Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Internet Connectivity


  • This topic is locked This topic is locked
14 replies to this topic

#1 GraemeRH

GraemeRH

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 24 January 2009 - 09:28 AM

Greetings - I have recently purchased this Vista PC and after a few days use it was obvious that the computer was not behaving normally. Scanning the PC with 'Malwarebyte's Anti-Malware' and 'Spybot Search & Destroy' showed up numerous malware items, the majority of which I was able to delete. However, there were a number of items that I was not able to remove.

Since then, the PC has on occasions lost connectivity to the internet and the only method of re-connecting to the internet was to do a 'System Restore' to the previous day. This seemed to work for a while (2 days approx.) and then the problem would occur again and I again would have to do another 'System Restore' to achieve internet connection.

Because of this, I very much suspect that there may be something lying deep in the Registry that's causing this problem.

Therefore I would be most grateful if you would please examine my HJT logfile below to see how the problem can be corrected.

Thanking you in advance for your help in this matter.


GraemeRH.

ps. I can't see any 'attachment' option on this webpage and I haven't got a 'zip' facility on this PC as yet, therefore, I'm posting the 'ATTACH' text underneath the HJT log text. I hope this is ok.



DDS (Ver_09-01-19.01) - NTFSx86
Run by Graeme Hewitt at 13:47:38.38 on 24/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.2007 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\D-Link\DSL-200\DslStat.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Graeme Hewitt\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0908&m=imedia_x2416
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0908&m=imedia_x2416
uInternet Settings,ProxyOverride = <local>;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Registry Cleaner Scheduler] "c:\program files\cleanmypc\registry cleaner\RCHelper.exe" /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [DSLSTATEXE] c:\program files\d-link\dsl-200\dslstat.exe icon
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\philips snu5600 wireless usb adapter utility\PHUSBBGMonitor.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230922809176
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1230923003_4af40ab600a312e2aea76e81348a25b9&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-24 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-2 111184]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-7-31 44576]
R4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-10 124832]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-2 20560]
R4 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-1-2 51792]
R4 ETService;Empowering Technology Service;c:\program files\packardbell\packard bell recovery management\service\ETService.exe [2008-8-31 24576]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 942416]
R4 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2008-12-4 226640]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-1-3 55264]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-31 24064]
S3 O4501;802.11g Wireless USB Adapter Service;c:\windows\system32\drivers\O4501U.sys [2007-6-28 870400]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2005-1-31 163328]

=============== Created Last 30 ================

2009-01-24 12:54 <DIR> --d----- c:\users\graeme~1\appdata\roaming\CleanMyPC Software
2009-01-24 12:52 <DIR> --d----- c:\program files\CleanMyPC
2009-01-24 12:09 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-24 12:03 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-24 12:02 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 12:02 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 12:02 <DIR> --d----- c:\program files\Lavasoft
2009-01-23 15:31 <DIR> --d----- c:\users\graeme~1\appdata\roaming\DriverCure
2009-01-23 15:30 <DIR> --d----- c:\programdata\ParetoLogic
2009-01-23 15:30 <DIR> --d----- c:\programdata\DriverCure
2009-01-23 15:30 <DIR> --d----- c:\program files\ParetoLogic
2009-01-23 15:30 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-01-23 15:30 <DIR> --d----- c:\progra~2\ParetoLogic
2009-01-23 15:30 <DIR> --d----- c:\progra~2\DriverCure
2009-01-23 15:30 <DIR> --d----- c:\programdata\Downloaded Installations
2009-01-23 15:30 <DIR> --d----- c:\progra~2\Downloaded Installations
2009-01-23 15:23 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-01-22 09:34 <DIR> --d----- c:\program files\alot
2009-01-21 14:15 427,864 a------- c:\windows\system32\XceedZip.dll
2009-01-21 14:15 1,686,016 a------- c:\windows\system32\clinetsuitex6.ocx
2009-01-21 14:15 662,288 a------- c:\windows\system32\MSCOMCT2.OCX
2009-01-21 14:11 <DIR> --d----- c:\users\graeme~1\appdata\roaming\Blitware
2009-01-21 14:10 <DIR> --d----- c:\program files\Driver Robot
2009-01-21 13:49 <DIR> --d----- c:\program files\common files\xing shared
2009-01-21 13:49 <DIR> --d----- c:\program files\common files\Real
2009-01-17 18:16 <DIR> --d----- c:\programdata\Azureus
2009-01-17 18:16 <DIR> --d----- c:\progra~2\Azureus
2009-01-17 18:15 <DIR> --d----- c:\users\graeme~1\appdata\roaming\Azureus
2009-01-17 18:15 <DIR> --d----- c:\program files\Vuze
2009-01-17 18:15 <DIR> --d----- c:\program files\common files\i4j_jres
2009-01-17 17:36 <DIR> --d----- c:\programdata\PC Drivers HeadQuarters
2009-01-17 17:36 <DIR> --d----- c:\progra~2\PC Drivers HeadQuarters
2009-01-17 13:31 <DIR> --d----- c:\windows\pss
2009-01-14 09:54 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-05 11:23 24,576 a------- c:\temp\IadHide3.dll
2009-01-04 14:05 <DIR> --d----- c:\program files\EasyWeather
2009-01-03 17:12 81,920 a----r-- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2009-01-03 17:05 0 a------- C:\Debug.QC6
2009-01-03 16:34 466 a------- c:\users\graeme~1\appdata\roaming\wklnhst.dat
2009-01-03 16:13 376 a------- c:\windows\ODBC.INI
2009-01-03 16:13 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-03 16:12 <DIR> --d----- c:\program files\common files\L&H
2009-01-03 11:25 69 a------- c:\windows\NeroDigital.ini
2009-01-03 11:08 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-01-03 11:08 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-01-03 10:42 <DIR> --d----- c:\users\graeme hewitt\Tracing
2009-01-03 10:41 55,264 a------- c:\windows\system32\drivers\fssfltr.sys
2009-01-03 10:40 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-01-03 10:40 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-01-03 10:39 <DIR> --d----- c:\program files\Microsoft
2009-01-03 10:38 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-03 10:30 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-03 10:24 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-01-03 10:23 <DIR> --d----- c:\programdata\WLInstaller
2009-01-02 21:03 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-01-02 21:02 117,760 a------- c:\windows\system32\hpz3l4v2.dll
2009-01-02 21:00 <DIR> --d----- c:\temp\FixEngine
2009-01-02 21:00 <DIR> --d----- C:\temp
2009-01-02 20:59 <DIR> --d----- c:\program files\Hp
2009-01-02 20:45 <DIR> --d----- c:\program files\Trend Micro
2009-01-02 19:18 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-01-02 19:18 <DIR> --d----- c:\programdata\CheckPoint
2009-01-02 19:18 <DIR> --d----- c:\progra~2\CheckPoint
2009-01-02 19:17 <DIR> --d----- c:\windows\Internet Logs
2009-01-02 19:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-02 18:27 <DIR> --d----- c:\programdata\Lavasoft
2009-01-02 18:20 <DIR> --d----- c:\users\graeme~1\appdata\roaming\Malwarebytes
2009-01-02 18:20 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-02 18:20 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 18:20 <DIR> --d----- c:\programdata\Malwarebytes
2009-01-02 18:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 18:20 <DIR> --d----- c:\progra~2\Malwarebytes
2009-01-02 18:11 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-01-02 18:11 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-02 18:11 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-01-02 17:58 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-01-02 17:55 2,048 a------- c:\windows\system32\tzres.dll
2009-01-02 17:53 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-02 17:48 269,312 a------- c:\windows\system32\es.dll
2009-01-02 17:48 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-01-02 17:48 430,080 a------- c:\windows\system32\vbscript.dll
2009-01-02 17:48 180,224 a------- c:\windows\system32\scrobj.dll
2009-01-02 17:48 172,032 a------- c:\windows\system32\scrrun.dll
2009-01-02 17:48 155,648 a------- c:\windows\system32\wscript.exe
2009-01-02 17:48 135,168 a------- c:\windows\system32\wshom.ocx
2009-01-02 17:48 135,168 a------- c:\windows\system32\cscript.exe
2009-01-02 17:48 90,112 a------- c:\windows\system32\wshext.dll
2009-01-02 17:48 738,304 a------- c:\windows\system32\inetcomm.dll
2009-01-02 17:48 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-01-02 17:41 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-01-02 17:41 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-01-02 17:41 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-01-02 17:41 15,360 a------- c:\windows\system32\pacerprf.dll
2009-01-02 17:41 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-01-02 17:41 296,960 a------- c:\windows\system32\gdi32.dll
2009-01-02 17:41 147,456 a------- c:\windows\system32\Faultrep.dll
2009-01-02 17:41 125,952 a------- c:\windows\system32\wersvc.dll
2009-01-02 17:32 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-02 17:32 83,456 a------- c:\windows\system32\wudriver.dll
2009-01-02 17:32 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-02 17:32 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-02 15:33 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-01-02 15:33 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-01-02 14:57 <DIR> --d----- c:\program files\philips
2009-01-02 14:57 <DIR> --d----- c:\windows\{9259CB83-6520-4E12-8E71-CB92B0F36259}
2008-12-28 14:32 358,076 a------- c:\windows\ISUN16.EXE
2008-12-27 12:57 <DIR> --d----- c:\users\graeme~1\appdata\roaming\Packard Bell
2008-12-27 11:40 <DIR> --d----- c:\programdata\FLEXnet
2008-12-26 19:14 160,963 a------- c:\windows\system32\drivers\gtipdsp.bin
2008-12-26 19:14 150,369 a------- c:\windows\system32\drivers\gwausb.sys
2008-12-26 19:14 37,376 a------- c:\windows\system32\CoInst.dll
2008-12-26 19:13 <DIR> --d----- c:\program files\D-Link
2008-12-26 19:13 16,308 -------- c:\windows\wwdslcfg.ini
2008-12-26 19:13 12,288 -------- c:\windows\system32\CplEng.dll
2008-12-26 16:42 <DIR> --d----- c:\users\graeme~1\appdata\roaming\Symantec
2008-12-26 16:35 <DIR> --d----- c:\programdata\Partner
2008-12-26 16:35 <DIR> --d----- c:\progra~2\Partner
2008-12-26 16:34 <DIR> --d----- c:\programdata\Google
2008-12-26 16:33 <DIR> --d----- c:\users\Graeme Hewitt

==================== Find3M ====================

2009-01-17 17:35 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-17 17:35 51,200 a------- c:\windows\inf\infpub.dat
2009-01-17 17:15 86,016 a------- c:\windows\inf\infstor.dat
2008-12-12 21:47 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-04 22:55 307,560 a------- c:\windows\WLXPGSS.SCR
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-11-01 03:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 03:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 03:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 03:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 03:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-11-01 03:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-11-01 01:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 a------- c:\windows\explorer.exe
2008-08-21 20:54 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 02:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:48:11.99 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 01/09/2008 00:29:32
System Uptime: 24/01/2009 12:24:59 (1 hours ago)

Motherboard: Packard Bell BV | | MCP73PVT-PM
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2336/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 586 GiB total, 467.525 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Flash Player ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader 8.1.0
Adobe Shockwave Player
ALOT Toolbar
avast! Antivirus
Choice Guard
CleanMyPC - Registry Cleaner
Compatibility Pack for the 2007 Office system
DriverAgent by eSupport.com
DSL-200 DSL Modem
EasyWeather
Google Desktop
Google Toolbar for Internet Explorer
HDReg
HijackThis 2.0.2
HP Driver Diagnostics
Image Writer
Java™ 6 Update 11
Junk Mail filter update
LCD test
Logitech Desktop Messenger
Malwarebytes' Anti-Malware
MetaBoli
Microsoft Application Error Reporting
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Publisher 2002
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
Nero 8 Essentials
neroxml
NVIDIA Drivers
Packard Bell Recovery Management
ParetoLogic DriverCure
Philips SNU5600 Wireless USB Adapter
Philips SNU5600 Wireless USB Adapter 11b/g
Picasa 3
RealPlayer
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Setup My PC
Skype™ 3.6
Spybot - Search & Destroy
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Updator
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 03 February 2009 - 07:47 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
    Alternate Download Site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log
  • GMER Scan log
  • Re-Run Malwarebytes Anti-Malware and post the log(quick scan)
  • What Problems do you still have?

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 GraemeRH

GraemeRH
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 04 February 2009 - 05:39 PM

Thanks extremeboy.

I was ok with the first 3 items (OTViewIT.txt and Extra.txt and Kaspersk's Log). Please see below for these log files.

However I was a bit unsure when it came to the GMER section as I didn't have any unzip program installed at the time, so I hunted around on the internet and managed to find 7zipfree_8675, and so I downloaded and installed that and then tried to unzip the GMER exe file. I'm not sure if that worked or not as it wasn't obvious that any scan was in progress.

How long does it take to scan using GMER (it took 70 minutes for the Kaspersky scan to complete)?

There didn't appear to be a 'gmer.sys' option window (perhaps I didn't wait long enough). Also, there wasn't a 'settings' option on the screen.

Perhaps you would be good enough to advise me if and where I'm going wrong at this section of the analysis.

Below are the 3 text files for the first 3 logs as requested.


OTViewIt logfile created on: 04/02/2009 20:04:32 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Graeme Hewitt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 87.10% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 468.15 Gb Free Space | 79.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.76 Gb Total Space | 459.22 Gb Free Space | 98.60% Space Free | Partition Type: NTFS

Computer Name: HIGHSOCIETY
Current User Name: Graeme Hewitt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/21 02:23:42 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/21 02:23:44 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/09/17 23:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2008/01/21 02:25:00 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 09:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/11/26 17:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/11/26 17:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2009/01/31 12:03:55 | 00,950,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
[2008/01/21 02:24:44 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/01/21 02:24:44 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2005/07/26 20:19:00 | 00,356,352 | ---- | M] (D-Link, Inc.) -- C:\Program Files\D-Link\DSL-200\DslStat.exe
[2008/11/26 17:18:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/01/21 02:24:44 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/09/10 23:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
[2009/01/24 16:43:41 | 00,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
[2008/07/16 13:00:00 | 00,024,576 | ---- | M] () -- C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
[2009/01/24 16:43:40 | 01,797,880 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
[2008/01/21 02:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2008/12/26 16:34:38 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/01/21 02:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/01/21 02:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2008/02/18 16:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[2007/06/20 15:09:30 | 01,077,248 | ---- | M] () -- C:\Program Files\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe
[2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\IoctlSvc.exe
[2007/12/07 20:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[2008/12/04 16:03:00 | 00,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[2008/05/27 05:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/11/26 17:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/01/21 02:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2008/01/21 02:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2008/11/26 17:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/01/21 02:24:28 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008/01/21 02:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2009/01/31 12:03:55 | 00,509,784 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
[2008/01/21 02:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2008/01/21 02:24:49 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2009/01/15 08:59:17 | 00,239,216 | ---- | M] () -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
[2008/12/08 17:01:52 | 00,224,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
[2009/01/21 13:49:33 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/01/21 02:23:50 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/02/04 20:02:44 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Graeme Hewitt\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/10 23:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto | Running])
[2008/11/26 17:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2008/11/26 17:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/11/26 17:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/11/26 17:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/01/21 02:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2009/01/24 16:43:41 | 00,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/21 02:23:41 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/21 02:24:35 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/21 02:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 12:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/07/16 13:00:00 | 00,024,576 | ---- | M] () -- C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService [Auto | Running])
[2008/08/21 21:08:35 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/01/21 02:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/12/08 17:01:58 | 00,533,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
[2008/08/31 23:31:16 | 00,024,064 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100 [On_Demand | Stopped])
[2008/01/21 02:24:55 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2009/01/15 09:44:02 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2009/01/31 12:03:55 | 00,950,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
[2009/01/20 10:31:36 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/02/18 16:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2008/01/21 02:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/04/28 16:16:06 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2008/09/17 23:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
[2008/01/21 02:24:20 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/12/04 16:03:00 | 00,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
[2008/01/21 02:25:00 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 09:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/01/21 02:24:08 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/21 02:25:00 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/21 02:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/27 05:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008/01/21 02:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/21 02:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/21 02:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/21 02:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2008/01/21 02:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/21 02:23:01 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2008/01/21 02:23:00 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2008/01/21 02:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2008/01/21 02:23:00 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2008/01/21 02:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008/11/26 17:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/11/26 17:17:15 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
[2008/11/26 17:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
[2008/11/26 17:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/11/26 17:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2008/01/21 02:23:01 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2008/01/21 02:23:53 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 08:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2008/01/21 02:23:26 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/21 02:23:54 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2009/01/24 16:43:41 | 00,099,344 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2009/01/24 16:43:41 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2008/01/21 02:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/01/21 02:23:22 | 00,024,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2008/01/21 02:23:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/21 02:24:55 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/01/21 02:23:01 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4 [On_Demand | Running])
[2008/01/21 02:23:03 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Running])
[2008/01/21 02:23:01 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Running])
[2008/08/02 01:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2008/01/21 02:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/21 02:23:39 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2008/01/21 02:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/21 02:23:00 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev [Disabled | Stopped])
[2008/01/21 02:25:02 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/21 02:24:04 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/21 02:24:21 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/12/08 17:01:52 | 00,055,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr [On_Demand | Stopped])
[2008/01/21 02:23:22 | 00,061,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/11/02 07:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/01/21 02:23:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 08:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 08:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2008/01/21 02:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2009/01/24 16:43:41 | 00,072,720 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys -- (Inspect [On_Demand | Running])
[2008/07/16 12:56:06 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15 [Auto | Running])
[2008/06/26 07:57:22 | 02,134,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/01/21 02:23:22 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/21 02:23:01 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2009/01/24 12:03:01 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd [Boot | Running])
[2008/01/21 02:24:37 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/21 02:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/21 02:24:37 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2005/01/31 10:12:46 | 00,022,016 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2008/01/21 02:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/21 02:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR [Disabled | Stopped])
[2008/01/21 02:23:22 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2008/01/21 02:23:20 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/21 02:24:47 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/27 01:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/21 02:24:28 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2008/01/21 02:23:00 | 00,028,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2008/01/21 02:23:21 | 00,094,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/21 02:23:01 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/21 02:24:26 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/20 02:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/21 02:24:47 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2008/08/05 04:29:26 | 00,044,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA [On_Demand | Running])
[2008/09/17 23:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008/01/21 02:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2008/06/06 11:13:10 | 00,145,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32 [Boot | Running])
[2008/01/21 02:23:01 | 00,109,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2007/06/28 03:41:34 | 00,870,400 | ---- | M] (Copyright © 2001-2007 Arcadyan Technology Corporation.) -- C:\Windows\System32\drivers\O4501U.sys -- (O4501 [On_Demand | Stopped])
[2004/10/25 14:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50 [Auto | Running])
[2006/11/02 09:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2005/01/31 10:13:22 | 00,163,328 | ---- | M] () -- C:\Windows\System32\drivers\LV532AV.SYS -- (PID_0920 [On_Demand | Stopped])
[2008/04/05 01:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2008/07/31 22:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/01/21 02:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/21 02:23:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/21 02:25:05 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/21 02:24:50 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/21 02:24:37 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 07:30:56 | 00,044,544 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
[2006/11/02 09:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/21 02:23:20 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2008/01/21 02:23:23 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/01/21 02:23:01 | 00,055,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2008/01/21 02:23:26 | 00,041,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2008/01/21 02:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/21 02:25:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/21 02:24:11 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/21 02:24:59 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/21 02:23:45 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/21 02:23:43 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/21 02:24:53 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/21 02:24:59 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/21 02:24:25 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Stopped])
[2009/01/23 15:23:26 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\Windows\System32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2008/01/21 02:23:22 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2008/01/21 02:23:01 | 00,060,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2008/01/21 02:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/21 02:23:22 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2008/01/21 02:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2006/11/02 08:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/01/21 02:23:02 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2008/01/21 02:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2008/01/21 02:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/21 02:23:01 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/21 02:24:27 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2008/01/21 02:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 08:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2005/07/26 20:17:00 | 00,150,369 | ---- | M] (GlobespanVirata Inc.) -- C:\Windows\System32\drivers\gwausb.sys -- (wanusb [On_Demand | Stopped])
[2008/01/21 02:23:24 | 00,022,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Boot | Running])
[2008/01/21 02:23:51 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2008/01/21 02:23:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2008/01/21 02:24:47 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0908&m=imedia_x2416

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0908&m=imedia_x2416
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.google.com
"SearchDefaultBranded"=
"Start Page"=http://www.google.co.uk/
"StartPageCache"=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>;localhost

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0908&m=imedia_x2416
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.google.com
"SearchDefaultBranded"=
"Start Page"=http://www.google.co.uk/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>;localhost

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (HKLM) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h ()
"DSLSTATEXE"=C:\Program Files\D-Link\DSL-200\dslstat.exe icon (D-Link, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 21:47:18 | 03,751,995 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 21:47:18 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 21:47:18 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 21:47:18 | 03,751,995 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2008/12/02 22:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2008/12/02 22:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1230922809176 -- MUWebControl Class
{6F15128C-E66A-490C-B848-5000B5ABEEAC}: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab -- HP Download Manager
{80AEEC0E-A2BE-4B8D-985F-350FE869DC40}: http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab -- HPDDClientExec Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{27FA60FB-5855-47ED-90FC-73C7DFD953D2} (Servers: | Description: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0))
{8B1729E6-7AE5-46CD-B04C-55B4246E445D} (Servers: | Description: Philips SNU5600 Wireless USB Adapter 11b/g)
{F80A8D4D-7782-44AB-8600-A80BEB2EF0EF} (Servers: | Description: Philips SNU5600 Wireless USB Adapter 11b/g)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\guard32.dll
>[2008/08/31 23:31:16 | 00,113,664 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>[2009/01/24 16:43:41 | 00,147,192 | ---- | M] () -- C:\Windows\System32\guard32.dll

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/21 02:24:37 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/21 02:24:37 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 21:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

autorun.inf [[autorun] | icon = .\Maxtor_Desktop.ico | ]
[2007/06/04 07:12:00 | 00,000,038 | ---- | M] () -- I:\autorun.inf -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/02/04 20:02:43 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Graeme Hewitt\Desktop\OTViewIt.exe
[2009/02/04 16:34:14 | 00,013,478 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Clarinet story.docx
[2009/02/04 09:42:41 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\Skype
[2009/02/03 14:01:29 | 00,013,151 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Acker Dave Morgan.docx
[2009/02/02 10:16:42 | 00,040,960 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\ADDRESSES09.xlr
[2009/02/01 13:20:08 | 00,011,750 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\DAVE MORGAN.docx
[2009/02/01 13:20:08 | 00,000,162 | -H-- | C] () -- C:\Users\Graeme Hewitt\Documents\~$VE MORGAN.docx
[2009/02/01 12:40:46 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\ParetoLogic
[2009/01/30 19:10:49 | 00,000,000 | ---D | C] -- C:\Program Files\Ubi Soft
[2009/01/30 19:09:58 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2009/01/29 17:59:25 | 00,011,323 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Mr Ripton.docx
[2009/01/29 16:08:34 | 00,001,113 | ---- | C] () -- C:\Users\Graeme Hewitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/01/29 11:34:03 | 00,011,892 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Norton Grange.docx
[2009/01/28 14:55:35 | 00,000,398 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\ADDRESSES-2009.lnk
[2009/01/28 14:55:24 | 00,000,392 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\BANDFANS 2009.lnk
[2009/01/24 17:12:25 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Local\Comodo
[2009/01/24 17:04:35 | 00,000,950 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2009/01/24 16:43:42 | 00,147,192 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2009/01/24 16:43:42 | 00,099,344 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009/01/24 16:43:42 | 00,072,720 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/01/24 16:43:42 | 00,025,104 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009/01/24 16:43:42 | 00,000,000 | ---D | C] -- C:\ProgramData\comodo
[2009/01/24 16:43:41 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/01/24 13:46:49 | 00,368,971 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\dds.scr
[2009/01/24 12:56:33 | 12,863,769 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\SystemBackupAfter RegistryClean.cab
[2009/01/24 12:54:34 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\CleanMyPC Software
[2009/01/24 12:52:19 | 00,000,908 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\CleanMyPC - Registry Cleaner.lnk
[2009/01/24 12:52:18 | 00,000,000 | ---D | C] -- C:\Program Files\CleanMyPC
[2009/01/24 12:09:01 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/01/24 12:03:13 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/01/24 12:03:09 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/01/24 12:02:01 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/01/24 12:02:00 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/01/24 11:45:21 | 00,000,222 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Internet Options - Shortcut.lnk
[2009/01/23 15:31:00 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\DriverCure
[2009/01/23 15:30:51 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/01/23 15:30:51 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverCure
[2009/01/23 15:30:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2009/01/23 15:23:26 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Local\eSupport.com
[2009/01/22 09:34:17 | 00,000,000 | ---D | C] -- C:\Program Files\alot
[2009/01/21 14:44:27 | 03,107,830 | -H-- | C] () -- C:\Users\Graeme Hewitt\AppData\Local\IconCache.db
[2009/01/21 14:15:29 | 00,427,864 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll
[2009/01/21 14:15:28 | 01,686,016 | ---- | C] (Clever Components) -- C:\Windows\System32\clinetsuitex6.ocx
[2009/01/21 14:15:28 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2009/01/21 14:11:02 | 00,000,410 | ---- | C] () -- C:\Windows\tasks\DriverRobot.job
[2009/01/21 14:11:01 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\Blitware
[2009/01/21 14:10:55 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Robot
[2009/01/21 13:49:44 | 00,001,039 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2009/01/21 13:49:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/01/21 13:49:34 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/01/21 13:49:34 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/01/21 13:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/01/21 13:49:31 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\Real
[2009/01/20 12:59:50 | 00,010,991 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\IF I HAD A TALKING PICTURE OF YOU Eb.docx
[2009/01/20 12:47:33 | 00,010,471 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\HIGHER GROUND F.docx
[2009/01/19 14:19:07 | 00,013,636 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Trading Standards.docx
[2009/01/18 12:50:24 | 00,012,541 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Pipex jan 09.docx
[2009/01/17 18:37:11 | 00,000,172 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Torrents Search Engine.url
@Alternate Data Stream - 894 bytes -> C:\Users\Graeme Hewitt\Desktop\Torrents Search Engine.url:favicon
[2009/01/17 18:29:08 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\Documents\Azureus Downloads
[2009/01/17 18:16:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2009/01/17 18:15:59 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\Azureus
[2009/01/17 18:15:39 | 00,001,635 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/01/17 18:15:24 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2009/01/17 18:15:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2009/01/17 17:36:00 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/01/17 17:34:50 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Local\Downloaded Installations
[2009/01/17 13:34:45 | 00,001,987 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Windows Live Messenger .lnk
[2009/01/17 13:31:37 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/01/17 12:08:10 | 00,001,699 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Notepad.lnk
[2009/01/16 17:00:19 | 00,008,563 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\PETROL.xlsx
[2009/01/16 16:39:19 | 00,011,103 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\GAS ELECTRIC.xlsx
[2009/01/16 16:36:35 | 00,010,959 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\GAS ELECTRIC.xlsx
[2009/01/15 11:04:56 | 00,002,585 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Microsoft Office Excel 2007.lnk
[2009/01/15 11:04:26 | 00,002,627 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Microsoft Office Word 2007.lnk
[2009/01/15 10:51:04 | 00,018,944 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Sue Harwood.wps
[2009/01/14 09:54:44 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/01/11 13:52:45 | 00,001,054 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Max Collie.nrd
[2009/01/10 18:28:53 | 00,010,561 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\GRAEME HEWITT's High Society Jazz Band.docx
[2009/01/10 17:54:17 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Local\Microsoft Help
[2009/01/10 17:52:07 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\Documents\OneNote Notebooks
[2009/01/09 12:03:18 | 00,000,216 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Date and Time - Shortcut.lnk
[2009/01/09 10:05:34 | 00,021,504 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Tilehurst BL Club.wps

========== Files - Modified Within 30 Days ==========

[2009/02/04 20:02:44 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Graeme Hewitt\Desktop\OTViewIt.exe
[2009/02/04 20:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-Graeme Hewitt.job
[2009/02/04 19:24:53 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/04 19:24:53 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/04 17:26:42 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/02/04 16:34:15 | 00,013,478 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Clarinet story.docx
[2009/02/04 15:26:58 | 00,002,627 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Microsoft Office Word 2007.lnk
[2009/02/04 09:29:21 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/04 09:29:21 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/04 09:29:21 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/04 09:25:07 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/02/04 09:24:56 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/04 09:24:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/04 09:24:48 | 32,203,61216 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/03 14:04:05 | 03,107,830 | -H-- | M] () -- C:\Users\Graeme Hewitt\AppData\Local\IconCache.db
[2009/02/03 14:01:30 | 00,013,151 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Acker Dave Morgan.docx
[2009/02/02 17:26:57 | 00,040,960 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\ADDRESSES09.xlr
[2009/02/02 17:26:57 | 00,000,708 | ---- | M] () -- C:\Users\Graeme Hewitt\AppData\Roaming\wklnhst.dat
[2009/02/02 12:03:02 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/02/01 14:00:50 | 00,011,750 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\DAVE MORGAN.docx
[2009/02/01 13:20:08 | 00,000,162 | -H-- | M] () -- C:\Users\Graeme Hewitt\Documents\~$VE MORGAN.docx
[2009/01/30 15:10:27 | 00,011,103 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\GAS ELECTRIC.xlsx
[2009/01/29 18:00:07 | 00,011,892 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Norton Grange.docx
[2009/01/29 17:59:25 | 00,011,323 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Mr Ripton.docx
[2009/01/29 16:08:34 | 00,001,113 | ---- | M] () -- C:\Users\Graeme Hewitt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/01/28 14:55:35 | 00,000,398 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\ADDRESSES-2009.lnk
[2009/01/28 14:55:24 | 00,000,392 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\BANDFANS 2009.lnk
[2009/01/26 09:43:00 | 00,007,680 | ---- | M] () -- C:\Users\Graeme Hewitt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/26 09:43:00 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/01/24 17:04:35 | 00,000,950 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2009/01/24 16:43:41 | 00,147,192 | ---- | M] () -- C:\Windows\System32\guard32.dll
[2009/01/24 16:43:41 | 00,099,344 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009/01/24 16:43:41 | 00,072,720 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/01/24 16:43:41 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009/01/24 13:47:34 | 00,368,971 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\dds.scr
[2009/01/24 12:56:33 | 12,863,769 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\SystemBackupAfter RegistryClean.cab
[2009/01/24 12:52:19 | 00,000,908 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\CleanMyPC - Registry Cleaner.lnk
[2009/01/24 12:03:06 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/01/24 12:03:01 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/01/24 12:02:01 | 00,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/01/24 11:45:21 | 00,000,222 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Internet Options - Shortcut.lnk
[2009/01/21 19:01:53 | 00,000,410 | ---- | M] () -- C:\Windows\tasks\DriverRobot.job
[2009/01/21 13:49:44 | 00,001,039 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2009/01/21 13:49:34 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/01/20 12:59:51 | 00,010,991 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\IF I HAD A TALKING PICTURE OF YOU Eb.docx
[2009/01/20 12:47:33 | 00,010,471 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\HIGHER GROUND F.docx
[2009/01/19 16:05:44 | 00,013,636 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Trading Standards.docx
[2009/01/18 12:50:24 | 00,012,541 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Pipex jan 09.docx
[2009/01/17 18:37:14 | 00,000,172 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Torrents Search Engine.url
@Alternate Data Stream - 894 bytes -> C:\Users\Graeme Hewitt\Desktop\Torrents Search Engine.url:favicon
[2009/01/17 18:15:39 | 00,001,635 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/01/17 17:44:53 | 00,000,000 | ---- | M] () -- C:\Debug.QC6
[2009/01/17 13:34:45 | 00,001,987 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Windows Live Messenger .lnk
[2009/01/17 12:08:10 | 00,001,699 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Notepad.lnk
[2009/01/17 12:08:10 | 00,000,436 | -HS- | M] () -- C:\Users\Graeme Hewitt\Desktop\desktop.ini
[2009/01/16 17:00:20 | 00,008,563 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\PETROL.xlsx
[2009/01/16 16:38:50 | 00,010,959 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\GAS ELECTRIC.xlsx
[2009/01/16 16:27:06 | 00,002,585 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Microsoft Office Excel 2007.lnk
[2009/01/15 17:45:27 | 00,102,544 | ---- | M] () -- C:\Users\Graeme Hewitt\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/01/15 17:41:16 | 00,383,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/01/15 10:51:04 | 00,018,944 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Sue Harwood.wps
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/01/11 13:52:45 | 00,001,054 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Max Collie.nrd
[2009/01/10 18:28:53 | 00,010,561 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\GRAEME HEWITT's High Society Jazz Band.docx
[2009/01/10 01:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/01/09 12:03:18 | 00,000,216 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Date and Time - Shortcut.lnk
[2009/01/09 10:14:16 | 00,021,504 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Tilehurst BL Club.wps
< End of report >






OTViewIt Extras logfile created on: 04/02/2009 20:04:32 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Graeme Hewitt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 87.10% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 468.15 Gb Free Space | 79.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.76 Gb Total Space | 459.22 Gb Free Space | 98.60% Space Free | Partition Type: NTFS

Computer Name: HIGHSOCIETY
Current User Name: Graeme Hewitt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=0
"InternetSettingsDisableNotify"=0
"AutoUpdateDisableNotify"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007/06/20 15:09:30 | 01,077,248 | ---- | M] () -- C:\Program Files\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe:*:Enabled:WLAN configuration utility

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/06/20 15:09:30 | 01,077,248 | ---- | M] () -- C:\Program Files\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe:*:Enabled:WLAN configuration utility

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/06/08 07:30:54 | 00,230,760 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/02/01 16:26:04 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/02 22:38:50 | 00,791,368 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}"=Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}"=Windows Live Messenger
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}"=HP Driver Diagnostics
"{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Windows Live Upload Tool
"{2208D65A-1BF9-485E-A308-1BA6CADCDC1D}"=Windows Live Movie Maker Beta
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{28518520-F25C-48C3-A224-861F331602F4}"=Setup My PC
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}"=Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}"=Windows Live Toolbar
"{2BD94085-2E05-4EBD-8F2D-AF7499C50D92}"=LCD test
"{3559CDE0-11FC-4D7B-A65C-D646035B1033}"=Nero 8 Essentials
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}"=Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}"=Windows Live Sign-in Assistant
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}"=Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{5ED2D0BA-F1DC-42FE-9D05-EFAFF9DD8239}"=Philips SNU5600 Wireless USB Adapter 11b/g
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}"=Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}"=Microsoft Works
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}"=Windows Live Writer
"{709817E4-5439-4206-8738-796B34B623BD}"=MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}"=Packard Bell Recovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}"=Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}"=Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90190409-6000-11D3-8CFE-0050048383C9}"=Microsoft Publisher 2002
"{90300409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Media Content
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{AB7032FF-AFED-4C58-AA5C-8473B273793A}"=HDReg
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}"=Microsoft Sync Framework Services Native v1.0 (x86)
"{CA786CFF-1D31-4804-B436-F3405B14357F}"=Updator
"{CE1B03BC-3C99-4580-A2AC-A41DB9B83378}"=EasyWeather
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}"=Windows Live Essentials
"{DC509FE5-1445-46C9-827C-6120429CB942}"=Windows Live Family Safety
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}"=Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}"=Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01"=Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}"=Image Writer
"{F54AC413-D2C6-4A24-B324-370C223C6250}"=Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}"=Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}"=Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}"=Windows Live Sync
"Ad-Aware"=Ad-Aware
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6"=Adobe Photoshop Elements 6.0
"Adobe Shockwave Player"=Adobe Shockwave Player
"alotToolbar"=ALOT Toolbar
"avast!"=avast! Antivirus
"CleanMyPC - Registry Cleaner_is1"=CleanMyPC - Registry Cleaner
"COMODO Internet Security"=COMODO Internet Security
"DriverAgent.exe"=DriverAgent by eSupport.com
"DSL-200 DSL Modem"=DSL-200 DSL Modem
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"InstallShield_{5ED2D0BA-F1DC-42FE-9D05-EFAFF9DD8239}"=Philips SNU5600 Wireless USB Adapter
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (2.0.0.11)"=Mozilla Firefox (2.0.0.11)
"NVIDIA Drivers"=NVIDIA Drivers
"Picasa 3"=Picasa 3
"RealPlayer 6.0"=RealPlayer
"Vuze"=Vuze
"WinLiveSuite_Wave3"=Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 26/01/2009 05:38:40 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 059.JPG failed, 00000017.

Error - 26/01/2009 05:39:03 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 059.JPG failed, 00000017.

Error - 26/01/2009 05:39:26 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 059.JPG failed, 00000017.

Error - 26/01/2009 05:39:59 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 060.JPG failed, 00000017.

Error - 26/01/2009 05:40:21 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 060.JPG failed, 00000015.

Error - 26/01/2009 05:43:44 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 079.JPG failed, 00000017.

Error - 26/01/2009 05:47:13 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 079.JPG failed, 00000017.

Error - 26/01/2009 19:08:22 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\msiltcfg.dll failed, 00000005.

[ Application Events ]
Error - 30/01/2009 15:26:54 | Computer Name = HighSociety | Source = WinMgmt | ID = 10
Description =

Error - 31/01/2009 07:58:41 | Computer Name = HighSociety | Source = WinMgmt | ID = 10
Description =

Error - 01/02/2009 06:57:12 | Computer Name = HighSociety | Source = WinMgmt | ID = 10
Description =

Error - 01/02/2009 06:57:55 | Computer Name = HighSociety | Source = RasClient | ID = 20227
Description =

Error - 01/02/2009 08:38:50 | Computer Name = HighSociety | Source = Perflib | ID = 1010
Description =

Error - 02/02/2009 05:46:31 | Computer Name = HighSociety | Source = WinMgmt | ID = 10
Description =

Error - 02/02/2009 12:39:47 | Computer Name = HighSociety | Source = Perflib | ID = 1010
Description =

Error - 03/02/2009 06:54:17 | Computer Name = HighSociety | Source = WinMgmt | ID = 10
Description =

Error - 03/02/2009 11:08:33 | Computer Name = HighSociety | Source = WinMgmt | ID = 10
Description =

Error - 04/02/2009 05:25:09 | Computer Name = HighSociety | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 10/01/2009 14:00:16 | Computer Name = HighSociety | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 518 seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/01/2009 14:00:36 | Computer Name = HighSociety | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 14 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 30/01/2009 15:10:53 | Computer Name = HighSociety | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 30/01/2009 15:10:54 | Computer Name = HighSociety | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 30/01/2009 15:26:41 | Computer Name = HighSociety | Source = HTTP | ID = 15016
Description =

Error - 31/01/2009 07:58:29 | Computer Name = HighSociety | Source = HTTP | ID = 15016
Description =

Error - 01/02/2009 06:56:58 | Computer Name = HighSociety | Source = HTTP | ID = 15016
Description =

Error - 02/02/2009 05:46:19 | Computer Name = HighSociety | Source = HTTP | ID = 15016
Description =

Error - 03/02/2009 06:54:05 | Computer Name = HighSociety | Source = HTTP | ID = 15016
Description =

Error - 03/02/2009 11:08:21 | Computer Name = HighSociety | Source = HTTP | ID = 15016
Description =

Error - 04/02/2009 05:24:56 | Computer Name = HighSociety | Source = HTTP | ID = 15016
Description =

Error - 04/02/2009 06:25:34 | Computer Name = HighSociety | Source = DCOM | ID = 10016
Description =


< End of report >





KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 4, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 04, 2009 19:59:33
Records in database: 1745614


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics
Files scanned 130512
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:10:28

No malware has been detected. The scan area is clean.
The selected area was scanned.



Thanks for your involvement.


G.H.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 04 February 2009 - 06:02 PM

Hello.

Overall your log looks fine, what problems do you still have?

How long does it take to scan using GMER (it took 70 minutes for the Kaspersky scan to complete)?

There didn't appear to be a 'gmer.sys' option window (perhaps I didn't wait long enough). Also, there wasn't a 'settings' option on the screen.

As for GMER, it works differently for Vista machines. Simply start the programs Right-Click and select Run as Administrator and once it's done scanning click the Scan button at the bottom for it to scan. Once it's complete save the log and post it back in your next reply. Attach it if it's too large.

The scan takes usually between 1-3 minutes.

Describe to me what problems you still have in addition to the GMER log

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 GraemeRH

GraemeRH
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 04 February 2009 - 06:40 PM

Hi EB - tried to scan with 'GMER', but it crashed the PC during the scan and an automatic reboot ensued. I tried twice more (with internet disconnected), but again, the same PC crash occured each time.

So, at the moment, not sure what to do about that.

Regarding our initial problem, there hasn't been another occurence of an internet disconnection for about a week now, which would perhaps indicate everything may be ok, however, my original concern regarding an unknown BHO file in the HijackThis log posted originally may show that something in the PC is there which perhaps shouldn't be.

As it's getting rather late now, I'll await your reply and follow your advice at the earliest opportunity.

Many thanks,

G.H.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 04 February 2009 - 08:07 PM

Hello.

Glad your internet is working better now. Try GMER one more time, but in Safe Mode, follow the instructions below, how to boot into Safe Mode can be found in the link below:

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
  • Unzip/extract the file to its own folder. Right-Click and select Extract All...
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will now start extracting.
  • Once it is done, check (tick) the Show extracted files box and click Finish
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Right click on gmer.exe and select Run as administrator to run it. It will start running a scan.
    If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes..
  • When it's done scanning, you may receive another notice. Click OK if prompted.
  • Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.
If you receive no notice, click on the Scan button near the bottom.
  • It will start scanning again like before.
  • When it is done, Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running

Let's try a different rootkit scan if GMER still doesn't work.

Download and Run Avira AntiRootkit

Please navigate to the download page of Avira AntiRootkit and click on Download to save it to your Destop.
  • You should now find a file called: antivir_rootkit.zip on your Desktop. Right click it and select Extract All. Delete the .zip file after extraction.
  • You should now have a folder with Setup.exe and some other files within it on your Desktop.
  • Double-click Setup.exe, then Next.
  • Highlight the radio button to accept the license agreement and then click Next.
  • Then click Next and Install to finalise the installation process.
  • Click Finish You may now also delete the folder with the extracted files from the zip archive).
You successfully installed Avira AntiRootkit
  • Please now navigate to Start > All Programs > Avira RootKit Detection. Then select Avira RootKit Detection. Right-Click and select Run As... Administrator
  • Click OK when a message window pops up
  • Click Start scan and let it run. Be patient and the scan finishes.
  • Click View report and copy the entire contents into your next reply.
Note: Do not choose to rename any items found yet. There may be false positives.

Post back wtih:
-GMER log or Avira Anti-Rootkit scan log


With Regards,
Extremeboy

Edited by extremeboy, 04 February 2009 - 10:03 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 GraemeRH

GraemeRH
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 05 February 2009 - 04:31 PM

Hi EB - I won't get an opportunity to try your suggestions until Saturday, when I will have a lot more time available. These things always seem to take longer than you think don't they.

Are you messaging from the UK or USA? The reason I ask is that there won't be any point in contacting you on this thread at 10am UK time, because if you're stateside, then you'll be at least 5 hours behind the UK and therefore probably won't be available for exchange comments until Saturday afternoon UK time. But thinking about it now, I probably won't have completed the GMER scan until lunchtime anyway.

Again, thanks for your time and patience, and will be in touch again on Saturday after I've had a go again with GMER in safe mode!

Cheers,

G.H.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 05 February 2009 - 04:44 PM

Hello.

Actually I live in Canada if you see my profile. It's okay take your time. Post the results when you are finished. BC is a multi-cultural forum where there is many people from all over the world. I'll be waiting once you are back.

Thanks for letting me know though :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 GraemeRH

GraemeRH
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 07 February 2009 - 07:38 AM

Morning EB.

Attempted to do another GMER scan, this time in Safe Mode, but, again, the software crashed during the scanning process. Below is a copy of the Windows report that appeared after recovery.


Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 00005D34
BCP3: 8C607B58
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini020709-01.dmp
C:\Users\Graeme Hewitt\AppData\Local\Temp\WER-40341-0.sysdata.xml
C:\Users\Graeme Hewitt\AppData\Local\Temp\WERDB12.tmp.version.txt



So, following that, I did an Avira anti-rootkit scan, the resulting log of which appears below:


Avira AntiRootkit Tool - Beta (1.0.1.17)

========================================================================================================
- Scan started 07 February 2009 - 12:23:18
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 586.17 GB
- Working disk free size : 461.52 GB (78 %)
--------------------------------------------------------------------------------------------------------

Scan task finished. No hidden objects detected!

--------------------------------------------------------------------------------------------------------
Files: 0/130790
Registry items: 0/357904
Processes: 0/68
Scan time: 00:03:03
--------------------------------------------------------------------------------------------------------
Active processes:
- hdnziyip.exe (PID 288) (Avira AntiRootkit Tool - Beta)
- taskeng.exe (PID 4512)
- System (PID 4)
- smss.exe (PID 464)
- csrss.exe (PID 540)
- wininit.exe (PID 588)
- csrss.exe (PID 600)
- services.exe (PID 632)
- lsass.exe (PID 668)
- lsm.exe (PID 680)
- winlogon.exe (PID 780)
- svchost.exe (PID 864)
- nvvsvc.exe (PID 912)
- svchost.exe (PID 940)
- svchost.exe (PID 1000)
- svchost.exe (PID 1064)
- svchost.exe (PID 1100)
- svchost.exe (PID 1120)
- audiodg.exe (PID 1216)
- SLsvc.exe (PID 1264)
- svchost.exe (PID 1328)
- rundll32.exe (PID 1364)
- svchost.exe (PID 1520)
- aswUpdSv.exe (PID 1676)
- ashServ.exe (PID 1692)
- AAWService.exe (PID 1708)
- spoolsv.exe (PID 2012)
- svchost.exe (PID 2036)
- dwm.exe (PID 1600)
- PhotoshopElementsFileAgent.exe (PID 848)
- taskeng.exe (PID 1636)
- cmdagent.exe (PID 2068)
- explorer.exe (PID 2116)
- ETService.exe (PID 2148)
- NBService.exe (PID 2412)
- IoctlSvc.exe (PID 2508)
- svchost.exe (PID 2524)
- taskeng.exe (PID 2536)
- SeaPort.exe (PID 2548)
- svchost.exe (PID 2644)
- svchost.exe (PID 2676)
- SearchIndexer.exe (PID 2700)
- WUDFHost.exe (PID 2928)
- ashMaiSv.exe (PID 2944)
- unsecapp.exe (PID 2992)
- ashWebSv.exe (PID 3128)
- WmiPrvSE.exe (PID 3244)
- DslStat.exe (PID 3648)
- ashDisp.exe (PID 3656)
- cfp.exe (PID 3772)
- ehtray.exe (PID 3812)
- mobsync.exe (PID 3828)
- GoogleToolbarNotifier.exe (PID 3868)
- msnmsgr.exe (PID 3900)
- wmpnscfg.exe (PID 3928)
- ehmsas.exe (PID 3972)
- PHUSBBGMonitor.exe (PID 4064)
- ONENOTEM.EXE (PID 2084)
- wmpnetwk.exe (PID 2364)
- AAWTray.exe (PID 1460)
- wlcomm.exe (PID 4252)
- ieuser.exe (PID 2724)
- iexplore.exe (PID 1540)
- GoogleToolbarUser.exe (PID 3956)
- wltuser.exe (PID 3592)
- VSSVC.exe (PID 4700)
- svchost.exe (PID 5784)
- avirarkd.exe (PID 5056)
========================================================================================================
- Scan finished 07 February 2009 - 12:26:21
========================================================================================================


Doesn't appear to be any problem there, but your the expert, so I'll wait to hear from you with the next stage.

Thanks.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 07 February 2009 - 09:17 AM

Hello.

Yes, you do looks okay. Avira scan found nothing. Kaspersky was also clean. Post back with a new set of OTViewIT logs so I can see if there's anything else to be done.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 GraemeRH

GraemeRH
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 07 February 2009 - 11:05 AM

OK - here are the 2 repeated logs OTView.txt and Extra.txt


OTViewIt logfile created on: 07/02/2009 15:55:50 - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Graeme Hewitt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 93.52% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 462.14 Gb Free Space | 78.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.76 Gb Total Space | 459.22 Gb Free Space | 98.60% Space Free | Partition Type: NTFS

Computer Name: HIGHSOCIETY
Current User Name: Graeme Hewitt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/21 02:23:42 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/21 02:23:44 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/09/17 23:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2008/01/21 02:25:00 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 09:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2009/02/05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008/01/21 02:24:44 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2007/09/10 23:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
[2008/01/21 02:24:44 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/01/24 16:43:41 | 00,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
[2008/07/16 13:00:00 | 00,024,576 | ---- | M] () -- C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
[2008/02/18 16:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\IoctlSvc.exe
[2008/01/21 02:24:44 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/12/04 16:03:00 | 00,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[2008/05/27 05:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/01/21 02:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2005/07/26 20:19:00 | 00,356,352 | ---- | M] (D-Link, Inc.) -- C:\Program Files\D-Link\DSL-200\DslStat.exe
[2009/02/05 21:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2009/01/24 16:43:40 | 01,797,880 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
[2008/01/21 02:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2008/01/21 02:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2008/12/26 16:34:38 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/01/21 02:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/01/21 02:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2007/06/20 15:09:30 | 01,077,248 | ---- | M] () -- C:\Program Files\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe
[2007/12/07 20:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[2008/01/21 02:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2009/01/24 12:43:05 | 00,471,650 | ---- | M] (CleanMyPC Software) -- C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
[2008/01/21 02:24:49 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2009/01/15 08:59:17 | 00,239,216 | ---- | M] () -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
[2008/12/08 17:01:52 | 00,224,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
[2008/01/21 02:23:50 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/05 03:16:26 | 00,235,936 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe
[2008/01/21 02:24:06 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2008/05/27 05:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008/05/27 05:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/02/04 20:02:44 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Graeme Hewitt\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/10 23:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto | Running])
[2009/02/05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2009/02/05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2009/02/05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2009/02/05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/01/21 02:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2009/01/24 16:43:41 | 00,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/21 02:23:41 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/21 02:24:35 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/21 02:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 12:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/07/16 13:00:00 | 00,024,576 | ---- | M] () -- C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService [Auto | Running])
[2008/08/21 21:08:35 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/01/21 02:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/12/08 17:01:58 | 00,533,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
[2008/08/31 23:31:16 | 00,024,064 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100 [On_Demand | Stopped])
[2008/01/21 02:24:55 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2009/01/15 09:44:02 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2009/01/31 12:03:55 | 00,950,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
[2009/01/20 10:31:36 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/02/18 16:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2008/01/21 02:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/04/28 16:16:06 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2008/09/17 23:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
[2008/01/21 02:24:20 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/12/04 16:03:00 | 00,226,640 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
[2008/01/21 02:25:00 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 09:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/01/21 02:24:08 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/21 02:25:00 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/21 02:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/27 05:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008/01/21 02:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/21 02:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/21 02:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/21 02:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2008/01/21 02:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/21 02:23:01 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2008/01/21 02:23:00 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2008/01/21 02:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2008/01/21 02:23:00 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2008/01/21 02:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2009/02/05 21:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2009/02/05 21:06:59 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
[2009/02/05 21:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
[2009/02/05 21:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2009/02/05 21:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2008/01/21 02:23:01 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2008/01/21 02:23:53 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 08:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2008/01/21 02:23:26 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/21 02:23:54 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2009/01/24 16:43:41 | 00,099,344 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2009/01/24 16:43:41 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2008/01/21 02:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/01/21 02:23:22 | 00,024,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2008/01/21 02:23:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/21 02:24:55 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/01/21 02:23:01 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4 [On_Demand | Running])
[2008/01/21 02:23:03 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Running])
[2008/01/21 02:23:01 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Running])
[2008/08/02 01:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2008/01/21 02:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/21 02:23:39 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2008/01/21 02:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/21 02:23:00 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev [Disabled | Stopped])
[2008/01/21 02:25:02 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/21 02:24:04 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/21 02:24:21 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/12/08 17:01:52 | 00,055,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr [On_Demand | Stopped])
[2008/01/21 02:23:22 | 00,061,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2009/02/04 21:51:17 | 00,085,969 | ---- | M] (GMER) -- C:\Windows\System32\drivers\gmer.sys -- (gmer [On_Demand | Stopped])
[2006/11/02 07:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/01/21 02:23:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 08:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 08:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2008/01/21 02:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2009/01/24 16:43:41 | 00,072,720 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys -- (Inspect [On_Demand | Running])
[2008/07/16 12:56:06 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15 [Auto | Running])
[2008/06/26 07:57:22 | 02,134,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2008/01/21 02:23:22 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/21 02:23:01 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2009/01/24 12:03:01 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd [Boot | Running])
[2008/01/21 02:24:37 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/21 02:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/21 02:24:37 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2005/01/31 10:12:46 | 00,022,016 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2008/01/21 02:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/21 02:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR [Disabled | Stopped])
[2008/01/21 02:23:22 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2008/01/21 02:23:20 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/21 02:24:47 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/27 01:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/21 02:24:28 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2008/01/21 02:23:00 | 00,028,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2008/01/21 02:23:21 | 00,094,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/21 02:23:01 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/21 02:24:26 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/20 02:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/21 02:24:47 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2008/08/05 04:29:26 | 00,044,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA [On_Demand | Running])
[2008/09/17 23:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008/01/21 02:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2008/06/06 11:13:10 | 00,145,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32 [Boot | Running])
[2008/01/21 02:23:01 | 00,109,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2007/06/28 03:41:34 | 00,870,400 | ---- | M] (Copyright © 2001-2007 Arcadyan Technology Corporation.) -- C:\Windows\System32\drivers\O4501U.sys -- (O4501 [On_Demand | Stopped])
[2004/10/25 14:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50 [Auto | Running])
[2006/11/02 09:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2005/01/31 10:13:22 | 00,163,328 | ---- | M] () -- C:\Windows\System32\drivers\LV532AV.SYS -- (PID_0920 [On_Demand | Stopped])
[2008/04/05 01:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2008/07/31 22:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/01/21 02:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/21 02:23:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/21 02:25:05 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/21 02:24:50 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/21 02:24:37 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 07:30:56 | 00,044,544 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
[2006/11/02 09:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/21 02:23:20 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2008/01/21 02:23:23 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2008/01/21 02:23:01 | 00,055,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2008/01/21 02:23:26 | 00,041,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2008/01/21 02:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/21 02:25:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2002/10/15 22:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\Windows\System32\drivers\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
[2008/01/21 02:24:11 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/21 02:24:59 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/21 02:23:45 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/21 02:23:43 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/21 02:24:53 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/21 02:24:59 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/21 02:24:25 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Stopped])
[2009/01/23 15:23:26 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\Windows\System32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2008/01/21 02:23:22 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2008/01/21 02:23:01 | 00,060,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2008/01/21 02:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2008/01/21 02:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/21 02:23:22 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2008/01/21 02:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2006/11/02 08:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/01/21 02:23:02 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2008/01/21 02:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2008/01/21 02:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/21 02:23:01 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/21 02:24:27 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2008/01/21 02:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 08:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2005/07/26 20:17:00 | 00,150,369 | ---- | M] (GlobespanVirata Inc.) -- C:\Windows\System32\drivers\gwausb.sys -- (wanusb [On_Demand | Stopped])
[2008/01/21 02:23:24 | 00,022,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Boot | Running])
[2008/01/21 02:23:51 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2008/01/21 02:23:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2008/01/21 02:24:47 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2007/03/22 09:36:24 | 00,043,584 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb [System | Running])
[2007/03/05 10:20:02 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0908&m=imedia_x2416

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0908&m=imedia_x2416
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.google.com
"SearchDefaultBranded"=
"Start Page"=http://www.google.co.uk/
"StartPageCache"=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>;localhost

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=1&o=vp32&d=0908&m=imedia_x2416
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.google.com
"SearchDefaultBranded"=
"Start Page"=http://www.google.co.uk/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>;localhost

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (HKLM) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h ()
"DSLSTATEXE"=C:\Program Files\D-Link\DSL-200\dslstat.exe icon (D-Link, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 21:47:18 | 03,751,995 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 21:47:18 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 21:47:18 | 03,751,995 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Google Photos Screensa&ver: C:\Windows\System32\GPhotos.scr [2008/12/12 21:47:18 | 03,751,995 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2008/12/02 22:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2008/12/02 22:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-21-3973340900-1594535514-909225557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1230922809176 -- MUWebControl Class
{6F15128C-E66A-490C-B848-5000B5ABEEAC}: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab -- HP Download Manager
{80AEEC0E-A2BE-4B8D-985F-350FE869DC40}: http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab -- HPDDClientExec Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...ows-i586-jc.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{27FA60FB-5855-47ED-90FC-73C7DFD953D2} (Servers: | Description: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0))
{8B1729E6-7AE5-46CD-B04C-55B4246E445D} (Servers: | Description: Philips SNU5600 Wireless USB Adapter 11b/g)
{F80A8D4D-7782-44AB-8600-A80BEB2EF0EF} (Servers: | Description: Philips SNU5600 Wireless USB Adapter 11b/g)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\guard32.dll
>[2008/08/31 23:31:16 | 00,113,664 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>[2009/01/24 16:43:41 | 00,147,192 | ---- | M] () -- C:\Windows\System32\guard32.dll

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/21 02:24:37 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/21 02:24:37 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 21:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

autorun.inf [[autorun] | icon = .\Maxtor_Desktop.ico | ]
[2007/06/04 07:12:00 | 00,000,038 | ---- | M] () -- I:\autorun.inf -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/02/07 12:20:29 | 00,043,584 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/02/07 12:20:29 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/02/07 12:20:28 | 00,000,000 | ---D | C] -- C:\Program Files\Avira GmbH
[2009/02/07 12:09:08 | 32,203,20256 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/06 15:22:39 | 00,013,204 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\ronhosler.docx
[2009/02/06 14:20:20 | 00,011,720 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Sainsburt's.docx
[2009/02/04 23:12:25 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/02/04 23:12:14 | 14,196,7166 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/02/04 22:55:13 | 00,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2009/02/04 22:55:12 | 00,000,000 | ---D | C] -- C:\Drivers
[2009/02/04 22:52:36 | 00,000,396 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\USB_DRV - Shortcut.lnk
[2009/02/04 22:50:53 | 00,000,000 | ---D | C] -- C:\USB_DRV
[2009/02/04 22:49:58 | 01,801,933 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\usbdrven.exe
[2009/02/04 21:52:50 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\Desktop\gmer
[2009/02/04 21:51:44 | 00,000,250 | ---- | C] () -- C:\Windows\gmer.ini
[2009/02/04 21:51:17 | 00,085,969 | ---- | C] (GMER) -- C:\Windows\System32\drivers\gmer.sys
[2009/02/04 21:51:17 | 00,000,080 | ---- | C] () -- C:\Windows\gmer_uninstall.cmd
[2009/02/04 21:51:16 | 00,884,736 | ---- | C] () -- C:\Windows\gmer.dll
[2009/02/04 21:50:03 | 00,747,873 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\gmer.zip
[2009/02/04 21:48:20 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/02/04 21:45:46 | 04,607,096 | ---- | C] (W3i, LLC) -- C:\Users\Graeme Hewitt\Desktop\7zipfree_8675.exe
[2009/02/04 21:42:02 | 13,194,592 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\winzip120.exe
[2009/02/04 21:35:31 | 00,002,723 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Kaspersky's Log.html
[2009/02/04 20:02:43 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Graeme Hewitt\Desktop\OTViewIt.exe
[2009/02/04 16:34:14 | 00,013,478 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Clarinet story.docx
[2009/02/04 09:42:41 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\Skype
[2009/02/03 14:01:29 | 00,013,151 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Acker Dave Morgan.docx
[2009/02/02 10:16:42 | 00,040,960 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\ADDRESSES09.xlr
[2009/02/01 13:20:08 | 00,011,750 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\DAVE MORGAN.docx
[2009/02/01 13:20:08 | 00,000,162 | -H-- | C] () -- C:\Users\Graeme Hewitt\Documents\~$VE MORGAN.docx
[2009/02/01 12:40:46 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\ParetoLogic
[2009/01/30 19:10:49 | 00,000,000 | ---D | C] -- C:\Program Files\Ubi Soft
[2009/01/30 19:09:58 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2009/01/29 17:59:25 | 00,011,323 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Mr Ripton.docx
[2009/01/29 11:34:03 | 00,011,892 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Norton Grange.docx
[2009/01/28 14:55:35 | 00,000,398 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\ADDRESSES-2009.lnk
[2009/01/28 14:55:24 | 00,000,392 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\BANDFANS 2009.lnk
[2009/01/24 17:12:25 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Local\Comodo
[2009/01/24 17:04:35 | 00,000,950 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2009/01/24 16:43:42 | 00,147,192 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2009/01/24 16:43:42 | 00,099,344 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009/01/24 16:43:42 | 00,072,720 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/01/24 16:43:42 | 00,025,104 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009/01/24 16:43:42 | 00,000,000 | ---D | C] -- C:\ProgramData\comodo
[2009/01/24 16:43:41 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/01/24 13:46:49 | 00,368,971 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\dds.scr
[2009/01/24 12:56:33 | 12,863,769 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\SystemBackupAfter RegistryClean.cab
[2009/01/24 12:54:34 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\CleanMyPC Software
[2009/01/24 12:52:19 | 00,000,908 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\CleanMyPC - Registry Cleaner.lnk
[2009/01/24 12:52:18 | 00,000,000 | ---D | C] -- C:\Program Files\CleanMyPC
[2009/01/24 12:09:01 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/01/24 12:03:13 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/01/24 12:03:09 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/01/24 12:02:01 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/01/24 12:02:00 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/01/24 11:45:21 | 00,000,222 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Internet Options - Shortcut.lnk
[2009/01/23 15:31:00 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\DriverCure
[2009/01/23 15:30:51 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/01/23 15:30:51 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverCure
[2009/01/23 15:30:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2009/01/23 15:23:26 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Local\eSupport.com
[2009/01/22 09:34:17 | 00,000,000 | ---D | C] -- C:\Program Files\alot
[2009/01/21 14:44:27 | 03,114,521 | -H-- | C] () -- C:\Users\Graeme Hewitt\AppData\Local\IconCache.db
[2009/01/21 14:15:29 | 00,427,864 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll
[2009/01/21 14:15:28 | 01,686,016 | ---- | C] (Clever Components) -- C:\Windows\System32\clinetsuitex6.ocx
[2009/01/21 14:15:28 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2009/01/21 14:11:02 | 00,000,410 | ---- | C] () -- C:\Windows\tasks\DriverRobot.job
[2009/01/21 14:11:01 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\Blitware
[2009/01/21 14:10:55 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Robot
[2009/01/21 13:49:44 | 00,001,039 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2009/01/21 13:49:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/01/21 13:49:34 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/01/21 13:49:34 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/01/21 13:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/01/21 13:49:31 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\Real
[2009/01/20 12:59:50 | 00,010,991 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\IF I HAD A TALKING PICTURE OF YOU Eb.docx
[2009/01/20 12:47:33 | 00,010,471 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\HIGHER GROUND F.docx
[2009/01/19 14:19:07 | 00,013,636 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Trading Standards.docx
[2009/01/18 12:50:24 | 00,012,541 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Pipex jan 09.docx
[2009/01/17 18:37:11 | 00,000,172 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Torrents Search Engine.url
@Alternate Data Stream - 894 bytes -> C:\Users\Graeme Hewitt\Desktop\Torrents Search Engine.url:favicon
[2009/01/17 18:29:08 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\Documents\Azureus Downloads
[2009/01/17 18:16:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2009/01/17 18:15:59 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Roaming\Azureus
[2009/01/17 18:15:39 | 00,001,635 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/01/17 18:15:24 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2009/01/17 18:15:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2009/01/17 17:36:00 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/01/17 17:34:50 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Local\Downloaded Installations
[2009/01/17 13:34:45 | 00,001,987 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Windows Live Messenger .lnk
[2009/01/17 13:31:37 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/01/17 12:08:10 | 00,001,699 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Notepad.lnk
[2009/01/16 17:00:19 | 00,008,563 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\PETROL.xlsx
[2009/01/16 16:39:19 | 00,011,147 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\GAS ELECTRIC.xlsx
[2009/01/16 16:36:35 | 00,010,959 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\GAS ELECTRIC.xlsx
[2009/01/15 11:04:56 | 00,002,585 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Microsoft Office Excel 2007.lnk
[2009/01/15 11:04:26 | 00,002,627 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Microsoft Office Word 2007.lnk
[2009/01/15 10:51:04 | 00,018,944 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Sue Harwood.wps
[2009/01/14 09:54:44 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/01/11 13:52:45 | 00,001,054 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Max Collie.nrd
[2009/01/10 18:28:53 | 00,010,561 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\GRAEME HEWITT's High Society Jazz Band.docx
[2009/01/10 17:54:17 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\AppData\Local\Microsoft Help
[2009/01/10 17:52:07 | 00,000,000 | ---D | C] -- C:\Users\Graeme Hewitt\Documents\OneNote Notebooks
[2009/01/09 12:03:18 | 00,000,216 | ---- | C] () -- C:\Users\Graeme Hewitt\Desktop\Date and Time - Shortcut.lnk
[2009/01/09 10:05:34 | 00,021,504 | ---- | C] () -- C:\Users\Graeme Hewitt\Documents\Tilehurst BL Club.wps

========== Files - Modified Within 30 Days ==========

[2009/02/07 15:30:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-Graeme Hewitt.job
[2009/02/07 14:09:13 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/07 14:09:13 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/07 12:15:23 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/07 12:15:23 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/07 12:15:23 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/07 12:09:27 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/02/07 12:09:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/07 12:09:11 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/07 12:09:08 | 32,203,20256 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/07 12:09:07 | 14,196,7166 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/02/07 12:05:07 | 00,000,250 | ---- | M] () -- C:\Windows\gmer.ini
[2009/02/07 09:41:23 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/02/06 22:55:26 | 03,114,521 | -H-- | M] () -- C:\Users\Graeme Hewitt\AppData\Local\IconCache.db
[2009/02/06 22:53:16 | 00,013,204 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\ronhosler.docx
[2009/02/06 19:28:50 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/02/06 14:23:48 | 00,002,627 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Microsoft Office Word 2007.lnk
[2009/02/06 14:20:21 | 00,011,720 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Sainsburt's.docx
[2009/02/06 11:15:19 | 00,011,147 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\GAS ELECTRIC.xlsx
[2009/02/05 21:11:35 | 01,256,296 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/02/05 21:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/02/05 21:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/02/05 21:06:59 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/02/05 21:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/02/05 21:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/02/05 21:04:45 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/02/04 22:52:36 | 00,000,396 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\USB_DRV - Shortcut.lnk
[2009/02/04 22:50:39 | 01,801,933 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\usbdrven.exe
[2009/02/04 21:54:07 | 00,747,873 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\gmer.zip
[2009/02/04 21:51:17 | 00,884,736 | ---- | M] () -- C:\Windows\gmer.dll
[2009/02/04 21:51:17 | 00,085,969 | ---- | M] (GMER) -- C:\Windows\System32\drivers\gmer.sys
[2009/02/04 21:51:17 | 00,000,080 | ---- | M] () -- C:\Windows\gmer_uninstall.cmd
[2009/02/04 21:51:13 | 00,811,008 | R--- | M] () -- C:\Windows\gmer.exe
[2009/02/04 21:45:52 | 04,607,096 | ---- | M] (W3i, LLC) -- C:\Users\Graeme Hewitt\Desktop\7zipfree_8675.exe
[2009/02/04 21:42:11 | 13,194,592 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\winzip120.exe
[2009/02/04 21:35:31 | 00,002,723 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Kaspersky's Log.html
[2009/02/04 20:02:44 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Graeme Hewitt\Desktop\OTViewIt.exe
[2009/02/04 16:34:15 | 00,013,478 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Clarinet story.docx
[2009/02/03 14:01:30 | 00,013,151 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Acker Dave Morgan.docx
[2009/02/02 17:26:57 | 00,040,960 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\ADDRESSES09.xlr
[2009/02/02 17:26:57 | 00,000,708 | ---- | M] () -- C:\Users\Graeme Hewitt\AppData\Roaming\wklnhst.dat
[2009/02/02 12:03:02 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/02/01 14:00:50 | 00,011,750 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\DAVE MORGAN.docx
[2009/02/01 13:20:08 | 00,000,162 | -H-- | M] () -- C:\Users\Graeme Hewitt\Documents\~$VE MORGAN.docx
[2009/01/29 18:00:07 | 00,011,892 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Norton Grange.docx
[2009/01/29 17:59:25 | 00,011,323 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Mr Ripton.docx
[2009/01/28 14:55:35 | 00,000,398 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\ADDRESSES-2009.lnk
[2009/01/28 14:55:24 | 00,000,392 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\BANDFANS 2009.lnk
[2009/01/26 09:43:00 | 00,007,680 | ---- | M] () -- C:\Users\Graeme Hewitt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/24 17:04:35 | 00,000,950 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2009/01/24 16:43:41 | 00,147,192 | ---- | M] () -- C:\Windows\System32\guard32.dll
[2009/01/24 16:43:41 | 00,099,344 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009/01/24 16:43:41 | 00,072,720 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/01/24 16:43:41 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009/01/24 13:47:34 | 00,368,971 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\dds.scr
[2009/01/24 12:56:33 | 12,863,769 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\SystemBackupAfter RegistryClean.cab
[2009/01/24 12:52:19 | 00,000,908 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\CleanMyPC - Registry Cleaner.lnk
[2009/01/24 12:03:06 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/01/24 12:03:01 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/01/24 12:02:01 | 00,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/01/24 11:45:21 | 00,000,222 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Internet Options - Shortcut.lnk
[2009/01/21 19:01:53 | 00,000,410 | ---- | M] () -- C:\Windows\tasks\DriverRobot.job
[2009/01/21 13:49:44 | 00,001,039 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2009/01/21 13:49:34 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/01/20 12:59:51 | 00,010,991 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\IF I HAD A TALKING PICTURE OF YOU Eb.docx
[2009/01/20 12:47:33 | 00,010,471 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\HIGHER GROUND F.docx
[2009/01/19 16:05:44 | 00,013,636 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Trading Standards.docx
[2009/01/18 12:50:24 | 00,012,541 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Pipex jan 09.docx
[2009/01/17 18:37:14 | 00,000,172 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Torrents Search Engine.url
@Alternate Data Stream - 894 bytes -> C:\Users\Graeme Hewitt\Desktop\Torrents Search Engine.url:favicon
[2009/01/17 18:15:39 | 00,001,635 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/01/17 17:44:53 | 00,000,000 | ---- | M] () -- C:\Debug.QC6
[2009/01/17 13:34:45 | 00,001,987 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Windows Live Messenger .lnk
[2009/01/17 12:08:10 | 00,001,699 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Notepad.lnk
[2009/01/17 12:08:10 | 00,000,436 | -HS- | M] () -- C:\Users\Graeme Hewitt\Desktop\desktop.ini
[2009/01/16 17:00:20 | 00,008,563 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\PETROL.xlsx
[2009/01/16 16:38:50 | 00,010,959 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\GAS ELECTRIC.xlsx
[2009/01/16 16:27:06 | 00,002,585 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Microsoft Office Excel 2007.lnk
[2009/01/15 17:45:27 | 00,102,544 | ---- | M] () -- C:\Users\Graeme Hewitt\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/01/15 17:41:16 | 00,383,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/01/15 10:51:04 | 00,018,944 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Sue Harwood.wps
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/01/11 13:52:45 | 00,001,054 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Max Collie.nrd
[2009/01/10 18:28:53 | 00,010,561 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\GRAEME HEWITT's High Society Jazz Band.docx
[2009/01/10 01:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/01/09 12:03:18 | 00,000,216 | ---- | M] () -- C:\Users\Graeme Hewitt\Desktop\Date and Time - Shortcut.lnk
[2009/01/09 10:14:16 | 00,021,504 | ---- | M] () -- C:\Users\Graeme Hewitt\Documents\Tilehurst BL Club.wps
< End of report >



OTViewIt Extras logfile created on: 07/02/2009 15:55:50 - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Graeme Hewitt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 93.52% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.17 Gb Total Space | 462.14 Gb Free Space | 78.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465.76 Gb Total Space | 459.22 Gb Free Space | 98.60% Space Free | Partition Type: NTFS

Computer Name: HIGHSOCIETY
Current User Name: Graeme Hewitt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=0
"InternetSettingsDisableNotify"=0
"AutoUpdateDisableNotify"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007/06/20 15:09:30 | 01,077,248 | ---- | M] () -- C:\Program Files\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe:*:Enabled:WLAN configuration utility

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/06/20 15:09:30 | 01,077,248 | ---- | M] () -- C:\Program Files\philips\Philips SNU5600 Wireless USB Adapter Utility\PHUSBBGMonitor.exe:*:Enabled:WLAN configuration utility

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 14:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/06/08 07:30:54 | 00,230,760 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/02 22:37:44 | 00,062,280 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/02/01 16:26:04 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/02 22:38:50 | 00,791,368 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}"=Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}"=Windows Live Messenger
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}"=HP Driver Diagnostics
"{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}"=Avira RootKit Detection
"{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Windows Live Upload Tool
"{2208D65A-1BF9-485E-A308-1BA6CADCDC1D}"=Windows Live Movie Maker Beta
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java™ 6 Update 11
"{28518520-F25C-48C3-A224-861F331602F4}"=Setup My PC
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}"=Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}"=Windows Live Toolbar
"{2BD94085-2E05-4EBD-8F2D-AF7499C50D92}"=LCD test
"{3559CDE0-11FC-4D7B-A65C-D646035B1033}"=Nero 8 Essentials
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}"=Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}"=Windows Live Sign-in Assistant
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}"=Microsoft Office Live Add-in 1.3
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}"=Sony USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{5ED2D0BA-F1DC-42FE-9D05-EFAFF9DD8239}"=Philips SNU5600 Wireless USB Adapter 11b/g
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}"=Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}"=Microsoft Works
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}"=Windows Live Writer
"{709817E4-5439-4206-8738-796B34B623BD}"=MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}"=Packard Bell Recovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}"=Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}"=Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90190409-6000-11D3-8CFE-0050048383C9}"=Microsoft Publisher 2002
"{90300409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Media Content
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{AB7032FF-AFED-4C58-AA5C-8473B273793A}"=HDReg
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}"=Microsoft Sync Framework Services Native v1.0 (x86)
"{CA786CFF-1D31-4804-B436-F3405B14357F}"=Updator
"{CE1B03BC-3C99-4580-A2AC-A41DB9B83378}"=EasyWeather
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}"=Windows Live Essentials
"{DC509FE5-1445-46C9-827C-6120429CB942}"=Windows Live Family Safety
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}"=Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}"=Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01"=Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}"=Image Writer
"{F54AC413-D2C6-4A24-B324-370C223C6250}"=Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}"=Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}"=Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}"=Windows Live Sync
"7-Zip"=7-Zip 4.57
"Ad-Aware"=Ad-Aware
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6"=Adobe Photoshop Elements 6.0
"Adobe Shockwave Player"=Adobe Shockwave Player
"alotToolbar"=ALOT Toolbar
"avast!"=avast! Antivirus
"CleanMyPC - Registry Cleaner_is1"=CleanMyPC - Registry Cleaner
"COMODO Internet Security"=COMODO Internet Security
"DriverAgent.exe"=DriverAgent by eSupport.com
"DSL-200 DSL Modem"=DSL-200 DSL Modem
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"InstallShield_{5ED2D0BA-F1DC-42FE-9D05-EFAFF9DD8239}"=Philips SNU5600 Wireless USB Adapter
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (2.0.0.11)"=Mozilla Firefox (2.0.0.11)
"NVIDIA Drivers"=NVIDIA Drivers
"Picasa 3"=Picasa 3
"RealPlayer 6.0"=RealPlayer
"Vuze"=Vuze
"WinLiveSuite_Wave3"=Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 26/01/2009 05:38:40 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 059.JPG failed, 00000017.

Error - 26/01/2009 05:39:03 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 059.JPG failed, 00000017.

Error - 26/01/2009 05:39:26 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 059.JPG failed, 00000017.

Error - 26/01/2009 05:39:59 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 060.JPG failed, 00000017.

Error - 26/01/2009 05:40:21 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 060.JPG failed, 00000015.

Error - 26/01/2009 05:43:44 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 079.JPG failed, 00000017.

Error - 26/01/2009 05:47:13 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\2008-10-11 Dad's Turkey 2008\Dad's Turkey 2008 079.JPG failed, 00000017.

Error - 26/01/2009 19:08:22 | Computer Name = HighSociety | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\msiltcfg.dll failed, 00000005.

[ Application Events ]
Error - 07/02/2009 06:39:49 | Computer Name = HighSociety | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 12d8 Start Time: 01c98908b0d9584e Termination Time: 16

Error - 07/02/2009 07:58:50 | Computer Name = HighSociety | Source = WinMgmt | ID = 10
Description =

Error - 07/02/2009 08:02:59 | Computer Name = HighSociety | Source = WinMgmt | ID = 10
Description =

Error - 07/02/2009 08:03:27 | Computer Name = HighSociety | Source = EventSystem | ID = 4609
Description =

Error - 07/02/2009 08:07:26 | Computer Name = HighSociety | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.14.14536, time stamp 0x4807a13f,
faulting module gmer.dll, version 1.0.14.14536, time stamp 0x4807a134, exception
code 0xc0000005, fault offset 0x0000c6a4, process id 0x778, application start time
0x01c9891c51504c4b.

Error - 07/02/2009 08:09:28 | Computer Name = HighSociety | Source = WinMgmt | ID = 10
Description =

Error - 07/02/2009 08:10:23 | Computer Name = HighSociety | Source = RasClient | ID = 20227
Description =

Error - 07/02/2009 08:11:21 | Computer Name = HighSociety | Source = RasClient | ID = 20227
Description =

Error - 07/02/2009 08:20:06 | Computer Name = HighSociety | Source = VSS | ID = 8194
Description =

Error - 07/02/2009 11:55:01 | Computer Name = HighSociety | Source = Application Hang | ID = 1002
Description = The program OTViewIt.exe version 1.0.21.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1554 Start Time: 01c9893c3229beca Termination Time: 0

[ OSession Events ]
Error - 10/01/2009 14:00:16 | Computer Name = HighSociety | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 518 seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/01/2009 14:00:36 | Computer Name = HighSociety | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 14 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07/02/2009 08:03:28 | Computer Name = HighSociety | Source = DCOM | ID = 10005
Description =

Error - 07/02/2009 08:03:28 | Computer Name = HighSociety | Source = DCOM | ID = 10005
Description =

Error - 07/02/2009 08:03:28 | Computer Name = HighSociety | Source = Service Control Manager | ID = 7001
Description =

Error - 07/02/2009 08:03:28 | Computer Name = HighSociety | Source = Service Control Manager | ID = 7001
Description =

Error - 07/02/2009 08:04:01 | Computer Name = HighSociety | Source = Service Control Manager | ID = 7001
Description =

Error - 07/02/2009 08:04:01 | Computer Name = HighSociety | Source = DCOM | ID = 10005
Description =

Error - 07/02/2009 08:04:01 | Computer Name = HighSociety | Source = DCOM | ID = 10005
Description =

Error - 07/02/2009 08:04:02 | Computer Name = HighSociety | Source = Service Control Manager | ID = 7001
Description =

Error - 07/02/2009 08:09:12 | Computer Name = HighSociety | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:03:43 on 07/02/2009 was unexpected.

Error - 07/02/2009 08:09:16 | Computer Name = HighSociety | Source = HTTP | ID = 15016
Description =


< End of report >


Cheers,

G.H.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 07 February 2009 - 11:41 AM

Hello.

Your log looks clean. There are no more problems I believe? If not let's just wrap up. Kaspersky was clean and your log looks pretty much the same as before. If you have any other problems related to hardware or slowness, it would fit better in the Windows Vista forum.


Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :step5:

Uninstall Avira RootKit Detection
We will now remove Avira anti-rootkit scanner via programs and features.
  • Go to start > control panel > programs and features.
  • Right click on each instance of:
    Avira RootKit Detection
  • Click Uninstall & then follow the prompts to remove it.
  • If it requires a reboot please do so.
Download and Run OTCleanIt

We will now remove the tools we used during this fix.
  • Download OTCleanIt by OldTimer to your desktop.
  • Double click OTCleanIt.exe to start the program.
  • Click the big CleanUp! button.
  • When asked if you want to proceed witht the cleanup process, click Yes. Restart your computer when prompted.
You may delete the tool after use.

Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.


Congratulations! You now appear clean! :step1: :) :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Increase System Performance

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Install an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources

Some Free Anti-Virus software I recommend are: Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Install a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Some Firewall programs I recommend to others are:
Update your Firewall Program - It is imperitive that you update your Firewall at least once a week (Even more if you wish). If you do not update your firewall then it will not be able to catch any of the new variants that may come out.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Additional Security Programs

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :step4:


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 GraemeRH

GraemeRH
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 07 February 2009 - 09:11 PM

Thanks EB for all your assistance. Your above recommendations will be followed.

G.H.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 07 February 2009 - 09:13 PM

Your welcome. Happy surfing again.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 PM

Posted 07 February 2009 - 09:14 PM

Since the problem appears to be resolved, this topic is now Closed
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users