Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trend Micro keeps alerting me of "ADW_TRYMEDIA" and says it can't remove it


  • This topic is locked This topic is locked
8 replies to this topic

#1 maccyx

maccyx

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 25 December 2008 - 02:06 PM

Hello. Let me first say that I appreciate any help given even if my problem is not resolved here. Thank heavens for places like this!

My Trend Micro PC-Cillin keeps alerting me of multiple instances of ADW_TRYMEDIA and it tells me it cannot remove the file. I ran HJT and uploaded this logfile. If this was not the appropriate action or forum I apologize. My only hope is to remove this .exe file. Trend Micro identifies it as " C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP650\A0082943.exe"

Here is the logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:20 PM, on 12/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\KIM\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155777264953
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159149229453
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11918 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:58 PM

Posted 03 January 2009 - 10:37 PM

Hello, maccyx
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.

My Trend Micro PC-Cillin keeps alerting me of multiple instances of ADW_TRYMEDIA and it tells me it cannot remove the file. I ran HJT and uploaded this logfile. If this was not the appropriate action or forum I apologize. My only hope is to remove this .exe file. Trend Micro identifies it as " C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP650\A0082943.exe"

These files are inside of system restore, which is why Trend isn't allowed to touch it. It's not actually active on your system.

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:58 PM

Posted 09 January 2009 - 07:05 PM

Hello, maccyx
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:58 PM

Posted 12 January 2009 - 05:36 PM

User returned; topic reopened.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 maccyx

maccyx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 12 January 2009 - 06:21 PM

Thanks Billy,

Here are the reports you requested:

OTViewIt Logfile

OTViewIt logfile created on: 1/12/2009 5:15:07 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\KIM\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 273.34 Mb Available Physical Memory | 26.74% Memory free
2.40 Gb Paging File | 1.70 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.23 Gb Total Space | 7.77 Gb Free Space | 15.16% Space Free | Partition Type: NTFS
Drive D: | 17.21 Gb Total Space | 17.14 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIMMAC
Current User Name: KIM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/02/15 22:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2004/10/13 17:28:54 | 00,397,312 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
[2006/10/18 17:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2006/10/18 16:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2006/10/18 17:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/12 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2006/04/06 13:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[2008/05/19 15:17:14 | 01,475,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe
[2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2006/10/18 16:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2006/12/15 18:08:10 | 00,345,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe
[2006/11/09 15:03:42 | 00,923,216 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
[2006/11/09 15:04:02 | 00,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2006/02/15 22:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/04/13 18:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2006/11/21 13:02:24 | 01,807,960 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
[2006/10/18 17:04:28 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2006/10/18 16:58:16 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/10/31 09:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[2006/03/24 15:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/06/10 09:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2005/10/20 18:40:26 | 00,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
[2005/09/29 13:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2004/12/06 00:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2005/08/12 13:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/03/08 10:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2005/08/05 12:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2006/08/27 19:09:16 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2009/01/12 17:09:27 | 00,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\KIM\Local Settings\Temp\clclean.0001
[2006/02/19 01:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2005/10/27 15:41:52 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcccoms.exe
[2006/08/07 10:16:52 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
[2006/11/01 10:08:24 | 00,321,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
[2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2006/10/18 16:53:24 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/05/02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
[2005/08/12 13:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/10/15 01:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 09:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/10/15 01:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/13 18:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2009/01/12 11:26:57 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KIM\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2006/12/08 10:49:52 | 00,013,864 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService [Disabled | Stopped])
[2004/04/07 11:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Disabled | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/02/15 22:33:12 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/05/24 17:21:28 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Disabled | Stopped])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/08/07 10:16:52 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [On_Demand | Running])
[1999/12/12 09:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2005/10/27 15:41:52 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device [On_Demand | Running])
[2004/10/13 17:26:50 | 00,163,840 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe -- (DPFUSMgr [Disabled | Stopped])
[2004/10/13 17:21:26 | 00,225,280 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHost.exe -- (DpHost [Disabled | Stopped])
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2006/10/18 17:05:18 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/01/26 20:33:44 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006/04/06 13:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Running])
[2008/05/19 15:17:14 | 01,475,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom [Auto | Running])
[2006/03/03 20:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Unknown | Running])
[2006/10/18 16:49:52 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2006/10/18 16:56:52 | 00,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2006/12/15 18:08:10 | 00,345,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv [Auto | Running])
[2006/11/09 15:03:42 | 00,923,216 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw [Auto | Running])
[2006/11/09 15:04:02 | 00,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/10/18 17:01:34 | 00,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services ==========

[2007/05/06 18:36:04 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV [System | Running])
[2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/02/15 22:39:00 | 01,421,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/12/02 20:04:12 | 00,017,920 | R--- | M] (ASIX Electronics Corp.) -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772 [On_Demand | Stopped])
[2005/08/05 08:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2006/05/24 17:07:18 | 00,328,237 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
[2006/05/24 17:01:34 | 00,030,427 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Stopped])
[2006/05/24 17:04:04 | 00,851,434 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
[2006/05/24 17:05:26 | 00,023,271 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
[2006/05/24 16:58:18 | 00,148,900 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
[2006/05/24 16:57:00 | 00,045,683 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid [On_Demand | Stopped])
[2006/05/24 17:01:22 | 00,030,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
[2006/05/24 17:00:50 | 00,066,488 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
[2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2007/03/07 09:45:12 | 00,028,672 | ---- | M] () -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [On_Demand | Stopped])
[2005/01/10 02:15:00 | 00,138,752 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2005/05/25 01:34:00 | 00,158,464 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN [On_Demand | Running])
[2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2004/08/04 15:58:08 | 00,032,640 | ---- | M] (DigitalPersona, Inc.) -- C:\WINDOWS\system32\drivers\dpK0Bx01.sys -- (dpK0Bx01 [On_Demand | Stopped])
[2004/12/01 02:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 01:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/01/10 11:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/10/21 18:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2006/05/16 00:17:22 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/10/22 06:22:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2005/07/21 19:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/07/21 19:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2008/04/13 12:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2008/02/29 02:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Stopped])
[2008/02/29 02:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Stopped])
[2004/03/16 19:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/01/03 23:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt [On_Demand | Running])
[2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2006/10/17 10:55:28 | 01,711,104 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])
[2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 08:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2005/01/10 02:15:00 | 00,106,496 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2004/10/19 08:07:22 | 00,009,728 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
[2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/07 17:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/10/14 07:40:18 | 00,028,544 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/10/14 07:40:18 | 00,051,328 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2005/10/14 07:40:18 | 00,307,968 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2006/10/19 08:29:22 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 12:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/06/27 22:08:56 | 00,042,752 | R--- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
[2008/04/13 12:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2008/04/13 12:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2006/03/24 15:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/03/08 10:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2004/12/06 00:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 00:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 00:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2006/11/09 15:04:20 | 00,280,392 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2008/08/16 02:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2006/11/09 15:04:20 | 00,073,288 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/08/16 02:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/04/13 12:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2007/04/09 08:53:24 | 00,012,672 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
[2007/04/09 08:56:22 | 00,021,248 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
[2004/08/04 15:59:14 | 00,034,560 | ---- | M] (DigitalPersona, Inc.) -- C:\WINDOWS\system32\drivers\UsbdpFP.sys -- (UsbdpFP [On_Demand | Stopped])
[2007/04/09 08:55:08 | 00,022,912 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
[2008/08/16 01:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2006/04/27 07:13:04 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Stopped])
[2003/01/10 15:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Running])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2005/07/21 19:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 12:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"SearchAssistant"=http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
"Start Page"=http://www.msn.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-89081543-3156922930-1708769281-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
"Start Page"=http://www.msn.com/

[HKEY_USERS\S-1-5-21-89081543-3156922930-1708769281-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-89081543-3156922930-1708769281-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-89081543-3156922930-1708769281-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar5.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"DLCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 ()
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" (Dell)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"MBMon"=Rundll32 CTMBHA.DLL,MBMon ()
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" (Trend Micro Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (Trend Micro Inc.)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-89081543-3156922930-1708769281-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (Trend Micro Inc.)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-89081543-3156922930-1708769281-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2003/05/29 12:53:12 | 00,001,320 | ---- | M] ()

[HKEY_USERS\S-1-5-21-89081543-3156922930-1708769281-1005\Software\Microsoft\Internet Explorer\MenuExt\]
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2003/05/29 12:53:12 | 00,001,320 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [2007/07/12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> [2007/07/12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> [2007/07/12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> [2007/07/12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-89081543-3156922930-1708769281-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> [2007/07/12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
musicmatch.com\online: https in Computer
2 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab -- Symantec AntiVirus scanner
{3BA3B159-7533-4F96-A2CE-EE5894BBD3D5}: http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab -- Scanner.SysScanner
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupdate/...b?1155777264953 -- WUWebControl Class
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1159149229453 -- MUWebControl Class
{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}: http://picture.vzw.com/activex/VerizonWire...loadControl.cab -- Verizon Wireless Media Upload
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{9600F64D-755F-11D4-A47F-0001023E6D5A}: http://web1.shutterfly.com/downloads/Uploader.cab -- Shutterfly Picture Upload Plugin
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab -- MSN Games - Installer
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
CabBuilder: http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{33C9F7A4-2539-4E56-AE16-56B872F3FBCF} (Servers: | Description: )
{34D00EBF-AF72-482B-A1D1-FF5123FB1E61} (Servers: | Description: ASIX AX88772 USB2.0 to Fast Ethernet Adapter)
{3551911D-E7EE-4268-9EA3-0ED8860C9335} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{8736E922-4FFF-484E-B54E-31A2A7062DDB} (Servers: | Description: 1394 Net Adapter)
{E908C22D-DE6C-4F9B-9460-D370C466B33B} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
DPWLN : "DllName" = C:\WINDOWS\system32\DPWLEvHd.dll -- C:\WINDOWS\system32\DPWLEvHd.dll (DigitalPersona, Inc.)
LBTWlgn: "DllName" = c:\program files\common files\logitech\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/08/16 03:43:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9539018a-2282-11dc-96d9-00038a000015}\Shell\AutoRun\command]
""=F:\wd_windows_tools\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/01/12 11:26:50 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KIM\Desktop\OTViewIt.exe
[2009/01/01 20:18:23 | 00,793,560 | ---- | C] () -- C:\Documents and Settings\KIM\Desktop\kimtomcubs.jpg
[2008/12/25 18:37:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\KIM\Application Data\Malwarebytes
[2008/12/25 18:37:04 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/25 18:37:04 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/25 18:37:01 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/25 18:37:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/25 18:36:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/25 16:11:13 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/25 16:11:13 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/25 16:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/12/25 16:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/25 12:27:14 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\KIM\Desktop\HijackThis.lnk
[2008/12/25 00:02:47 | 02,153,449 | ---- | C] () -- C:\Documents and Settings\KIM\Desktop\tma717.zip
[2008/12/19 23:46:17 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/19 23:45:37 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/12/19 23:45:25 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/12/19 23:45:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/12/19 23:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/12/17 20:36:56 | 00,050,147 | ---- | C] () -- C:\Documents and Settings\KIM\Desktop\scoot and ricker.jpg

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/12 17:09:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/12 17:08:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/12 17:08:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/12 17:08:22 | 10,721,03424 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/12 11:26:57 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KIM\Desktop\OTViewIt.exe
[2009/01/09 16:46:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/01/09 16:46:05 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/01/07 22:15:22 | 04,797,638 | -H-- | M] () -- C:\Documents and Settings\KIM\Local Settings\Application Data\IconCache.db
[2009/01/06 22:32:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/01/06 22:32:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/05 10:43:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/05 10:43:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/03 21:12:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/01/03 21:12:52 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/01/02 23:19:33 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/01/02 23:19:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/01/02 22:22:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/01 20:18:42 | 00,793,560 | ---- | M] () -- C:\Documents and Settings\KIM\Desktop\kimtomcubs.jpg
[2008/12/26 21:28:17 | 00,050,688 | ---- | M] () -- C:\Documents and Settings\KIM\My Documents\Kim's User IDs.doc
[2008/12/25 18:37:04 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/25 16:11:13 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/12/25 16:11:13 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/12/25 12:27:14 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\KIM\Desktop\HijackThis.lnk
[2008/12/25 00:02:50 | 02,153,449 | ---- | M] () -- C:\Documents and Settings\KIM\Desktop\tma717.zip
[2008/12/21 20:30:50 | 00,000,584 | ---- | M] () -- C:\Documents and Settings\KIM\My Documents\My Sharing Folders.lnk
[2008/12/20 00:08:46 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\KIM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/19 23:46:17 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/19 20:44:30 | 00,050,880 | ---- | M] () -- C:\Documents and Settings\KIM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/19 20:26:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/12/19 20:26:05 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/12/18 23:24:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/12/18 23:24:52 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/12/18 23:10:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/12/18 23:10:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/12/18 19:24:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/12/18 19:24:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/12/18 17:20:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/12/18 17:20:20 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/12/17 20:26:54 | 00,050,147 | ---- | M] () -- C:\Documents and Settings\KIM\Desktop\scoot and ricker.jpg
[2008/12/17 17:48:09 | 00,217,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/17 17:19:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/12/17 17:19:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/12/17 08:59:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/12/17 08:59:43 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/12/16 11:55:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/12/16 11:55:30 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/12/15 08:14:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/12/15 08:14:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/12/14 21:33:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/12/14 21:33:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/12/13 19:53:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/12/13 19:53:07 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
< End of report >



OTViewIt Extras Log:

OTViewIt Extras logfile created on: 1/12/2009 5:15:07 PM - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\KIM\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 273.34 Mb Available Physical Memory | 26.74% Memory free
2.40 Gb Paging File | 1.70 Gb Available in Paging File | 70.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.23 Gb Total Space | 7.77 Gb Free Space | 15.16% Space Free | Partition Type: NTFS
Drive D: | 17.21 Gb Total Space | 17.14 Gb Free Space | 99.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIMMAC
Current User Name: KIM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2004/04/07 11:07:34 | 00,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
[2004/04/07 11:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
[2004/09/01 10:56:56 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/08/31 12:58:32 | 00,194,072 | ---- | M] () -- C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2004/04/07 11:07:34 | 00,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
[2004/04/07 11:07:32 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
[2004/09/01 10:56:56 | 00,259,184 | ---- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/11/03 01:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/02/05 13:29:18 | 06,190,320 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
[2008/03/25 14:21:28 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2007/08/31 12:58:32 | 00,194,072 | ---- | M] () -- C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2008/04/13 18:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Professional
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}"=mSSO
"{07064832-a303-4c55-954a-39f06e36c9cd}"=DFX 8 for Musicmatch
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}"=SlideShow
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{0D251F37-10CB-46DF-BFA0-4702218DB0B6}"=ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}"=cp_OnlineProjectsConfig
"{1761ce4d-9849-446d-bd2c-50ef0bf209e2}"=DFX 8 for Yahoo! Music Jukebox and Windows Media Player
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}"=hph_readme
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{256AEBD0-41C6-471E-92B4-B256F5176A72}"=D7100
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}"=Broadcom Management Programs
"{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}"=Windows XP Winter Fun Pack Screensavers
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}"=Creative MediaSource
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}"=Sonic_PrimoSDK
"{3004FB81-7B9E-4808-BD13-BC5A530BA60B}"=cp_PrintOnCDConfig
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}"=SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}"=NetZeroInstallers
"{35A0AEE7-A74F-47B5-A573-CDE69F5C99D0}"=Rhapsody MP3 Download Manager
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}"=PanoStandAlone
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}"=OptionalContentQFolder
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}"=hph_software
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=URL Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}"=WIDCOMM Bluetooth Software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}"=Jasc Paint Shop Photo Album 5
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}"=CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{4667B940-BB01-428B-986E-A0CC46497BF7}"=ELIcon
"{48FEB597-0410-4A17-B134-0DEF3083B944}"=eMusic Download Manager
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}"=mHlpDell
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}"=HPProductAssistant
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}"=Sound Blaster Audigy ADVANCED MB
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{5439431a-7d8c-4df0-b3dd-fb8953119bc8}"=DFX 8 for RealNetworks
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}"=Amazon Unbox Video
"{5C6F884D-680C-448B-B4C9-22296EE1B206}"=Logitech Harmony Remote Software 7
"{6010CB17-4DC8-45F2-891F-D90C7B8670B7}"=MLB.TV Mosaic
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}"=AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}"=mWMI
"{66910000-8B30-4973-A159-6371345AFFA5}"=WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}"=RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.7
"{6909F917-5499-482e-9AA1-FAD06A99F231}"=Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}"=Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}"=Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{714B6179-84C4-4FBE-B934-B6CF75ED37A5}"=D6100_D7100_D7300_Help
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}"=EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}"=Jasc Paint Shop Pro Studio, Dell Editon
"{7A35F91E-1D16-454F-A248-B9B782A2327C}"=Dell Support 3.2.1
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}"=Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{82081779-4175-4666-A457-AB711CD37EF0}"=cp_LightScribeConfig
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}"=Wheel of Fortune 2
"{82E55892-6FFD-403F-AA97-D726846768AA}"=CP_AtenaShokunin1Config
"{8331C3EA-0C91-43AA-A4D4-27221C631139}"=Status
"{8471021C-F529-43DE-84DF-3612E10F58C4}"=Remote Control USB Driver
"{85D3CC30-8859-481A-9654-FD9B74310BEF}"=Musicmatch® Jukebox
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}"=SlideShowMusic
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8A9B8148-DDD7-448F-BD6C-358386D32354}"=Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}"=Andrea VoiceCenter
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}"=mDrWiFi
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}"=924PLC32
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}"=mDriver
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}"=InstantShareDevices
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}"=Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}"=Adobe Reader 6.0.1
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}"=hph_ProductContext
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{AF19F291-F22F-4798-9662-525305AE9E48}"=WordPerfect Office 12
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}"=Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}"=hph_software_req
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}"=cp_PosterPrintConfig
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6286A44-7505-471A-A72B-04EC2DB2F442}"=CueTour
"{B6884A07-0305-47AE-9969-8F26FADC17DE}"=Games, Music, & Photos Launcher
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}"=CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}"=HP Software Update
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}"=PhotoGallery
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}"=LG USB Modem driver
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}"=cp_UpdateProjectsConfig
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}"=Microsoft Plus! Digital Media Edition
"{C6C136D9-B41E-46ED-A8ED-A84D18B7CA31}"=DigitalPersona Password Manager 1.0.1
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}"=SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}"=HP Photosmart and Deskjet 7.0 Software
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}"=TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}"=Search Assist
"{E06C8E13-7A8C-434C-8548-34BC4762212D}"=Logitech Harmony Remote Software 7
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}"=Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}"=Musicmatch for Windows Media Player
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}"=Trend Micro PC-cillin Internet Security 14
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}"=Yahoo! Music Jukebox
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}"=CP_CalendarTemplates1
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}"=Microsoft Plus! for Windows XP
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F157460F-720E-482f-8625-AD7843891E5F}"=InstantShareDevicesMFC
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AIM_6"=AIM 6
"AIMTunes"=AIMTunes
"Amazon MP3 Downloader"=Amazon MP3 Downloader 1.0.3
"AnarkClient"=Anark Client 1.0
"AOL Connectivity Services"=AOL Connectivity Services
"AOL Uninstaller"=AOL Uninstaller (Choose which Products to Remove)
"AOLCoach"=AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver"=ATI Display Driver
"Autobahn"=MLB.TV NexDef Plug-in
"B3EE3001-DC24-4cd1-8743-5692C716659F"=Otto
"BitTornado"=BitTornado 0.3.17
"CANONBJ_Deinstall_CNMCP58.DLL"=Canon i560
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3"=Conexant HDA D110 MDC V.92 Modem
"Dell Digital Jukebox Driver"=Dell Digital Jukebox Driver
"Dell Game Console"=Dell Game Console
"Dell Photo AIO Printer 924"=Dell Photo AIO Printer 924
"DFX for MUSICMATCH"=DFX for MUSICMATCH
"DFX for Winamp"=DFX 8 for Winamp
"EmeraldQFE2"=Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion"=ESPNMotion
"G-Force"=G-Force
"HijackThis"=HijackThis 2.0.2
"Holiday Snowflakes Screen Saver_is1"=Holiday Snowflakes Screen Saver 1.2
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Photo & Imaging"=HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools"=HP Solution Center 7.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}"=Amazon Unbox Video
"InstallShield_{6010CB17-4DC8-45F2-891F-D90C7B8670B7}"=MLB.TV Mosaic
"LiveUpdate"=LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Move Networks Player_is1"=Move Networks Player for Internet Explorer
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant"=MSN Music Assistant
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PENTAX Digital Camera Utility"=PENTAX Digital Camera Utility
"ProInst"=Intel® PROSet/Wireless Software
"QQ Games"=QQ Games
"RealPlayer 6.0"=RealPlayer
"RescuePRO-3.0"=RescuePRO 3.3
"Rhapsody"=Rhapsody
"SAMB_ADVMB_FILTER_DRV"=Sound Blaster ADVANCED MB Drivers
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Sierra Utilities"=Sierra Utilities
"Sound Blaster Audigy ADVANCED MB Product Registration"=Sound Blaster Audigy ADVANCED MB Product Registration
"Sound Forge 4.5h"=Sound Forge 4.5h
"SprintMusicManagerA"=Sprint music manager
"Swarmcast-MLB-TV-Mosaic"=Swarmcast for MLB-TV-Mosaic
"SyaKali"=SyaKali
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"TmPcc"=Trend Micro PC-cillin Internet Security 14
"VCast Music Essentials Manager"=V CAST Music Manager
"ViewpointMediaPlayer"=Viewpoint Media Player
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb"=WebCyberCoach 3.2 Dell
"WildTangent CDA"=WildTangent Web Driver
"Winamp"=Winamp (remove only)
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-89081543-3156922930-1708769281-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2008 11:44:00 PM | Computer Name = KIMMAC | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 8.0.1.11, faulting module
itunes.exe, version 8.0.1.11, fault address 0x00075bcb.

Error - 11/20/2008 10:25:44 PM | Computer Name = KIMMAC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2008 10:26:07 PM | Computer Name = KIMMAC | Source = Application Hang | ID = 1001
Description = Fault bucket 939517030.

Error - 12/16/2008 2:16:26 PM | Computer Name = KIMMAC | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
tmas_oeapi.dll, version 3.53.0.1042, fault address 0x000022b0.

Error - 12/17/2008 6:18:41 PM | Computer Name = KIMMAC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 10:33:44 PM | Computer Name = KIMMAC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 10:33:46 PM | Computer Name = KIMMAC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 10:33:47 PM | Computer Name = KIMMAC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16762, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2008 12:01:56 AM | Computer Name = KIMMAC | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2009 1:27:30 PM | Computer Name = KIMMAC | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.21.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/12/2009 11:16:11 AM | Computer Name = KIMMAC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 1/12/2009 11:16:12 AM | Computer Name = KIMMAC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service DPFUSMgr with
arguments "" in order to run the server: {A5F087F1-543B-11D5-87D4-00010242D7FF}

Error - 1/12/2009 11:17:30 AM | Computer Name = KIMMAC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001302D32EED has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/12/2009 11:34:58 AM | Computer Name = KIMMAC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 1/12/2009 11:35:02 AM | Computer Name = KIMMAC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service DPFUSMgr with
arguments "" in order to run the server: {A5F087F1-543B-11D5-87D4-00010242D7FF}

Error - 1/12/2009 11:35:03 AM | Computer Name = KIMMAC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service DPFUSMgr with
arguments "" in order to run the server: {A5F087F1-543B-11D5-87D4-00010242D7FF}

Error - 1/12/2009 7:06:59 PM | Computer Name = KIMMAC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service DPFUSMgr with
arguments "" in order to run the server: {A5F087F1-543B-11D5-87D4-00010242D7FF}

Error - 1/12/2009 7:08:43 PM | Computer Name = KIMMAC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 1/12/2009 7:08:47 PM | Computer Name = KIMMAC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service DPFUSMgr with
arguments "" in order to run the server: {A5F087F1-543B-11D5-87D4-00010242D7FF}

Error - 1/12/2009 7:08:49 PM | Computer Name = KIMMAC | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service DPFUSMgr with
arguments "" in order to run the server: {A5F087F1-543B-11D5-87D4-00010242D7FF}


< End of report >

Thank you for your time!

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:58 PM

Posted 12 January 2009 - 10:40 PM

Hello, maccyx
That log appears fine to me.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 maccyx

maccyx
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 13 January 2009 - 01:57 PM

Thanks Billy.

I uninstalled all previous versions of Java and Installed the new Java.

I ran ESET Antivirus and it found no threats.

Here is the log file:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3762 (20090113)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=c12baee2ebd8984eaff0bca532a4f4ac
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-13 06:24:39
# local_time=2009-01-13 12:24:39 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=325926
# found=0
# scan_time=5104

Thanks again for your time.

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:58 PM

Posted 13 January 2009 - 08:46 PM

Hello, maccyx

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please reopen Posted Image on your desktop.
  • Push the large "Cleanup" button
  • Allow your system to reboot
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
BillyIII

Edited by Billy O'Neal, 13 January 2009 - 08:46 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:58 PM

Posted 15 January 2009 - 08:55 PM

Hello, maccyx
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users