/12/20 14:27:39 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/12/20 14:27:38 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/12/20 14:27:38 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/12/20 14:27:38 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/12/20 14:27:38 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/12/20 14:27:37 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/12/20 14:27:34 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/12/20 14:27:33 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/12/20 14:27:33 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/12/20 14:27:33 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/12/20 14:27:32 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/12/20 14:27:32 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/12/20 14:27:32 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/12/20 14:27:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/12/20 14:27:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/12/20 14:27:32 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/12/20 14:27:25 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/12/20 14:27:25 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/12/20 14:27:25 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/12/20 14:27:25 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/12/20 14:27:18 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/12/20 14:27:18 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/12/20 14:27:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/12/20 14:27:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/12/20 14:27:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/12/20 14:27:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/12/20 14:27:13 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/12/20 14:27:12 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/12/20 14:27:12 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/12/20 14:27:10 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/12/20 14:27:08 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/12/20 14:27:08 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/12/20 14:27:06 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/12/20 14:27:05 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/12/20 14:27:05 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/12/20 14:27:05 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/12/20 14:27:05 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/12/20 14:27:05 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/12/20 14:27:05 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/12/20 14:27:05 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/12/20 14:27:05 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/12/20 14:27:04 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/12/20 14:27:04 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/12/20 14:27:04 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/12/20 14:27:04 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/12/20 14:27:04 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/12/20 14:27:04 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/12/20 14:27:04 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/12/20 14:27:03 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/12/20 14:27:03 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/12/20 14:27:02 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/12/20 14:27:01 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/12/20 14:27:01 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/12/20 14:26:57 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/12/20 14:26:57 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/12/20 14:26:57 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/12/20 14:26:57 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/12/20 14:26:57 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/12/20 14:26:56 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/12/20 14:26:53 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/12/20 14:26:53 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/12/20 14:26:53 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/12/20 14:26:53 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/12/20 13:44:44 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/12/20 13:43:33 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/12/20 13:40:50 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/12/20 13:40:43 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/12/20 13:40:41 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/12/20 13:40:39 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/12/20 13:40:38 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/12/20 13:36:20 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/12/20 13:36:16 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/12/20 13:36:04 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/12/20 13:33:55 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/12/20 09:56:51 | 00,041,472 | ---- | C] () -- C:\WINDOWS\System32\mhiohoqv.dll
[2008/12/19 23:50:48 | 00,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2008/12/19 23:27:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2008/12/19 20:05:11 | 00,839,514 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\cc_20081219_200508.reg
[2008/12/19 19:57:42 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/19 19:05:41 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/12/18 23:23:26 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/18 23:23:23 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/18 23:23:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/18 22:41:47 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/12/18 22:35:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2008/12/18 21:59:24 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/12/17 21:08:37 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2008/12/16 00:33:24 | 06,586,517 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\The_Fear.mp3
[2008/12/15 00:04:01 | 00,448,633 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\main3.jpg
[2008/12/14 23:29:46 | 00,447,925 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\main2.jpg
[2008/12/14 22:24:38 | 00,486,670 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\queeen.jpg
[2008/12/14 22:23:13 | 00,600,443 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\queeeen.jpg
[2008/12/14 22:20:57 | 00,249,231 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\slide1.jpg
[2008/12/14 21:41:35 | 00,492,647 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\main.jpg
[2008/12/14 20:30:32 | 01,158,167 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\P1060008.psd
[2008/12/14 16:17:39 | 00,374,704 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-2.jpg
[2008/12/14 10:51:19 | 73,244,0576 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\ricky.gervais.out.of.england.the.stand-up.special.hdtv.xvid-sys.avi
[2008/12/13 08:30:35 | 73,461,7600 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\mv..www.iwillsearch4u.com.avi
[2008/12/12 23:27:25 | 05,815,172 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Good-Books-Manifesto.mp3
[2008/12/09 22:48:42 | 04,685,977 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Brett Domino Trio - Christmas (This Year).mp3
[2008/12/09 19:16:17 | 66,106,025 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Little Boots - Magical Tropical Mixtape.mp3
[2008/12/08 19:25:34 | 00,000,264 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\b1fe03.gif
[2008/12/07 22:22:57 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\p s.doc
[2008/12/07 22:22:51 | 00,009,218 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\p s.mht
[2008/12/07 22:22:38 | 00,009,218 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\ps.mht
[2008/12/07 22:19:24 | 03,549,520 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\af.ai
[2008/12/07 22:15:55 | 38,268,750 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\tkambv2.ai

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/01/06 22:12:17 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kane1\Desktop\OTViewIt.exe
[2009/01/06 22:08:10 | 00,000,589 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\My Sharing Folders.lnk
[2009/01/06 22:06:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/06 22:06:28 | 01,463,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/06 22:06:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/06 22:05:41 | 06,114,336 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/01/06 22:05:41 | 00,578,468 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/01/06 22:05:40 | 15,765,3024 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/01/06 22:05:40 | 02,116,676 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/01/06 22:04:26 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wogeguli
[2009/01/06 21:58:20 | 01,247,602 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how it workss.ai
[2009/01/06 21:57:22 | 02,273,519 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\howitworksfinal.ai
[2009/01/06 21:53:24 | 01,625,420 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how it works.ai
[2009/01/06 21:51:27 | 23,978,301 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works.psd
[2009/01/06 20:00:45 | 04,079,748 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Untitled-1.jpg
[2009/01/06 19:30:41 | 00,513,618 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works-final.jpg
[2009/01/06 18:54:44 | 00,309,175 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works-2.jpg
[2009/01/06 16:53:21 | 01,057,280 | -HS- | M] () -- C:\Documents and Settings\Kane1\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Kane1\Desktop\Thumbs.db:encryptable
[2009/01/06 16:53:10 | 00,327,015 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works.jpg
[2009/01/06 14:02:19 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Kane1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/06 14:02:19 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/06 12:11:49 | 00,040,248 | ---- | M] () -- C:\Documents and Settings\Kane1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/06 12:09:30 | 00,353,792 | -HS- | M] () -- C:\Documents and Settings\Kane1\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Kane1\My Documents\Thumbs.db:encryptable
[2009/01/05 22:02:56 | 00,475,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/05 22:02:56 | 00,404,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/05 22:02:56 | 00,063,304 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/05 21:53:08 | 09,457,664 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\07 - My Sharona.mp3
[2009/01/05 21:35:01 | 00,000,347 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\The Knack - My Sharona.mp3
[2009/01/05 20:18:53 | 04,609,253 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Twilight Omens - Tonight - Franz Ferdinand.mp3
[2009/01/05 14:47:45 | 03,836,881 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\van.psd
[2009/01/05 12:28:25 | 00,049,128 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\n895720346_5459989_760.jpg
[2009/01/04 18:35:24 | 02,547,506 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\GoAudio - Why Piano version.mp3
[2009/01/04 12:41:40 | 00,001,396 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Veoh.com.lnk
[2009/01/04 12:41:17 | 09,708,400 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\VeohWebPlayerSetup_eng.exe
[2009/01/03 15:31:02 | 00,025,311 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\54ezav.jpg
[2009/01/03 00:48:57 | 00,022,316 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\3f0ca8.gif
[2009/01/02 19:02:26 | 00,002,269 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\imag es.jpg
[2009/01/01 20:55:16 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2008/12/31 22:44:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/30 19:55:57 | 00,002,450 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\jazz.gif
[2008/12/30 19:55:24 | 00,004,927 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\jazzz.png
[2008/12/29 20:52:19 | 00,002,555 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\webb2.gif
[2008/12/29 20:52:00 | 00,004,815 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-6.png
[2008/12/29 20:47:28 | 00,002,647 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\webbbb.gif
[2008/12/29 20:43:11 | 00,002,788 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\webb.gif
[2008/12/29 20:42:55 | 00,005,932 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-5.png
[2008/12/29 20:34:09 | 00,002,614 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\41bde0.gif
[2008/12/29 20:33:50 | 00,004,786 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-4.png
[2008/12/29 20:27:09 | 00,002,794 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\e66314.gif
[2008/12/29 20:26:22 | 00,005,478 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-3.png
[2008/12/29 12:42:02 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\SpywareBlaster.lnk
[2008/12/29 12:33:51 | 02,869,536 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Kane1\Desktop\spywareblastersetup41.exe
[2008/12/29 12:32:52 | 00,000,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2008/12/29 12:31:12 | 13,229,544 | ---- | M] (Tall Emu Pty Ltd ) -- C:\Documents and Settings\Kane1\Desktop\OA190Free.exe
[2008/12/29 12:26:53 | 00,726,384 | ---- | M] (BillP Studios) -- C:\Documents and Settings\Kane1\Desktop\wpsetup.exe
[2008/12/29 12:18:29 | 02,108,622 | -H-- | M] () -- C:\Documents and Settings\Kane1\Local Settings\Application Data\IconCache.db
[2008/12/28 19:36:48 | 00,003,097 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\20215d.gif
[2008/12/28 19:36:16 | 00,002,729 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\5b2d62.gif
[2008/12/28 19:36:05 | 00,005,027 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-2.png
[2008/12/28 15:05:01 | 83,066,121 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\036 Russell Brand - 07 January 2007 FULL.mp3
[2008/12/27 23:03:15 | 00,042,048 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\n581000914_2293682_8289.jpg
[2008/12/24 23:51:36 | 00,002,389 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\fd3e92.gif
[2008/12/24 23:51:24 | 00,002,353 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\monies.gif
[2008/12/24 23:50:39 | 00,001,840 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\2ef0cf.gif
[2008/12/24 23:50:22 | 00,001,725 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\msmile.gif
[2008/12/24 23:50:05 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part1.rar
[2008/12/24 22:33:07 | 77,428,465 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part5(2).rar
[2008/12/24 22:19:59 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part4.rar
[2008/12/24 22:07:31 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part3.rar
[2008/12/24 21:53:45 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part2.rar
[2008/12/24 21:42:41 | 77,428,465 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part5.rar
[2008/12/23 22:57:47 | 00,011,667 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\hat.png
[2008/12/23 20:01:13 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/23 09:45:10 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[2008/12/23 09:43:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/22 23:25:09 | 08,164,612 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\1-02 You Still Love Him.mp3
[2008/12/22 22:57:45 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/22 22:26:17 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Kane1\My Documents\desktop.ini
[2008/12/22 20:01:28 | 00,000,681 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/20 23:52:37 | 01,822,979 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\MagicBullets.pdf
[2008/12/20 09:56:51 | 00,041,472 | ---- | M] () -- C:\WINDOWS\System32\mhiohoqv.dll
[2008/12/19 20:05:23 | 00,839,514 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\cc_20081219_200508.reg
[2008/12/19 19:39:01 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Kane1\Application Data\inst.exe
[2008/12/19 19:39:01 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Kane1\Application Data\pcouffin.sys
[2008/12/19 19:39:01 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Kane1\Application Data\pcouffin.cat
[2008/12/19 19:39:01 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Kane1\Application Data\pcouffin.inf
[2008/12/16 00:33:52 | 06,586,517 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\The_Fear.mp3
[2008/12/15 00:04:02 | 00,448,633 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\main3.jpg
[2008/12/14 23:29:47 | 00,447,925 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\main2.jpg
[2008/12/14 22:24:40 | 00,486,670 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\queeen.jpg
[2008/12/14 22:23:14 | 00,600,443 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\queeeen.jpg
[2008/12/14 22:20:58 | 00,249,231 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\slide1.jpg
[2008/12/14 21:41:35 | 00,492,647 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\main.jpg
[2008/12/14 20:31:50 | 01,158,167 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\P1060008.psd
[2008/12/14 16:17:39 | 00,374,704 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-2.jpg
[2008/12/13 08:56:20 | 73,461,7600 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\mv..www.iwillsearch4u.com.avi
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/13 02:26:30 | 00,178,376 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2008/12/13 02:26:30 | 00,030,920 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2008/12/13 02:26:30 | 00,028,872 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2008/12/12 23:27:32 | 05,815,172 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Good-Books-Manifesto.mp3
[2008/12/09 22:49:42 | 04,685,977 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Brett Domino Trio - Christmas (This Year).mp3
[2008/12/09 20:21:49 | 66,106,025 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Little Boots - Magical Tropical Mixtape.mp3
[2008/12/08 19:25:34 | 00,000,264 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\b1fe03.gif
[2008/12/08 19:24:37 | 00,000,293 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\kiss.gif
[2008/12/07 22:22:58 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\p s.doc
[2008/12/07 22:22:51 | 00,009,218 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\p s.mht
[2008/12/07 22:22:38 | 00,009,218 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\ps.mht
[2008/12/07 22:19:24 | 03,549,520 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\af.ai
[2008/12/07 22:16:05 | 38,268,750 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\tkambv2.ai
< End of report >


OTViewIt Extras logfile created on: 06/01/2009 22:12:32 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Kane1\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.45% Memory free
3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 71.43 Gb Free Space | 23.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KANE
Current User Name: Kane1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 19:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 23:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
File not found -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/02/18 15:12:01 | 00,219,952 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Documents and Settings\Kane1\Desktop\psng11.0.0.1502\GhostSrv.exe:*:Enabled:GhostCastServer Network Access
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avgemc.exe:*:Enabled:avgemc.exe
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avginet.exe:*:Enabled:avginet.exe
[2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/08 22:02:02 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2004/01/12 10:57:00 | 00,241,664 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament
[2008/12/12 07:40:33 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe:*:Enabled:Firefox
File not found -- C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
File not found -- C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/03 19:52:32 | 01,265,296 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
[2007/01/19 19:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 23:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2008/04/14 00:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui
[2008/11/05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2008/12/16 17:07:18 | 03,528,440 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
[2008/11/10 05:43:37 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary
[2008/05/17 20:02:07 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2DC169BB-FD26-4EB1-AED8-5CDA2D08849F}"=PIF installer
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}"=TestDrive Client
"{37014EAD-89A5-F28B-DDB1-E85D64A255AF}"=Hitman Blood Money
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}"=Logitech Registration
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}"=Microsoft Windows Journal Viewer
"{45235788-142C-44BE-8A4D-DDE9A84492E5}"=AGEIA PhysX v7.09.13
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{4E1365FE-A878-4C3A-B055-220B8688FC09}"=SymCUW
"{4EF35707-7052-4331-B8FD-549DB3922AD7}"=TMPGEnc DVD Author 3 with DivX Authoring
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}"=Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}"=ATI Catalyst Control Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6A5887F9-F17E-4905-B577-7956BF866C88}"=Callipygian2.9
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D316D67-DA52-4659-9C98-F479963534D6}"=Audiosurf
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6EB0AA0F-19B8-4947-B4D8-A92C465E0292}"=LiceneManager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}"=Adobe Color EU Recommended Settings
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9578C0CD-8108-4379-9026-4601F59859A0}"=Google Earth Pro
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{A47B07BD-C187-41F8-8AB8-38E5821BB7BF}"=Gogglebox TV
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1"=RunAlyzer
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B2818E0A-9913-4704-B48B-EB39951B0134}"=Philips Wireless USB Adapter 11g
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BC85DD5F-1E88-4E38-B77F-0371DFD41033}"=Nero 7 Demo
"{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}"=Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}"=Microsoft Games for Windows - LIVE Redistributable
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}"=Microsoft XML Parser
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EA418519-2160-43A0-AABD-6608DDD8D87F}"=iTunes
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F9537757-10D8-451E-B0EB-C31C0A38C1B2}"=CfgWiz
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}"=Dell Resource CD
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}"=Adobe Color NA Extra Settings
"001 File Joiner & Splitter Pro3.0"=001 File Joiner & Splitter Pro
"AC3ACM"=AC-3 ACM Codec
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6"=Adobe Illustrator CS3
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"Advanced Video FX Engine"=Advanced Video FX Engine
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Audacity_is1"=Audacity 1.2.6
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"CCleaner"=CCleaner (remove only)
"Creative Software AutoUpdate"=Creative Software AutoUpdate
"Creative VF0250"=Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
"Destiny Media Player"=Destiny Media Player
"DVD Shrink_is1"=DVD Shrink 3.2
"Easy Avi/Divx/Xvid to DVD Burner_is1"=Easy Avi/Divx/Xvid to DVD Burner 2.4.6
"HijackThis"=HijackThis 2.0.2
"Hypercube Time Stretcher"=Hypercube Time Stretcher v1.0.0.1
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{B2818E0A-9913-4704-B48B-EB39951B0134}"=Philips Wireless USB Adapter 11g
"LameACM"=Lame ACM MP3 Codec
"LastFM_is1"=Last.fm 1.5.1.29527
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.9)"=Mozilla Firefox (2.0.0.9)
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Mozilla Thunderbird (2.0.0.17)"=Mozilla Thunderbird (2.0.0.17)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1"=Online Armor 3.0
"OpenAL"=OpenAL
"PowerISO"=PowerISO
"PROSet"=Intel® PRO Network Connections Drivers
"RealPlayer 6.0"=RealPlayer
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device"=SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver"=Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"Spyware Doctor"=Spyware Doctor 5.1
"SpywareBlaster_is1"=SpywareBlaster 4.1
"TmUnitedForever_is1"=TmUnitedForever
"Tom Clancy's Rainbow Six Vegas 2 Full *RÝP* Team JPN_is1"=Tom Clancy's Rainbow Six Vegas 2
"TV Player"=Veetle TV Player 0.9.11
"Veetle TV Player"=Veetle TV Player 0.9.11
"Veoh Web Player Beta"=Veoh Web Player Beta
"VLC media player"=VideoLAN VLC media player 0.8.6c
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebcamMax"=WebcamMax
"WinAce Archiver"=WinAce Archiver
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPatrol"=WinPatrol 2008
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"Navizon"=Navizon
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"Navizon"=Navizon
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/12/2008 13:43:42 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3257, faulting module
unknown, version 0.0.0.0, fault address 0x010a012a.

Error - 30/12/2008 13:44:32 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module quartz.dll, version 6.5.2600.5596, fault address 0x0003849f.

Error - 03/01/2009 12:03:45 | Computer Name = KANE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 04/01/2009 11:29:48 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3257, faulting module
qcap.dll, version 6.5.2600.5512, fault address 0x00017321.

Error - 04/01/2009 11:30:54 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3257, faulting module
quartz.dll, version 6.5.2600.5596, fault address 0x0003849f.

Error - 06/01/2009 06:24:56 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libvlc.dll,
version 0.0.0.0, fault address 0x000ba556.

Error - 06/01/2009 06:25:00 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 06/01/2009 06:41:08 | Computer Name = KANE | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 0.8.6.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 06/01/2009 08:51:26 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 13.0.128.0, faulting
module illustrator.exe, version 13.0.128.0, fault address 0x001fafaa.

Error - 06/01/2009 18:06:38 | Computer Name = KANE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

[ System Events ]
Error - 30/12/2008 09:54:59 | Computer Name = KANE | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 30/12/2008 11:56:59 | Computer Name = KANE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 30/12/2008 12:46:08 | Computer Name = KANE | Source = Service Control Manager | ID = 7034
Description = The Online Armor Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 31/12/2008 08:36:30 | Computer Name = KANE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 02/01/2009 14:00:16 | Computer Name = KANE | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 03/01/2009 09:24:51 | Computer Name = KANE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 03/01/2009 10:37:17 | Computer Name = KANE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 0012BF16DF3F has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/01/2009 12:03:50 | Computer Name = KANE | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 05/01/2009 05:26:11 | Computer Name = KANE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 0012BF16DF3F has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 06/01/2009 18:06:41 | Computer Name = KANE | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3


< End of report >

#7 kanesw

kanesw
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 06 January 2009 - 05:39 PM

Kaspersky report in process.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 06 January 2009 - 05:45 PM

Thanks for letting me know.

I will be leaving soon, so I will probably analyze the logs and begin with the disinfection process tomorrow.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 kanesw

kanesw
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 07 January 2009 - 02:15 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, January 7, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 07, 2009 01:44:01
Records in database: 1574494
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 148764
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:29:50


File name / Threat name / Threats count
C:\RECYCLER\S-1-5-21-776561741-2000478354-839522115-1003\Dc473\upd105320[1] Infected: Trojan.Win32.Agent.bahn 1

The selected area was scanned.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 07 January 2009 - 04:56 PM

Hello.

What Problems do you have, is the vundo you had before gone? Your log looks okay to me there are some leftover keys we can take out next post though.

Also did you remove McAfee using add/remove?

Let's run MBAM scan because your original problems was related to vundos. I did spot vundo activity in your first post, but not anymore.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with:
-MBAM log
-New OTViewIT logs
-Answers to my question
-Problems you still have


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 kanesw

kanesw
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 07 January 2009 - 05:05 PM

Yeah i removd mcafee with add/remove, i think. It was ages ago though. And i already have malwarebytes

I had Vundo, then Malwarebytes would get rid of it, then it would come back in a few days and then d get rid of it again etc.

But here is my Malwarebytes log.

Malwarebytes' Anti-Malware 1.32
Database version: 1629
Windows 5.1.2600 Service Pack 3

07/01/2009 22:05:14
mbam-log-2009-01-07 (22-05-14).txt

Scan type: Quick Scan
Objects scanned: 47133
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-776561741-2000478354-839522115-1003\Dc473\upd105320[1] (Trojan.Agent) -> Quarantined and deleted successfully.

#12 kanesw

kanesw
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 07 January 2009 - 05:08 PM

OTViewIt logfile created on: 07/01/2009 22:06:42 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Kane1\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.69% Memory free
3.85 Gb Paging File | 3.03 Gb Available in Paging File | 78.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 71.30 Gb Free Space | 23.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KANE
Current User Name: Kane1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/06/08 00:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/09/05 21:26:28 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/06/15 17:48:53 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 20:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/12/03 19:52:34 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
[2008/12/13 02:26:04 | 01,402,568 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
[2006/06/09 01:11:00 | 00,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
[2006/01/03 00:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/06/08 01:00:00 | 00,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0250Mon.exe
[2006/03/20 23:00:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2005/08/05 20:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2008/05/17 20:02:02 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/11/10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2005/08/05 20:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2008/10/09 15:52:54 | 00,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
[2008/02/27 17:56:54 | 01,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
[2008/02/14 22:07:07 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2005/05/17 00:10:40 | 00,450,560 | ---- | M] () -- C:\Program Files\philips\Philips SNU6500 Wireless USB Adapter Utility\PHUSBMonitor.exe
[2006/01/03 00:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/05/23 10:52:44 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
[2007/01/19 19:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
[2008/09/08 22:02:02 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
[2008/09/08 22:02:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/12/12 07:40:33 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
[2007/01/19 19:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2008/02/22 15:52:45 | 02,875,904 | ---- | M] (YewSoft) -- C:\Program Files\WebcamMax\webcammax.exe
[2009/01/04 18:38:16 | 01,269,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[2008/04/14 00:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2009/01/07 22:06:19 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kane1\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 02:57:22 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/09/05 21:26:28 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/04/13 10:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/06/08 00:03:20 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006/06/07 23:27:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/06/15 17:48:53 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/04/13 10:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 20:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
File not found -- -- (Emproxy [Disabled | Stopped])
[2007/11/28 22:09:13 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/11/27 15:50:29 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/11/10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Disabled | Stopped])
[2008/11/07 16:40:52 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2008/12/03 19:52:34 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Disabled | Running])
File not found -- -- (McAfee HackerWatch Service [Disabled | Stopped])
File not found -- -- (mcmispupdmgr [Disabled | Stopped])
File not found -- -- (mcmscsvc [Disabled | Stopped])
File not found -- -- (McNASvc [Disabled | Stopped])
File not found -- -- (McODS [Disabled | Stopped])
File not found -- -- (mcpromgr [Disabled | Stopped])
[2005/08/05 20:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Disabled | Stopped])
File not found -- -- (McRedirector [Disabled | Stopped])
File not found -- -- (McShield [Unknown | Stopped])
File not found -- -- (McSysmon [Disabled | Stopped])
File not found -- -- (MpfService [Disabled | Stopped])
[2008/12/13 02:26:04 | 01,402,568 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe -- (OAcat [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/11/02 17:24:58 | 00,311,112 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\svcntaux.exe -- (sdAuxService [On_Demand | Stopped])
[2007/11/02 17:25:04 | 01,418,056 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\swdsvc.exe -- (sdCoreService [On_Demand | Stopped])
[2008/12/13 02:25:56 | 03,321,032 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor [Auto | Stopped])
[2007/10/22 03:27:51 | 01,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Disabled | Stopped])
[2007/01/19 19:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/19 03:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/09/08 22:02:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

========== Driver Services ==========

[2005/06/21 08:50:45 | 00,043,392 | R--- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL [On_Demand | Stopped])
[2006/06/08 00:08:58 | 01,580,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/01/04 13:55:14 | 00,278,728 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2007/01/11 05:39:12 | 00,243,584 | ---- | M] (YewSoft) -- C:\WINDOWS\system32\drivers\CamthWDM.sys -- (CamthWDM [Auto | Running])
[2008/06/15 17:48:53 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
[2004/12/13 21:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
[2005/06/21 08:50:45 | 00,285,696 | R--- | M] (Royal Philips Electronics N.V.) -- C:\WINDOWS\system32\drivers\CPWUA6D1.sys -- (CPWUA6D [On_Demand | Running])
[2006/06/05 20:49:08 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/05/03 14:15:33 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/10/18 00:14:00 | 00,041,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [On_Demand | Stopped])
[2007/12/16 11:39:46 | 00,056,832 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (iksysflt [On_Demand | Stopped])
[2007/12/16 11:39:45 | 00,074,240 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [On_Demand | Stopped])
[2008/04/13 18:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/04/28 23:51:02 | 00,110,360 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [System | Running])
[2007/05/18 23:18:42 | 00,185,616 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [On_Demand | Running])
[2008/09/26 09:52:00 | 00,035,472 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2008/01/04 13:55:13 | 00,025,416 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2008/09/26 09:53:00 | 00,037,392 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [Disabled | Running])
[2007/10/22 03:18:49 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2006/07/08 22:46:16 | 00,084,744 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Stopped])
[2006/07/14 07:09:34 | 00,033,896 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Stopped])
[2006/07/14 07:09:48 | 00,161,768 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Stopped])
[2006/07/14 07:09:54 | 00,031,560 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2006/07/14 07:10:00 | 00,037,800 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
[2008/12/13 02:26:30 | 00,178,376 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice [System | Running])
[2008/12/13 02:26:30 | 00,030,920 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon [System | Running])
[2008/12/13 02:26:30 | 00,028,872 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet [System | Running])
[2008/01/11 22:32:19 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
[2004/08/10 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/09/28 16:07:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/12/04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/12/04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/12/04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2008/11/02 08:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2008/04/13 16:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/02/19 01:30:52 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2005/08/30 17:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
[2005/08/30 17:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
[2005/08/30 17:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
[2006/07/24 16:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
[2006/03/20 23:06:04 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2007/09/06 20:28:16 | 00,030,336 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/06/27 11:25:26 | 00,185,504 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\V0250Dev.sys -- (V0250Dev [On_Demand | Running])
[2006/03/24 16:24:32 | 00,006,272 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\drivers\V0250Vfx.sys -- (V0250Vfx [On_Demand | Running])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2004/04/22 00:51:00 | 00,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5 [On_Demand | Running])
[2004/08/10 11:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.yahoo.com/
"Default_Search_URL"=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.yahoo.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.co.uk

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.co.uk

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" (Tall Emu)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"AVFX Engine"=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u File not found
"V0250Mon.exe"=C:\WINDOWS\V0250Mon.exe (Creative Technology Ltd.)
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

========== (O4) Startup Folders ==========

[2005/05/17 00:10:40 | 00,450,560 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips Wireless USB Adapter 11g.lnk = C:\Program Files\philips\Philips SNU6500 Wireless USB Adapter Utility\PHUSBMonitor.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
26 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab -- Minesweeper Flags Class

========== (O17) DNS Name Servers ==========

{2C67D1EF-39BC-4316-B3EB-36B94980F193} (Servers: | Description: )
{8A846D81-2973-42C2-84B3-A6159ECBFB23} (Servers: | Description: Philips SNU6500 Wireless USB Adapter)
{AD35648C-E175-4134-82F8-114309C4E682} (Servers: | Description: Intel® 82562V 10/100 Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
LBTWlgn: "DllName" = c:\program files\common files\logitech\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}" (HKLM) -- C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/10/22 01:25:41 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b6d33a8-9214-11dc-8ce5-0012bf16df3f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b6d33a8-9214-11dc-8ce5-0012bf16df3f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b6d33a8-9214-11dc-8ce5-0012bf16df3f}\Shell\AutoRun\command]
""=I:\laucher.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/01/07 22:06:17 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kane1\Desktop\OTViewIt.exe
[2009/01/06 23:18:31 | 00,685,056 | ---- | C] () -- C:\WINDOWS\is-RUNL3.exe
[2009/01/06 23:18:31 | 00,010,498 | ---- | C] () -- C:\WINDOWS\is-RUNL3.msg
[2009/01/06 23:18:31 | 00,000,460 | ---- | C] () -- C:\WINDOWS\is-RUNL3.lst
[2009/01/06 21:58:20 | 01,247,602 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how it workss.ai
[2009/01/06 21:57:22 | 02,273,519 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\howitworksfinal.ai
[2009/01/06 21:51:23 | 23,978,301 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works.psd
[2009/01/06 20:00:43 | 04,079,748 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Untitled-1.jpg
[2009/01/06 19:30:41 | 00,513,618 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works-final.jpg
[2009/01/06 18:54:44 | 00,309,175 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works-2.jpg
[2009/01/06 16:53:10 | 00,327,015 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works.jpg
[2009/01/06 11:33:05 | 01,625,420 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\how it works.ai
[2009/01/05 22:24:44 | 08,257,400 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\01-white_lies-to_lose_my_life_(filthy_dukes_remix).mp3
[2009/01/05 21:47:16 | 09,457,664 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\07 - My Sharona.mp3
[2009/01/05 21:35:00 | 00,000,347 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\The Knack - My Sharona.mp3
[2009/01/05 20:16:28 | 04,609,253 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Twilight Omens - Tonight - Franz Ferdinand.mp3
[2009/01/05 14:47:45 | 03,836,881 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\van.psd
[2009/01/05 12:28:25 | 00,049,128 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\n895720346_5459989_760.jpg
[2009/01/04 18:33:56 | 02,547,506 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\GoAudio - Why Piano version.mp3
[2009/01/04 12:41:37 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2009/01/03 15:31:02 | 00,025,311 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\54ezav.jpg
[2009/01/03 00:48:57 | 00,022,316 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\3f0ca8.gif
[2009/01/02 19:02:25 | 00,002,269 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\imag es.jpg
[2008/12/30 19:55:57 | 00,002,450 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\jazz.gif
[2008/12/30 19:55:24 | 00,004,927 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\jazzz.png
[2008/12/30 15:21:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Local Settings\Application Data\Yahoo
[2008/12/30 15:17:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/12/30 11:11:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Desktop\91.121.188.187
[2008/12/29 20:52:18 | 00,002,555 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\webb2.gif
[2008/12/29 20:52:00 | 00,004,815 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-6.png
[2008/12/29 20:47:28 | 00,002,647 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\webbbb.gif
[2008/12/29 20:43:11 | 00,002,788 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\webb.gif
[2008/12/29 20:42:55 | 00,005,932 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-5.png
[2008/12/29 20:34:08 | 00,002,614 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\41bde0.gif
[2008/12/29 20:33:50 | 00,004,786 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-4.png
[2008/12/29 20:27:09 | 00,002,794 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\e66314.gif
[2008/12/29 20:26:22 | 00,005,478 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-3.png
[2008/12/29 12:42:02 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\SpywareBlaster.lnk
[2008/12/29 12:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/12/29 12:33:23 | 02,869,536 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Kane1\Desktop\spywareblastersetup41.exe
[2008/12/29 12:32:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Application Data\OnlineArmor
[2008/12/29 12:32:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2008/12/29 12:32:06 | 00,178,376 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2008/12/29 12:32:06 | 00,030,920 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2008/12/29 12:32:06 | 00,028,872 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2008/12/29 12:32:04 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2008/12/29 12:29:11 | 13,229,544 | ---- | C] (Tall Emu Pty Ltd ) -- C:\Documents and Settings\Kane1\Desktop\OA190Free.exe
[2008/12/29 12:27:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Application Data\WinPatrol
[2008/12/29 12:27:01 | 00,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2008/12/29 12:26:50 | 00,726,384 | ---- | C] (BillP Studios) -- C:\Documents and Settings\Kane1\Desktop\wpsetup.exe
[2008/12/28 19:36:48 | 00,003,097 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\20215d.gif
[2008/12/28 19:36:16 | 00,002,729 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\5b2d62.gif
[2008/12/28 19:36:04 | 00,005,027 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-2.png
[2008/12/28 14:54:33 | 83,066,121 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\036 Russell Brand - 07 January 2007 FULL.mp3
[2008/12/27 23:03:15 | 00,042,048 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\n581000914_2293682_8289.jpg
[2008/12/27 00:32:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Desktop\gamma.videofriender.com
[2008/12/24 23:51:35 | 00,002,389 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\fd3e92.gif
[2008/12/24 23:51:24 | 00,002,353 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\monies.gif
[2008/12/24 23:50:39 | 00,001,840 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\2ef0cf.gif
[2008/12/24 23:50:22 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\msmile.gif
[2008/12/24 23:42:10 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part1.rar
[2008/12/24 22:27:10 | 77,428,465 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part5(2).rar
[2008/12/24 22:07:30 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part4.rar
[2008/12/24 21:59:48 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part3.rar
[2008/12/24 21:48:00 | 10,000,0000 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part2.rar
[2008/12/24 21:35:47 | 77,428,465 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part5.rar
[2008/12/23 22:57:47 | 00,011,667 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\hat.png
[2008/12/23 20:00:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/12/23 14:51:42 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/12/23 14:51:42 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/12/23 14:51:42 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/12/23 14:51:42 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/12/23 14:51:42 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/12/23 14:51:41 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/12/23 14:51:41 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/12/23 14:51:41 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/12/23 14:51:40 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/12/23 10:45:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Desktop\Temporary Downloaded Files
[2008/12/23 09:45:10 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[2008/12/23 09:42:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/22 23:37:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kane1\Desktop\To_Riches(full_album_unreleased_demo)
[2008/12/22 23:23:35 | 08,164,612 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\1-02 You Still Love Him.mp3
[2008/12/22 23:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/12/22 23:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/22 23:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/12/22 23:02:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/12/22 23:00:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/12/22 22:54:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/12/22 21:04:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/22 21:04:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/12/22 21:03:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/22 21:02:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/22 21:02:37 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/22 21:02:13 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/12/22 21:01:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/12/21 18:13:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/12/21 18:09:11 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/12/21 18:09:02 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/12/20 23:52:37 | 01,822,979 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\MagicBullets.pdf
[2008/12/20 14:27:53 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/12/20 14:27:52 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/12/20 14:27:51 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/12/20 14:27:51 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/12/20 14:27:51 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/12/20 14:27:50 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/12/20 14:27:49 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/12/20 14:27:49 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/12/20 14:27:49 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/12/20 14:27:48 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/12/20 14:27:48 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/12/20 14:27:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2008/12/20 14:27:46 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2008/12/20 14:27:43 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/12/20 14:27:41 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/12/20 14:27:41 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/12/20 14:27:39 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/12/20 14:27:39 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/12/20 14:27:39 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/12/20 14:27:39 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/12/20 14:27:39 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/12/20 14:27:38 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/12/20 14:27:38 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/12/20 14:27:38 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/12/20 14:27:38 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/12/20 14:27:37 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/12/20 14:27:34 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/12/20 14:27:33 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/12/20 14:27:33 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/12/20 14:27:33 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/12/20 14:27:32 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/12/20 14:27:32 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/12/20 14:27:32 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/12/20 14:27:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/12/20 14:27:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/12/20 14:27:32 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/12/20 14:27:25 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/12/20 14:27:25 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/12/20 14:27:25 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/12/20 14:27:25 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/12/20 14:27:18 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/12/20 14:27:18 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/12/20 14:27:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/12/20 14:27:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/12/20 14:27:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/12/20 14:27:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/12/20 14:27:13 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2008/12/20 14:27:12 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2008/12/20 14:27:12 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/12/20 14:27:10 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/12/20 14:27:08 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/12/20 14:27:08 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/12/20 14:27:06 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2008/12/20 14:27:05 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/12/20 14:27:05 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/12/20 14:27:05 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/12/20 14:27:05 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/12/20 14:27:05 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/12/20 14:27:05 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/12/20 14:27:05 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/12/20 14:27:05 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/12/20 14:27:04 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/12/20 14:27:04 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/12/20 14:27:04 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/12/20 14:27:04 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/12/20 14:27:04 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/12/20 14:27:04 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/12/20 14:27:04 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/12/20 14:27:03 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/12/20 14:27:03 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/12/20 14:27:02 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/12/20 14:27:01 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/12/20 14:27:01 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/12/20 14:26:57 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/12/20 14:26:57 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/12/20 14:26:57 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/12/20 14:26:57 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/12/20 14:26:57 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/12/20 14:26:56 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/12/20 14:26:53 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/12/20 14:26:53 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/12/20 14:26:53 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/12/20 14:26:53 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/12/20 13:44:44 | 00,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/12/20 13:43:33 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/12/20 13:40:50 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/12/20 13:40:43 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/12/20 13:40:41 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/12/20 13:40:39 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/12/20 13:40:38 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/12/20 13:36:20 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2008/12/20 13:36:16 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/12/20 13:36:04 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2008/12/20 13:33:55 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/12/20 09:56:51 | 00,041,472 | ---- | C] () -- C:\WINDOWS\System32\mhiohoqv.dll
[2008/12/19 23:50:48 | 00,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2008/12/19 23:27:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2008/12/19 20:05:11 | 00,839,514 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\cc_20081219_200508.reg
[2008/12/19 19:57:42 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/12/19 19:05:41 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/12/18 23:23:26 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/18 23:23:23 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/18 23:23:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/18 22:41:47 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/12/18 22:35:02 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2008/12/18 21:59:24 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/12/17 21:08:37 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2008/12/16 00:33:24 | 06,586,517 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\The_Fear.mp3
[2008/12/15 00:04:01 | 00,448,633 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\main3.jpg
[2008/12/14 23:29:46 | 00,447,925 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\main2.jpg
[2008/12/14 22:24:38 | 00,486,670 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\queeen.jpg
[2008/12/14 22:23:13 | 00,600,443 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\queeeen.jpg
[2008/12/14 22:20:57 | 00,249,231 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\slide1.jpg
[2008/12/14 21:41:35 | 00,492,647 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\main.jpg
[2008/12/14 20:30:32 | 01,158,167 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\P1060008.psd
[2008/12/14 16:17:39 | 00,374,704 | ---- | C] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-2.jpg
[2008/12/14 10:51:19 | 73,244,0576 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\ricky.gervais.out.of.england.the.stand-up.special.hdtv.xvid-sys.avi
[2008/12/13 08:30:35 | 73,461,7600 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\mv..www.iwillsearch4u.com.avi
[2008/12/12 23:27:25 | 05,815,172 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Good-Books-Manifesto.mp3
[2008/12/09 22:48:42 | 04,685,977 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Brett Domino Trio - Christmas (This Year).mp3
[2008/12/09 19:16:17 | 66,106,025 | ---- | C] () -- C:\Documents and Settings\Kane1\Desktop\Little Boots - Magical Tropical Mixtape.mp3

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/01/07 22:07:05 | 06,122,272 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/01/07 22:06:19 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kane1\Desktop\OTViewIt.exe
[2009/01/07 22:05:05 | 15,793,6160 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/01/07 21:54:19 | 00,000,589 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\My Sharing Folders.lnk
[2009/01/07 18:36:45 | 00,475,330 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/07 18:36:45 | 00,404,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/07 18:36:45 | 00,063,304 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/06 23:21:35 | 00,000,681 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/06 23:21:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/06 23:21:35 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/01/06 23:18:31 | 00,685,056 | ---- | M] () -- C:\WINDOWS\is-RUNL3.exe
[2009/01/06 23:18:31 | 00,010,498 | ---- | M] () -- C:\WINDOWS\is-RUNL3.msg
[2009/01/06 23:18:31 | 00,000,460 | ---- | M] () -- C:\WINDOWS\is-RUNL3.lst
[2009/01/06 23:17:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/06 23:16:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/06 23:16:58 | 01,463,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/06 23:16:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/06 23:00:30 | 02,117,108 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/01/06 23:00:30 | 00,578,588 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/01/06 22:15:54 | 01,070,080 | -HS- | M] () -- C:\Documents and Settings\Kane1\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Kane1\Desktop\Thumbs.db:encryptable
[2009/01/06 22:04:26 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wogeguli
[2009/01/06 21:58:20 | 01,247,602 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how it workss.ai
[2009/01/06 21:57:22 | 02,273,519 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\howitworksfinal.ai
[2009/01/06 21:53:24 | 01,625,420 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how it works.ai
[2009/01/06 21:51:27 | 23,978,301 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works.psd
[2009/01/06 20:00:45 | 04,079,748 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Untitled-1.jpg
[2009/01/06 19:30:41 | 00,513,618 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works-final.jpg
[2009/01/06 18:54:44 | 00,309,175 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works-2.jpg
[2009/01/06 16:53:10 | 00,327,015 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\how-ti-works.jpg
[2009/01/06 12:11:49 | 00,040,248 | ---- | M] () -- C:\Documents and Settings\Kane1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/06 12:09:30 | 00,353,792 | -HS- | M] () -- C:\Documents and Settings\Kane1\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Kane1\My Documents\Thumbs.db:encryptable
[2009/01/05 21:53:08 | 09,457,664 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\07 - My Sharona.mp3
[2009/01/05 21:35:01 | 00,000,347 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\The Knack - My Sharona.mp3
[2009/01/05 20:18:53 | 04,609,253 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Twilight Omens - Tonight - Franz Ferdinand.mp3
[2009/01/05 14:47:45 | 03,836,881 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\van.psd
[2009/01/05 12:28:25 | 00,049,128 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\n895720346_5459989_760.jpg
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/04 18:35:24 | 02,547,506 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\GoAudio - Why Piano version.mp3
[2009/01/03 15:31:02 | 00,025,311 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\54ezav.jpg
[2009/01/03 00:48:57 | 00,022,316 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\3f0ca8.gif
[2009/01/02 19:02:26 | 00,002,269 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\imag es.jpg
[2008/12/31 22:44:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/31 22:20:29 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/31 21:38:00 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\Kane1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/30 19:55:57 | 00,002,450 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\jazz.gif
[2008/12/30 19:55:24 | 00,004,927 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\jazzz.png
[2008/12/29 20:52:19 | 00,002,555 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\webb2.gif
[2008/12/29 20:52:00 | 00,004,815 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-6.png
[2008/12/29 20:47:28 | 00,002,647 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\webbbb.gif
[2008/12/29 20:43:11 | 00,002,788 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\webb.gif
[2008/12/29 20:42:55 | 00,005,932 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-5.png
[2008/12/29 20:34:09 | 00,002,614 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\41bde0.gif
[2008/12/29 20:33:50 | 00,004,786 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-4.png
[2008/12/29 20:27:09 | 00,002,794 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\e66314.gif
[2008/12/29 20:26:22 | 00,005,478 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-3.png
[2008/12/29 12:42:02 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\SpywareBlaster.lnk
[2008/12/29 12:33:51 | 02,869,536 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Kane1\Desktop\spywareblastersetup41.exe
[2008/12/29 12:32:52 | 00,000,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2008/12/29 12:31:12 | 13,229,544 | ---- | M] (Tall Emu Pty Ltd ) -- C:\Documents and Settings\Kane1\Desktop\OA190Free.exe
[2008/12/29 12:26:53 | 00,726,384 | ---- | M] (BillP Studios) -- C:\Documents and Settings\Kane1\Desktop\wpsetup.exe
[2008/12/29 12:18:29 | 02,108,622 | -H-- | M] () -- C:\Documents and Settings\Kane1\Local Settings\Application Data\IconCache.db
[2008/12/28 19:36:48 | 00,003,097 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\20215d.gif
[2008/12/28 19:36:16 | 00,002,729 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\5b2d62.gif
[2008/12/28 19:36:05 | 00,005,027 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-2.png
[2008/12/28 15:05:01 | 83,066,121 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\036 Russell Brand - 07 January 2007 FULL.mp3
[2008/12/27 23:03:15 | 00,042,048 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\n581000914_2293682_8289.jpg
[2008/12/24 23:51:36 | 00,002,389 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\fd3e92.gif
[2008/12/24 23:51:24 | 00,002,353 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\monies.gif
[2008/12/24 23:50:39 | 00,001,840 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\2ef0cf.gif
[2008/12/24 23:50:22 | 00,001,725 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\msmile.gif
[2008/12/24 23:50:05 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part1.rar
[2008/12/24 22:33:07 | 77,428,465 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part5(2).rar
[2008/12/24 22:19:59 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part4.rar
[2008/12/24 22:07:31 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part3.rar
[2008/12/24 21:53:45 | 10,000,0000 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part2.rar
[2008/12/24 21:42:41 | 77,428,465 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Elements7.part5.rar
[2008/12/23 22:57:47 | 00,011,667 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\hat.png
[2008/12/23 20:01:13 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/23 09:45:10 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[2008/12/22 23:25:09 | 08,164,612 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\1-02 You Still Love Him.mp3
[2008/12/22 22:57:45 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/22 22:26:17 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Kane1\My Documents\desktop.ini
[2008/12/20 23:52:37 | 01,822,979 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\MagicBullets.pdf
[2008/12/20 09:56:51 | 00,041,472 | ---- | M] () -- C:\WINDOWS\System32\mhiohoqv.dll
[2008/12/19 20:05:23 | 00,839,514 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\cc_20081219_200508.reg
[2008/12/19 19:39:01 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Kane1\Application Data\inst.exe
[2008/12/19 19:39:01 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Kane1\Application Data\pcouffin.sys
[2008/12/19 19:39:01 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Kane1\Application Data\pcouffin.cat
[2008/12/19 19:39:01 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Kane1\Application Data\pcouffin.inf
[2008/12/16 00:33:52 | 06,586,517 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\The_Fear.mp3
[2008/12/15 00:04:02 | 00,448,633 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\main3.jpg
[2008/12/14 23:29:47 | 00,447,925 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\main2.jpg
[2008/12/14 22:24:40 | 00,486,670 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\queeen.jpg
[2008/12/14 22:23:14 | 00,600,443 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\queeeen.jpg
[2008/12/14 22:20:58 | 00,249,231 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\slide1.jpg
[2008/12/14 21:41:35 | 00,492,647 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\main.jpg
[2008/12/14 20:31:50 | 01,158,167 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\P1060008.psd
[2008/12/14 16:17:39 | 00,374,704 | ---- | M] () -- C:\Documents and Settings\Kane1\My Documents\Untitled-2.jpg
[2008/12/13 08:56:20 | 73,461,7600 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\mv..www.iwillsearch4u.com.avi
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/13 02:26:30 | 00,178,376 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2008/12/13 02:26:30 | 00,030,920 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2008/12/13 02:26:30 | 00,028,872 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2008/12/12 23:27:32 | 05,815,172 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Good-Books-Manifesto.mp3
[2008/12/09 22:49:42 | 04,685,977 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Brett Domino Trio - Christmas (This Year).mp3
[2008/12/09 20:21:49 | 66,106,025 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\Little Boots - Magical Tropical Mixtape.mp3
< End of report >


OTViewIt Extras logfile created on: 07/01/2009 22:06:43 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Kane1\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.69% Memory free
3.85 Gb Paging File | 3.03 Gb Available in Paging File | 78.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 71.30 Gb Free Space | 23.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KANE
Current User Name: Kane1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 19:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 23:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
File not found -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/02/18 15:12:01 | 00,219,952 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Documents and Settings\Kane1\Desktop\psng11.0.0.1502\GhostSrv.exe:*:Enabled:GhostCastServer Network Access
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avgemc.exe:*:Enabled:avgemc.exe
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avginet.exe:*:Enabled:avginet.exe
[2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/08 22:02:02 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2004/01/12 10:57:00 | 00,241,664 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament
[2008/12/12 07:40:33 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe:*:Enabled:Firefox
File not found -- C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
File not found -- C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/01/04 18:38:16 | 01,269,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
[2007/01/19 19:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 23:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2008/04/14 00:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2DC169BB-FD26-4EB1-AED8-5CDA2D08849F}"=PIF installer
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}"=TestDrive Client
"{37014EAD-89A5-F28B-DDB1-E85D64A255AF}"=Hitman Blood Money
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}"=Logitech Registration
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}"=Microsoft Windows Journal Viewer
"{45235788-142C-44BE-8A4D-DDE9A84492E5}"=AGEIA PhysX v7.09.13
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{4E1365FE-A878-4C3A-B055-220B8688FC09}"=SymCUW
"{4EF35707-7052-4331-B8FD-549DB3922AD7}"=TMPGEnc DVD Author 3 with DivX Authoring
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}"=Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}"=ATI Catalyst Control Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6A5887F9-F17E-4905-B577-7956BF866C88}"=Callipygian2.9
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D316D67-DA52-4659-9C98-F479963534D6}"=Audiosurf
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6EB0AA0F-19B8-4947-B4D8-A92C465E0292}"=LiceneManager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}"=Adobe Color EU Recommended Settings
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9578C0CD-8108-4379-9026-4601F59859A0}"=Google Earth Pro
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{A47B07BD-C187-41F8-8AB8-38E5821BB7BF}"=Gogglebox TV
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1"=RunAlyzer
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B2818E0A-9913-4704-B48B-EB39951B0134}"=Philips Wireless USB Adapter 11g
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BC85DD5F-1E88-4E38-B77F-0371DFD41033}"=Nero 7 Demo
"{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}"=Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}"=Microsoft Games for Windows - LIVE Redistributable
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}"=Microsoft XML Parser
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EA418519-2160-43A0-AABD-6608DDD8D87F}"=iTunes
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F9537757-10D8-451E-B0EB-C31C0A38C1B2}"=CfgWiz
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}"=Dell Resource CD
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}"=Adobe Color NA Extra Settings
"001 File Joiner & Splitter Pro3.0"=001 File Joiner & Splitter Pro
"AC3ACM"=AC-3 ACM Codec
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6"=Adobe Illustrator CS3
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"Advanced Video FX Engine"=Advanced Video FX Engine
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Audacity_is1"=Audacity 1.2.6
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"CCleaner"=CCleaner (remove only)
"Creative Software AutoUpdate"=Creative Software AutoUpdate
"Creative VF0250"=Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
"Destiny Media Player"=Destiny Media Player
"DVD Shrink_is1"=DVD Shrink 3.2
"Easy Avi/Divx/Xvid to DVD Burner_is1"=Easy Avi/Divx/Xvid to DVD Burner 2.4.6
"HijackThis"=HijackThis 2.0.2
"Hypercube Time Stretcher"=Hypercube Time Stretcher v1.0.0.1
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{B2818E0A-9913-4704-B48B-EB39951B0134}"=Philips Wireless USB Adapter 11g
"LameACM"=Lame ACM MP3 Codec
"LastFM_is1"=Last.fm 1.5.1.29527
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.9)"=Mozilla Firefox (2.0.0.9)
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Mozilla Thunderbird (2.0.0.17)"=Mozilla Thunderbird (2.0.0.17)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1"=Online Armor 3.0
"OpenAL"=OpenAL
"PowerISO"=PowerISO
"PROSet"=Intel® PRO Network Connections Drivers
"RealPlayer 6.0"=RealPlayer
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device"=SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver"=Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"Spyware Doctor"=Spyware Doctor 5.1
"SpywareBlaster_is1"=SpywareBlaster 4.1
"TmUnitedForever_is1"=TmUnitedForever
"Tom Clancy's Rainbow Six Vegas 2 Full *RÝP* Team JPN_is1"=Tom Clancy's Rainbow Six Vegas 2
"TV Player"=Veetle TV Player 0.9.11
"Veetle TV Player"=Veetle TV Player 0.9.11
"VLC media player"=VideoLAN VLC media player 0.8.6c
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebcamMax"=WebcamMax
"WinAce Archiver"=WinAce Archiver
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPatrol"=WinPatrol 2008
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"Navizon"=Navizon
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"Navizon"=Navizon
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/01/2009 11:30:54 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3257, faulting module
quartz.dll, version 6.5.2600.5596, fault address 0x0003849f.

Error - 06/01/2009 06:24:56 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module libvlc.dll,
version 0.0.0.0, fault address 0x000ba556.

Error - 06/01/2009 06:25:00 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 06/01/2009 06:41:08 | Computer Name = KANE | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 0.8.6.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 06/01/2009 08:51:26 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 13.0.128.0, faulting
module illustrator.exe, version 13.0.128.0, fault address 0x001fafaa.

Error - 06/01/2009 18:06:38 | Computer Name = KANE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 06/01/2009 19:01:28 | Computer Name = KANE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 06/01/2009 19:07:41 | Computer Name = KANE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 06/01/2009 19:11:30 | Computer Name = KANE | Source = Application Hang | ID = 1002
Description = Hanging application mbamgui.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 06/01/2009 19:17:19 | Computer Name = KANE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

[ System Events ]
Error - 06/01/2009 19:14:19 | Computer Name = KANE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 06/01/2009 19:14:57 | Computer Name = KANE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 06/01/2009 19:17:23 | Computer Name = KANE | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 06/01/2009 19:17:38 | Computer Name = KANE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 06/01/2009 19:17:38 | Computer Name = KANE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 06/01/2009 19:17:56 | Computer Name = KANE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 06/01/2009 19:17:56 | Computer Name = KANE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 06/01/2009 19:26:26 | Computer Name = KANE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 07/01/2009 04:22:17 | Computer Name = KANE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ehRecvr service.

Error - 07/01/2009 14:18:49 | Computer Name = KANE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 0012BF16DF3F has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 AM

Posted 08 January 2009 - 04:15 PM

Hello.

Yeah i removd mcafee with add/remove, i think. It was ages ago though. And i already have malwarebytes

Ya. That's what I thought, the add/remove did a very bad job of removing the stuff related to McAfee... Malwarebytes isn't an anti-virus program and it also doesn't have real-time protection unless you purchased it which I don't think you did. This will get you in trouble when surfing on the web, so let's please install an anti-virus software please.

I had Vundo, then Malwarebytes would get rid of it, then it would come back in a few days and then d get rid of it again etc.

I don't see it anymore, seems it's completly removed. Does any other of your Security programs flag it?

Removing Programs using Add/Remove

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7


These are outdated version of Java which can be exposed to malware.

Additional instructions can be found here if needed.

Remove your McAfee products

Please go to this link

Scroll down to the heading that says Removing McAfee Automatically.

Follow the instructions under that heading on downloading the McAfee Removal Tool and running it to remove all things related to McAfee.

Run one more online scan making sure nothing else is detected..

Run ESET Online Scan
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
  • Click Start. The online scanner will now prepare itself for running on your pc.
  • To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
  • Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
  • Click Start, then Run.... The the box that appears type with the quotes:
    "C:\Program Files\EsetOnlineScanner\log.txt"
  • The scan results will now open in Notepad
  • Click into the text area, right-click and chose select all. Right-click again and chose Copy.
  • Post back with the log.txt in your next reply.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Install Antivirus

An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a free anti-virus program:PLease post back with:
-ESET scan log
-New OTViewIT logs
-Any PRoblems?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 kanesw

kanesw
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 08 January 2009 - 05:38 PM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3752 (20090108)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=253bf161fdf2b241a1919b89d692f09b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-08 10:36:57
# local_time=2009-01-08 10:36:57 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=316386
# found=4
# scan_time=3699
C:\Documents and Settings\Kane1\Desktop\New Folder\Set Ups\Ad.Aware.Pro.v7.0.1.6.Incl.Patch - DEC0DE.Asif2bd\adawaredec0depatcher.exe probably a variant of Win32/Genetik trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Kane1\Desktop\New Folder\Set Ups\Ad.Aware.Pro.v7.0.1.6.Incl.Patch - DEC0DE.Asif2bd\adawaredec0depatcher.exe »tElock v0.98 probably a variant of Win32/Genetik trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-776561741-2000478354-839522115-1003\Dc472\kb435112[1] Win32/TrojanDownloader.Agent.ONC trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\mhiohoqv.dll Win32/TrojanDownloader.Agent.ONC trojan (unable to clean - deleted) 00000000000000000000000000000000

#15 kanesw

kanesw
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 08 January 2009 - 05:39 PM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3752 (20090108)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=253bf161fdf2b241a1919b89d692f09b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-08 10:36:57
# local_time=2009-01-08 10:36:57 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=316386
# found=4
# scan_time=3699
C:\Documents and Settings\Kane1\Desktop\New Folder\Set Ups\Ad.Aware.Pro.v7.0.1.6.Incl.Patch - DEC0DE.Asif2bd\adawaredec0depatcher.exe probably a variant of Win32/Genetik trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Kane1\Desktop\New Folder\Set Ups\Ad.Aware.Pro.v7.0.1.6.Incl.Patch - DEC0DE.Asif2bd\adawaredec0depatcher.exe »tElock v0.98 probably a variant of Win32/Genetik trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-776561741-2000478354-839522115-1003\Dc472\kb435112[1] Win32/TrojanDownloader.Agent.ONC trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\mhiohoqv.dll Win32/TrojanDownloader.Agent.ONC trojan (unable to clean - deleted) 00000000000000000000000000000000


OTViewIt Extras logfile created on: 08/01/2009 22:38:55 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Kane1\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.72% Memory free
3.85 Gb Paging File | 3.05 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 71.73 Gb Free Space | 24.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KANE
Current User Name: Kane1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 19:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 23:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
File not found -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/02/18 15:12:01 | 00,219,952 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Documents and Settings\Kane1\Desktop\psng11.0.0.1502\GhostSrv.exe:*:Enabled:GhostCastServer Network Access
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avgemc.exe:*:Enabled:avgemc.exe
File not found -- C:\PROGRA~1\Mozilla Firefox\Grisoft-AVG75\avginet.exe:*:Enabled:avginet.exe
[2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/08 22:02:02 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2004/01/12 10:57:00 | 00,241,664 | ---- | M] () -- C:\Documents and Settings\Kane1\Desktop\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament
[2008/12/12 07:40:33 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe:*:Enabled:Firefox
File not found -- C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
File not found -- C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/01/04 18:38:16 | 01,269,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
[2007/01/19 19:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 23:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer
[2008/04/14 00:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2DC169BB-FD26-4EB1-AED8-5CDA2D08849F}"=PIF installer
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}"=TestDrive Client
"{37014EAD-89A5-F28B-DDB1-E85D64A255AF}"=Hitman Blood Money
"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}"=Logitech Registration
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}"=Microsoft Windows Journal Viewer
"{45235788-142C-44BE-8A4D-DDE9A84492E5}"=AGEIA PhysX v7.09.13
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{4E1365FE-A878-4C3A-B055-220B8688FC09}"=SymCUW
"{4EF35707-7052-4331-B8FD-549DB3922AD7}"=TMPGEnc DVD Author 3 with DivX Authoring
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}"=Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}"=ATI Catalyst Control Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6A5887F9-F17E-4905-B577-7956BF866C88}"=Callipygian2.9
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6D316D67-DA52-4659-9C98-F479963534D6}"=Audiosurf
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6EB0AA0F-19B8-4947-B4D8-A92C465E0292}"=LiceneManager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}"=Adobe Color EU Recommended Settings
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9578C0CD-8108-4379-9026-4601F59859A0}"=Google Earth Pro
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{A47B07BD-C187-41F8-8AB8-38E5821BB7BF}"=Gogglebox TV
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1"=RunAlyzer
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B2818E0A-9913-4704-B48B-EB39951B0134}"=Philips Wireless USB Adapter 11g
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BC85DD5F-1E88-4E38-B77F-0371DFD41033}"=Nero 7 Demo
"{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}"=Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}"=Microsoft Games for Windows - LIVE Redistributable
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}"=BBC iPlayer Download Manager
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}"=Microsoft XML Parser
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EA418519-2160-43A0-AABD-6608DDD8D87F}"=iTunes
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F9537757-10D8-451E-B0EB-C31C0A38C1B2}"=CfgWiz
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}"=Dell Resource CD
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}"=Adobe Color NA Extra Settings
"001 File Joiner & Splitter Pro3.0"=001 File Joiner & Splitter Pro
"AC3ACM"=AC-3 ACM Codec
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Adobe_a04a925a57548091300ada368235fc6"=Adobe Illustrator CS3
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"Advanced Video FX Engine"=Advanced Video FX Engine
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Audacity_is1"=Audacity 1.2.6
"BBC iPlayer Download Manager"=BBC iPlayer Download Manager
"CCleaner"=CCleaner (remove only)
"Creative Software AutoUpdate"=Creative Software AutoUpdate
"Creative VF0250"=Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
"Destiny Media Player"=Destiny Media Player
"DVD Shrink_is1"=DVD Shrink 3.2
"Easy Avi/Divx/Xvid to DVD Burner_is1"=Easy Avi/Divx/Xvid to DVD Burner 2.4.6
"EsetOnlineScanner"=ESET Online Scanner
"HijackThis"=HijackThis 2.0.2
"Hypercube Time Stretcher"=Hypercube Time Stretcher v1.0.0.1
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{B2818E0A-9913-4704-B48B-EB39951B0134}"=Philips Wireless USB Adapter 11g
"LameACM"=Lame ACM MP3 Codec
"LastFM_is1"=Last.fm 1.5.1.29527
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.9)"=Mozilla Firefox (2.0.0.9)
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Mozilla Thunderbird (2.0.0.17)"=Mozilla Thunderbird (2.0.0.17)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OnlineArmor_is1"=Online Armor 3.0
"OpenAL"=OpenAL
"PowerISO"=PowerISO
"PROSet"=Intel® PRO Network Connections Drivers
"RealPlayer 6.0"=RealPlayer
"SAMSUNG CDMA Modem"=SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device"=SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver"=Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software
"Spyware Doctor"=Spyware Doctor 5.1
"SpywareBlaster_is1"=SpywareBlaster 4.1
"TmUnitedForever_is1"=TmUnitedForever
"Tom Clancy's Rainbow Six Vegas 2 Full *RÝP* Team JPN_is1"=Tom Clancy's Rainbow Six Vegas 2
"TV Player"=Veetle TV Player 0.9.11
"Veetle TV Player"=Veetle TV Player 0.9.11
"VLC media player"=VideoLAN VLC media player 0.8.6c
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebcamMax"=WebcamMax
"WinAce Archiver"=WinAce Archiver
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinPatrol"=WinPatrol 2008
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"Navizon"=Navizon
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-776561741-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"Navizon"=Navizon
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/01/2009 06:25:00 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 06/01/2009 06:41:08 | Computer Name = KANE | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 0.8.6.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 06/01/2009 08:51:26 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application illustrator.exe, version 13.0.128.0, faulting
module illustrator.exe, version 13.0.128.0, fault address 0x001fafaa.

Error - 06/01/2009 18:06:38 | Computer Name = KANE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 06/01/2009 19:01:28 | Computer Name = KANE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 06/01/2009 19:07:41 | Computer Name = KANE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 06/01/2009 19:11:30 | Computer Name = KANE | Source = Application Hang | ID = 1002
Description = Hanging application mbamgui.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 06/01/2009 19:17:19 | Computer Name = KANE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 08/01/2009 14:15:24 | Computer Name = KANE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 08/01/2009 14:17:31 | Computer Name = KANE | Source = Application Error | ID = 1000
Description = Faulting application phusbmonitor.exe, version 2.2.0.21, faulting
module phusbmonitor.exe, version 2.2.0.21, fault address 0x0000b381.

[ System Events ]
Error - 06/01/2009 19:26:26 | Computer Name = KANE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 07/01/2009 04:22:17 | Computer Name = KANE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ehRecvr service.

Error - 07/01/2009 14:18:49 | Computer Name = KANE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 0012BF16DF3F has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 08/01/2009 14:15:27 | Computer Name = KANE | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 08/01/2009 14:15:42 | Computer Name = KANE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 08/01/2009 14:15:42 | Computer Name = KANE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 08/01/2009 14:15:57 | Computer Name = KANE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 08/01/2009 14:15:57 | Computer Name = KANE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 08/01/2009 14:24:47 | Computer Name = KANE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 0012BF16DF3F has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 08/01/2009 17:19:30 | Computer Name = KANE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users