Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer disabled upon Internet connection


  • This topic is locked This topic is locked
36 replies to this topic

#1 aokces

aokces

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:49 AM

Posted 18 February 2009 - 05:32 PM

My computer (xp home edition service pack2, using Avast Antivirus) freezes every time I connect to the Internet. The connection itself is successful, but as soon as I open an application that uses the Internet (a browser, program update, etc.) my computer slows down, and within a few seconds all I can use is my mouse. Mouse clicking, keyboard shortcuts, disconnecting from the Internet, and waiting all have no effect, and I am forced to reboot. However, if I connect to the Internet but don't run any programs that use the connection, nothing wrong happens.

I've scanned using Ad-Aware, SpybotSD, SUPERantispyware, MBAM, and Dr. Web Cure it. What I found (when I found anything) was a Vundo trojan, but after removal the same problem persists. Now I can only use the Internet in safe mode. A system restore also failed to solve the problem. Original post/logs of those scans is at http://www.bleepingcomputer.com/forums/t/203386/disabled-upon-internet-connection/

Thanks in Advance!

------------------------------------------------------------------

DDS (Ver_09-02-01.01) - NTFSx86
Run by aokces at 14:17:43.42 on Wed 02/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Home Edition 5.1.2600.2.1252.263.1033.18.638.269 [GMT -8:00]

AV: avast! antivirus 4.8.1296 [VPS 090204-0] *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\aokces\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.2345.com/?qq
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = PCM Internet
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHelperShimObj Class: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aokces\applic~1\mozilla\firefox\profiles\m9z71809.default\
FF - plugin: c:\documents and settings\aokces\application data\mozilla\firefox\profiles\m9z71809.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-13 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-6 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-4-3 353680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-6 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2006-5-14 155160]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2006-5-14 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2006-5-14 352920]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]

============== File Associations ===============

JSEFile=notepad.exe "%1" %*
VBEFile=notepad.exe "%1" %*
VBSFile=notepad.exe "%1" %*

=============== Created Last 30 ================

2009-02-16 13:48 --d----- c:\documents and settings\aokces\DoctorWeb
2009-02-13 10:45 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-13 10:10 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-13 09:49 -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-07 22:07 610 a------- c:\windows\entpack.ini
2009-02-07 21:17 0 a------- c:\windows\muveeapp.INI
2009-02-06 19:19 --d----- c:\docume~1\aokces\applic~1\.freeciv
2009-02-06 19:16 --d----- c:\docume~1\aokces\applic~1\.ggz
2009-02-06 19:15 --d----- c:\program files\Freeciv-2.1.8-gtk2
2009-02-06 09:18 --d----- C:\VundoFix Backups
2009-02-05 13:31 552 a------- c:\windows\system32\d3d8caps.dat
2009-02-05 13:20 --d----- c:\docume~1\aokces\applic~1\Malwarebytes
2009-02-05 13:20 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-05 13:20 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-05 13:19 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-05 13:19 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-04 15:41 107,864 a------- c:\windows\system32\tsccvid.dll
2009-02-04 15:41 --d----- c:\windows\system32\QuickTime
2009-02-04 15:40 --d----- c:\program files\common files\TechSmith Shared
2009-02-02 10:14 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-01-24 11:31 --d--r-- c:\program files\Wesnoth 1.5
2009-01-22 14:14 7,552 a------- c:\windows\system32\drivers\SONYPVU1.SYS
2009-01-22 14:14 7,552 a------- c:\windows\system32\dllcache\sonypvu1.sys
2009-01-20 18:38 --d----- c:\program files\NVIDIA Corporation
2009-01-20 18:38 151,552 a------- c:\windows\system32\nvRegDev.dll

==================== Find3M ====================

2009-02-03 14:24 138,512 ac------ c:\windows\system32\drivers\PnkBstrK.sys
2009-02-03 14:23 201,440 a------- c:\windows\system32\PnkBstrB.exe
2009-02-02 10:14 4,212 ac--h--- c:\windows\system32\zllictbl.dat
2008-12-12 17:21 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2008-12-12 17:21 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2008-12-12 17:19 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2008-12-11 03:57 333,184 a------- c:\windows\system32\dllcache\srv.sys
2007-05-19 17:33 1,531,496 -c-sh--- c:\windows\system32\mlkkj.bak2

============= FINISH: 14:18:57.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:49 PM

Posted 26 February 2009 - 01:27 PM

Hi aokces,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have run any tool or have made a major change to the system since your last post. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized).
  • Please copy and paste the content of just log.txt to your reply. No need for info.txt

    Note 1: If you have difficulty finding the log, the logs is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.

You might want to save this page on your favorites, so you can find it again when you return.

#3 aokces

aokces
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:49 AM

Posted 27 February 2009 - 01:07 PM

Since my last post I've ran A-squared, which quarantined a few things it found (mainly .exes for some old games I had), but I still have the same "slow down and freeze when I go on the internet" problem, but Safe Mode works fine (which is what I'm using now). Thanks for you help farbar!


Here's the Log, it sure is long...
-----------------------------------------------------------------------------
Logfile of random's system information tool 1.05 (written by random/random)
Run by aokces at 2009-02-27 10:01:19
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 3 GB (8%) free of 38 GB
Total RAM: 638 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:37 AM, on 2/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\aokces\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\aokces.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.2345.com/?qq
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3580 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
AcroIEHelperShimObj Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-11-13 981904]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-01 794624]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-11 339968]
"Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [2005-08-24 442455]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google IME Autoupdater]
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe [2007-08-29 251376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-10-31 284184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-11-15 746520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-15 244512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-07-23 341232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
C:\PROGRA~1\SBCSEL~1\bin\matcli.exe [2003-10-10 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^aokces^Start Menu^Programs^Startup^˰TQQ.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3
"avast! Mail Scanner"=3
"aawservice"=2
"Ati HotKey Poller"=2
"UleadBurningHelper"=2
"Lavasoft Ad-Aware Service"=2
"ImapiService"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=FF000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Starcraft\starcraft.exe"="C:\Program Files\Starcraft\starcraft.exe:*:Enabled:Starcraft"
"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Google\Google Earth\GoogleEarth.exe"="C:\Program Files\Google\Google Earth\GoogleEarth.exe:*:Enabled:Google Earth"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Civ3Conquests.exe"="C:\Program Files\Firaxis Games\Civilization III Complete\Conquests\Civ3Conquests.exe:*:Enabled:Civ3Conquests"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Program Files\DAUM\PotPlayer\daumvsvr.exe"="C:\Program Files\DAUM\PotPlayer\daumvsvr.exe:*:Enabled:VideoPot"
"C:\Program Files\DAUM\PotPlayer\PotPlayer.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayer.exe:*:Enabled:Daum ?????"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5da8b2ea-e710-11dd-a411-00904bf504fc}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5da8b2ef-e710-11dd-a411-00904bf504fc}]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8babd840-e505-11dd-a40d-00904bf504fc}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce907aa4-3d67-11db-bbaa-00c09fba2bc1}]
shell\AutoRun\command - H:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb460a2a-f47a-11dd-a444-00904bf504fc}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======File associations======

.js - open - notepad.exe "%1" %*
.vbs - open - notepad.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-02-27 10:01:19 ----D---- C:\rsit
2009-02-25 14:43:39 ----D---- C:\Program Files\a-squared Free
2009-02-07 22:07:22 ----A---- C:\WINDOWS\entpack.ini
2009-02-07 21:17:35 ----A---- C:\WINDOWS\muveeapp.INI
2009-02-06 19:19:30 ----D---- C:\Documents and Settings\aokces\Application Data\.freeciv
2009-02-06 19:16:21 ----D---- C:\Documents and Settings\aokces\Application Data\.ggz
2009-02-06 11:30:57 ----D---- C:\Documents and Settings\aokces\Application Data\U3
2009-02-06 09:18:58 ----D---- C:\VundoFix Backups
2009-02-06 09:18:58 ----A---- C:\VundoFix.txt
2009-02-05 13:20:05 ----D---- C:\Documents and Settings\aokces\Application Data\Malwarebytes
2009-02-05 13:19:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-05 13:19:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-05 09:50:25 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-04 15:41:32 ----A---- C:\WINDOWS\system32\tsccvid.dll
2009-02-04 15:41:30 ----D---- C:\WINDOWS\system32\QuickTime
2009-02-02 10:14:04 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-01-24 11:31:56 ----RD---- C:\Program Files\Wesnoth 1.5
2009-01-20 18:38:55 ----D---- C:\Program Files\NVIDIA Corporation
2009-01-20 18:38:10 ----A---- C:\WINDOWS\system32\nvRegDev.dll
2009-01-14 13:17:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-08 14:07:01 ----D---- C:\Documents and Settings\aokces\Application Data\Ulead Systems
2009-01-08 13:54:18 ----D---- C:\Program Files\Common Files\InterVideo
2009-01-08 13:54:06 ----D---- C:\Documents and Settings\All Users\Application Data\InterVideo
2009-01-08 13:52:46 ----D---- C:\Program Files\Windows Media Components
2009-01-08 13:50:13 ----D---- C:\Program Files\Common Files\Ulead Systems
2009-01-08 13:50:13 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2009-01-08 13:50:12 ----D---- C:\Program Files\Ulead Systems
2009-01-08 11:39:21 ----A---- C:\WINDOWS\system32\msvcr71d.dll
2009-01-08 11:38:49 ----A---- C:\WINDOWS\system32\devil.dll
2009-01-08 11:38:48 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-01-08 11:38:46 ----D---- C:\Program Files\Magic Video Converter
2009-01-07 10:51:12 ----D---- C:\SAVE
2009-01-05 14:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-17 18:59:04 ----A---- C:\WINDOWS\_delis43.ini
2008-12-17 18:42:07 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-17 09:57:29 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-17 09:54:56 ----D---- C:\Program Files\Family Tree Maker 2008
2008-12-16 12:27:19 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-12-15 18:02:07 ----A---- C:\WINDOWS\CoDUO.INI
2008-12-12 16:07:06 ----D---- C:\Documents and Settings\aokces\Application Data\Orbit
2008-12-12 13:59:13 ----A---- C:\WINDOWS\system32\rmc_fixasf.exe
2008-12-12 13:59:12 ----A---- C:\WINDOWS\system32\rmc_rtspdl.dll
2008-12-12 13:47:27 ----A---- C:\WINDOWS\system32\AUDIOGENIE2.DLL
2008-12-12 13:47:07 ----D---- C:\WINDOWS\Replay Media Catcher
2008-12-12 13:37:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 13:37:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 13:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-12 13:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 13:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-12 13:35:48 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 13:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-12 12:20:14 ----D---- C:\Documents and Settings\aokces\Application Data\Eltima Software
2008-12-11 22:20:36 ----A---- C:\WINDOWS\CIV.INI

======List of files/folders modified in the last 3 months======

2009-02-27 09:50:48 ----D---- C:\WINDOWS\Internet Logs
2009-02-27 09:49:15 ----D---- C:\Program Files\Mozilla Firefox
2009-02-27 09:44:50 ----D---- C:\WINDOWS\Temp
2009-02-26 14:29:24 ----D---- C:\Program Files\Starcraft
2009-02-25 15:24:07 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-25 14:43:39 ----RD---- C:\Program Files
2009-02-25 11:30:00 ----D---- C:\Games
2009-02-25 10:13:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-25 10:13:22 ----D---- C:\WINDOWS\Prefetch
2009-02-25 10:06:02 ----AH---- C:\boot.ini
2009-02-25 10:06:02 ----A---- C:\WINDOWS\win.ini
2009-02-25 10:06:02 ----A---- C:\WINDOWS\SYSTEM.INI
2009-02-24 22:55:32 ----RD---- C:\Program Files\Warcraft III
2009-02-24 14:45:13 ----D---- C:\Program Files\Trillian
2009-02-22 14:55:40 ----RD---- C:\Program Files\Firaxis Games
2009-02-22 14:54:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-22 14:54:42 ----SHD---- C:\WINDOWS\Installer
2009-02-22 14:54:41 ----D---- C:\Config.Msi
2009-02-21 19:23:21 ----AC---- C:\WINDOWS\system32\CmdLineExt.dll
2009-02-21 19:05:47 ----D---- C:\WINDOWS\system32
2009-02-21 19:04:18 ----D---- C:\WINDOWS
2009-02-21 19:03:35 ----D---- C:\Program Files\Common Files
2009-02-21 19:00:05 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-02-21 18:59:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-21 18:59:44 ----D---- C:\WINDOWS\system32\drivers
2009-02-18 14:20:36 ----D---- C:\Program Files\WinAce
2009-02-13 10:14:06 ----SD---- C:\WINDOWS\Tasks
2009-02-13 10:11:40 ----D---- C:\WINDOWS\Minidump
2009-02-13 10:10:30 ----HD---- C:\WINDOWS\inf
2009-02-13 10:09:04 ----D---- C:\WINDOWS\WinSxS
2009-02-13 09:55:42 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-11 14:12:11 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-02-10 14:00:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-10 13:57:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-06 12:48:44 ----D---- C:\Documents and Settings\aokces\Application Data\BitTorrent
2009-02-03 14:23:12 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-02-02 10:18:57 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-01-24 10:11:30 ----D---- C:\WINDOWS\system32\DirectX
2009-01-24 10:10:43 ----RSD---- C:\WINDOWS\assembly
2009-01-22 22:30:07 ----D---- C:\Documents and Settings\aokces\Application Data\InstallShield Installation Information
2009-01-16 22:20:40 ----D---- C:\Program Files\Steam
2009-01-16 20:19:02 ----D---- C:\Program Files\Movie Maker
2009-01-14 13:16:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-08 14:28:18 ----D---- C:\Program Files\WarZone
2009-01-08 14:27:51 ----D---- C:\Documents and Settings\aokces\Application Data\WarZone
2009-01-08 14:15:54 ----D---- C:\Documents and Settings\aokces\Application Data\Hamachi
2009-01-08 13:52:28 ----RSD---- C:\WINDOWS\Fonts
2009-01-08 13:48:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-07 18:59:34 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-24 23:12:39 ----D---- C:\WINDOWS\system32\config
2008-12-24 23:11:44 ----D---- C:\WINDOWS\system32\wbem
2008-12-24 23:11:44 ----D---- C:\WINDOWS\Registration
2008-12-16 15:16:41 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-16 15:03:37 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-16 14:58:28 ----D---- C:\Program Files\internet explorer
2008-12-16 14:49:57 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-16 12:56:52 ----D---- C:\Program Files\Google
2008-12-12 16:08:43 ----D---- C:\Downloads
2008-12-12 11:55:42 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-11-13 353680]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-12-17 424320]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-05-12 223128]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
S1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
S1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-11 1035264]
S3 BRIDGE;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-01-18 55320]
S3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-18 38016]
S3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18 349696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-08-19 15440]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
S3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-11-15 1678368]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-11-15 1962912]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2006-11-15 24736]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-11-10 40352]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\drivers\mcdbus.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2006-11-10 13344]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2006-11-10 933536]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-03 74496]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-11-13 2405776]
S2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-02-25 421496]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
S2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-02-22 38912]
S2 LVPrcSrv;Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-11-15 109344]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-03-18 66872]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-11 360448]
S4 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-11-15 101152]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:49 PM

Posted 27 February 2009 - 03:00 PM

Hi again,

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Empty all p2p (Bitlord, uTorrent, etc...) download folders. They might contain infected files. Please avoid using these p2p applications or uninstall them (you might have uninstalled them already) . Using these applications at this stage might lead to reinfection or infecting other users.

  • Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you remove the program if you are not using it.
    If you decided to uninstall it click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:

    Viewpoint Media Player.

    Also remove the folder in bold: C:\Program Files\Viewpoint

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.2345.com/?qq

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
  • Download SREng
    • Extract it to Desktop and double click SREngLdr.EXE to run it
    • Select System Repair from the left pane.
    • Click on File Association
    • Select all entries that has an Error status click [Repair]
    • Refer to this image for an example:

      Posted Image
    • In your case, it would be .JS and .vbs
    • Close SREng now.
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.
Please include in your next reply:
  • The Combofix log.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went. Tell me also how is your computer running.


#5 aokces

aokces
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:49 AM

Posted 27 February 2009 - 06:34 PM

Followed all the instructions with a few minor issues
-the SREng link was broken, but I was able to find another
-after running combo fix and the log popped up, My desktop, icons, and start menu was gone, so I manually rebooted
-I rebooted in normal mode; I now have a "recovery console" option next to "xp home edition" and it chose XP Home
by default. Upon startup my desktop appeared, but everything but my mouse was frozen (same situation as if I had connected to the Internet). I reboot again in normal mood and its okay, but startup was slower than usual. I go online and open up Firefox, and my computer doesn't crash immediately. I make it all the way to the BleepingComputer login page before it crashes (~20 seconds, better than before at least)

I got a message that Avast Antivirus was running during the ComboFix, but I didn't see it in the task manager or the icon tray (I was in safe mode and Avast doesn't/shouldn't run on startup)

When I ran HJT I noticed that the "R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.2345.com/?qq""]http://www.2345.com/?qq"[/url] you asked me to remove (and I did) reappeared. I selected and fixed it again. Not sure if that's significant.

Here's the ComboFix and HJT logs. Thanks for your continued support!
----------------------------------------------

ComboFix 09-02-27.01 - aokces 2009-02-27 14:31:45.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.263.1033.18.638.336 [GMT -8:00]
Running from: c:\documents and settings\aokces\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090204-0] *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\mlkkj.bak2

.
((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.

2009-02-27 14:17 . 2009-02-27 14:17 <DIR> d-------- c:\program files\CCleaner
2009-02-27 10:01 . 2009-02-27 10:01 <DIR> d-------- C:\rsit
2009-02-25 14:43 . 2009-02-25 14:55 <DIR> d-------- c:\program files\a-squared Free
2009-02-16 13:48 . 2009-02-16 16:46 <DIR> d-------- c:\documents and settings\aokces\DoctorWeb
2009-02-16 09:38 . 2009-02-16 09:38 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-07 22:07 . 2009-02-07 22:08 610 --a------ c:\windows\entpack.ini
2009-02-07 21:17 . 2009-02-07 21:17 0 --a------ c:\windows\muveeapp.INI
2009-02-06 19:19 . 2009-02-06 20:38 <DIR> d-------- c:\documents and settings\aokces\Application Data\.freeciv
2009-02-06 19:16 . 2009-02-06 19:16 <DIR> d-------- c:\documents and settings\aokces\Application Data\.ggz
2009-02-06 11:30 . 2009-02-06 11:31 <DIR> d-------- c:\documents and settings\aokces\Application Data\U3
2009-02-06 09:18 . 2009-02-06 09:18 <DIR> d-------- C:\VundoFix Backups
2009-02-05 13:31 . 2009-02-05 13:31 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-05 13:20 . 2009-02-05 13:20 <DIR> d-------- c:\documents and settings\aokces\Application Data\Malwarebytes
2009-02-05 13:20 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-05 13:20 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-05 13:19 . 2009-02-05 13:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-05 13:19 . 2009-02-05 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-05 12:14 . 2009-02-05 12:14 0 --a------ c:\windows\nsreg.dat
2009-02-05 09:53 . 2009-02-05 09:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-02-04 15:41 . 2009-02-04 15:41 <DIR> d-------- c:\windows\system32\QuickTime
2009-02-04 15:41 . 2008-07-10 13:56 107,864 --a------ c:\windows\system32\tsccvid.dll
2009-02-02 10:14 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 22:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-27 22:13 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-27 22:10 --------- d-----w c:\documents and settings\aokces\Application Data\BitTorrent
2009-02-27 21:21 --------- d-----w c:\program files\Trillian
2009-02-26 22:29 --------- d-----w c:\program files\Starcraft
2009-02-25 06:55 --------- d-----r c:\program files\Warcraft III
2009-02-24 18:37 64,625 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_24_10_35_42_small.dmp.zip
2009-02-22 22:55 --------- d-----r c:\program files\Firaxis Games
2009-02-22 22:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 03:23 98,304 -c--a-w c:\windows\system32\CmdLineExt.dll
2009-02-22 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-18 22:20 --------- d-----w c:\program files\WinAce
2009-02-17 01:00 136,704 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-02-16 04:28 --------- d-----r c:\program files\Wesnoth 1.5
2009-02-13 17:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-10 21:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-07 01:24 36,864 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-02-06 21:33 24,576 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-02-06 21:23 360,448 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-02-06 21:09 3,907,072 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-02-05 20:38 3,902,976 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-02-05 17:46 20,992 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-02-05 17:32 17,920 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-02-05 17:22 5,225,472 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-02-03 22:24 138,512 -c--a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-03 22:23 201,440 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-23 06:30 --------- d-----w c:\documents and settings\aokces\Application Data\InstallShield Installation Information
2009-01-21 02:38 --------- d-----w c:\program files\NVIDIA Corporation
2009-01-21 02:37 151,552 ----a-w c:\windows\system32\nvRegDev.dll
2009-01-17 20:18 --------- d-----w c:\program files\Magic Video Converter
2009-01-17 06:20 --------- d-----w c:\program files\Steam
2009-01-08 22:28 --------- d-----w c:\program files\WarZone
2009-01-08 22:27 --------- d-----w c:\documents and settings\aokces\Application Data\WarZone
2009-01-08 22:15 --------- d-----w c:\documents and settings\aokces\Application Data\Hamachi
2009-01-08 22:11 --------- d-----w c:\documents and settings\aokces\Application Data\Ulead Systems
2009-01-08 22:06 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-01-08 21:54 --------- d-----w c:\program files\Common Files\InterVideo
2009-01-08 21:54 --------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2009-01-08 21:52 --------- d-----w c:\program files\Windows Media Components
2009-01-08 21:52 --------- d-----w c:\program files\Common Files\Ulead Systems
2009-01-08 21:50 --------- d-----w c:\program files\Ulead Systems
2008-12-13 01:21 237,568 ----a-w c:\windows\system32\rmc_rtspdl.dll
2008-12-13 01:21 156,672 ----a-w c:\windows\system32\rmc_fixasf.exe
2008-12-13 01:19 323,584 ----a-w c:\windows\system32\AUDIOGENIE2.DLL
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^aokces^Start Menu^Programs^Startup^˰TQQ.lnk]
backup=c:\windows\pss\˰TQQ.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google IME Autoupdater]
--a--c--- 2007-08-29 00:26 251376 c:\program files\Google\Google Pinyin\GooglePinyinDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-02-16 22:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2004-10-13 15:04 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a--c--- 2006-10-31 00:03 284184 c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a--c--- 2006-11-15 20:58 746520 c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a--c--- 2006-11-15 21:01 244512 c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2005-02-02 04:11 692316 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2005-02-02 04:12 102492 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--------- 2007-07-23 13:55 341232 c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"aawservice"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"UleadBurningHelper"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"ImapiService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\Google\\Google Earth\\GoogleEarth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 111184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-06 20560]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5da8b2ea-e710-11dd-a411-00904bf504fc}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5da8b2ef-e710-11dd-a411-00904bf504fc}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8babd840-e505-11dd-a40d-00904bf504fc}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce907aa4-3d67-11db-bbaa-00c09fba2bc1}]
\Shell\AutoRun\command - H:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb460a2a-f47a-11dd-a444-00904bf504fc}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2008-08-29 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-29 09:28]

2007-10-13 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-01-29 09:28]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-eabconfg - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = PCM Internet
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\aokces\Application Data\Mozilla\Firefox\Profiles\m9z71809.default\
FF - plugin: c:\documents and settings\aokces\Application Data\Mozilla\Firefox\Profiles\m9z71809.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
.
------- File Associations -------
.
JSEFile=notepad.exe "%1" %*
VBEFile=notepad.exe "%1" %*
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 14:33:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?1?3?2??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-27 14:37:41
ComboFix-quarantined-files.txt 2009-02-27 22:36:53

Pre-Run: 8,213,069,824 bytes free
Post-Run: 8,200,081,408 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
252 --- E O F --- 2009-01-14 21:17:30

--------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:52 PM, on 2/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3449 bytes

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:49 PM

Posted 28 February 2009 - 07:42 AM

Nice through job and detailed feedback. Thanks also for mentioning the broken link, I corrected mine too. :thumbup2:

I understand you are using Firefox. We want to fix both Firefox and IE. So also give me feedback about IE.
  • Go to start > Run copy/paste the following line in the run box and click OK.

    sc delete PSEXESVC

  • We need to uninstall Zone Alarm. It is a heavy weight application consuming a lot of system resources. Besides if it starts malfunctioning it is hard to disable its service fully to see its affect on the system. We can later on, when the system is stable, install a better free firewall. So please go to Add/Remove programs and uninstall ZoneAlarm. Then reboot the system.

  • Open notepad, make sure the wordwrap under format menu is not selected
    Copy and paste the text in the code box in it:

    @echo off
    regedit /e Check1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main"
    regedit /e Check2.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main"
    regedit /e Check3.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer"
    regedit /e Check4.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard"
    regedit /e Check5.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system"
    regedit /e Check6.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system"
    Type Check*.txt > Export.txt
    del /q Check*.txt 
    notepad Export.txt
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: look.bat
    • Save as type: All files.
    • Click save
    • Close the Notepad.
    • Locate and double-click look.bat on the desktop.
    • Notepad will open with some text in it. Attach the contents (Export.txt) to your next reply.
  • To remove temporary files, disable browser add-ons, and reset all the changed settings:
    • Close all the open windows.
    • Go to start > Control Panel.
    • Open Internet Options.
    • Click the Advanced tab, and then click Reset.
    • Click Reset again and OK.
    • Run Internet Explorer and tell what you see.
  • Please run Firefox.
    • Under the Tools menu select Options...
    • Under Content tab put a checkmark in the boxes next to the following options:
      • Block pop-up windows
      • Load images automatically.
      • Enable JavaScript.
      • Enable Java.
    • Click OK and close the Firefox.
    • Restart the Firefox and see if you have still problem.
  • Please copy and paste a fresh Hijackthis log to your reply and give me feedback about how your computer is behaving now.


#7 aokces

aokces
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:49 AM

Posted 28 February 2009 - 02:50 PM

When I opened IE it showed me a settings page. I ignored, typed in yahoo.com to the URL and my computer froze.
I haven't used IE for a long time, last year I had a problem where it kept opening up tabs nonstop with 'page not found' errors so I just stopped using it. IE still works fine in safe mode though.

As for Firefox, only "block pop-ups" was not checked (to run some flash apps) and it works pretty much the same. It still lasts 20-30 seconds before crashing. Through some experimenting, I've found that if I turned off FF quickly after opening the browser it doesn't freeze, but if I wait a little longer to close it it'll still freeze shortly, even if FF is closed.

Also, before the freeze (while FF was off), I noticed that my wireless icon in the control tray was flashing/lit, but it shouldn't be sending/receiving anything, though maybe it was Avast (or window automatic updates) trying to passively update itself. I'm gonna keep experimenting when I have time.

Browsers aside, it also freezes in a few seconds if I try to update my anti-virus or connect to a server via another program.
----------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:36 AM, on 2/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4626 bytes

#8 aokces

aokces
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:49 AM

Posted 28 February 2009 - 02:51 PM

Oh, and the Export log

Attached Files



#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:49 PM

Posted 28 February 2009 - 09:22 PM

  • Could you remember when the problem started, I mean what was the system change like installing or updating a software. For example I see Camtasia Studio 6 was installed on 2/4/2009 3:39:50 PM . Did you have the issue before that?

  • There is still a service related to a-square while there is no a-square on the program list. It is probably a leftover. To remove it go to start > Run copy/paste the following line in the run box and click OK.

    sc stop a2free
    sc delete a2free


  • Turn off Windows automatic updates to rule out this one:
    • Go to start -> Control Panel -> double-click System to open it.
    • Go to the Automatic Updates tab.
    • Select the "Turn off Automatic Updates" box.
    • Click Apply and then OK.
    • Important: Reboot.
  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Page_Transitions"=dword:00000001
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
    "iexplore.exe"=dword:00000001
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings]
    "LOCALMACHINE_CD_UNLOCK"=dword:00000000
    
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=dword:03ffffff
    "NoDriveTypeAutoRun"=dword:00000143
    "NoDrives"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard]
    "ShellNext"=-
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard]
    "ShellNext"="http://windowsupdate.microsoft.com/"
    "Completed"=hex:01,00,00,00
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Clear the Java Plug-in cache:
    • Click Start > Control Panel.
    • Double-click the Java icon in the control panel to open Java Control Panel.
    • Under Temporary Internet Files Click Settings to open Temporary Files dialog box.
    • Click Delete Files to open the Delete Temporary Files dialog box.
    • Make sure all the options are checked. Click OK.
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • This is just a test to see if IE stands enough. Go to start > All programs > Windows update
    • If needed accept downloading and installing Active X.
    • Press Custom button.
    • It takes a while until Windows find the updates.
    • Install all updates related to IE 7 and reboot if needed.
  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:


    @echo off
    >Log1.txt (
    nslookup google.com
    nslookup yahoo.com
    nslookup windowsupdate.microsoft.com
    ping -n 2 google.com
    ping -n 2 yahoo.com
    ping -n 2 windowsupdate.microsoft.com
    echo.
    route print
    )
    start Log1.txt
    Del %0
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: test.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate and double-click tast.bat on the desktop.
    • A notepad opens, copy and paste the content it (log.txt) to your reply.
  • Go to start > Run copy/paste the following line in the run box and click OK after each line.

    notepad C:\windows\system32\drivers\etc\hosts

    A text file opens. Please post its content to your reply.

  • Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
      • Sections
      • IAT/EAT
      • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
    • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
    • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Please copy and paste a fresh Hijackthis log to your reply.


#10 aokces

aokces
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:49 AM

Posted 02 March 2009 - 02:31 PM

I don't remember when/how the problem started, but it was a few days after (the 7th or 9th?) I got Camtasia (which I uninstalled last week), and I don't think I made any updates/installs just prior to the freezing. Earlier I was downloading movies (from some possibly shady sites), and I had assumed that one of the sites gave me the problem.

Also, I couldn't do step 7 (updating internet explorer). When I chose custom or express install I got a page load error.
Thank you again for patiently going through all these tests. Here's the four logs (updated MBAM, but it didn't pick up anything)
----------------------
Server: dslrouter
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.45.100, 209.85.171.100, 74.125.67.100

Server: dslrouter
Address: 192.168.1.1

Name: yahoo.com
Addresses: 206.190.60.37, 68.180.206.184

Server: dslrouter
Address: 192.168.1.1

Name: windowsupdate.microsoft.nsatc.net
Address: 207.46.18.94
Aliases: windowsupdate.microsoft.com



Pinging google.com [74.125.45.100] with 32 bytes of data:



Reply from 74.125.45.100: bytes=32 time=104ms TTL=240

Reply from 74.125.45.100: bytes=32 time=104ms TTL=239



Ping statistics for 74.125.45.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 104ms, Maximum = 104ms, Average = 104ms



Pinging yahoo.com [206.190.60.37] with 32 bytes of data:



Reply from 206.190.60.37: bytes=32 time=117ms TTL=55

Reply from 206.190.60.37: bytes=32 time=114ms TTL=55



Ping statistics for 206.190.60.37:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 114ms, Maximum = 117ms, Average = 115ms



Pinging windowsupdate.microsoft.nsatc.net [207.46.18.94] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 207.46.18.94:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),


===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 90 4b f5 04 fc ...... Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.101 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.101 192.168.2.101 25
192.168.2.101 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.2.255 255.255.255.255 192.168.2.101 192.168.2.101 25
224.0.0.0 240.0.0.0 192.168.2.101 192.168.2.101 25
255.255.255.255 255.255.255.255 192.168.2.101 192.168.2.101 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

#11 aokces

aokces
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:49 AM

Posted 02 March 2009 - 02:33 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-02 10:54:37
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEED4D576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEED4D432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEED4D910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEED4D00A]
SSDT sptd.sys ZwEnumerateKey [0xF8647C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF8647FF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEED4D50C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEED4CF4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEED4CFAE]
SSDT sptd.sys ZwQueryKey [0xF86480C0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEED4D62C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEED4D5EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEED4D76C]

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8359C808

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\00000056 \Device\00000053 sptd.sys

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8359CEB0
Device \Driver\Cdrom \Device\CdRom0 83444490
Device \FileSystem\Rdbss \Device\FsWrap 82FB4EB0
Device \Driver\Cdrom \Device\CdRom1 83444490
Device \Driver\Cdrom \Device\CdRom2 83444490
Device \Driver\Cdrom \Device\CdRom3 83444490
Device \Driver\NetBT \Device\NetBt_Wins_Export 82F8B818
Device \Driver\NetBT \Device\NetbiosSmb 82F8B818
Device \Driver\NetBT \Device\NetBT_Tcpip_{529B9E0A-B319-4D6F-90D3-C9C2B4007890} 82F8B818

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk0\DR0 8359CA40

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82F8BB30
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82F8BB30
Device \FileSystem\Npfs \Device\NamedPipe 831BAEB0
Device \Driver\Ftdisk \Device\FtControl 8359CEB0
Device \FileSystem\Msfs \Device\Mailslot 8310DAA8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 832750E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 832750E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 832750E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 832750E8
Device \FileSystem\Cdfs \Cdfs 83298548

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0xE3 0xB7 0x3F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0xEC 0x6D 0x79 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6C 0x38 0x37 0xA6 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4A 0xAF 0x42 0x96 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1E 0x4C 0xF8 0x91 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x5B 0x36 0x06 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0xE3 0xB7 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0xEC 0x6D 0x79 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6C 0x38 0x37 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4A 0xAF 0x42 0x96 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x41 0x21 0x21 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x5B 0x36 0x06 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -206591438
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -70768747
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1058954367
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0xE3 0xB7 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0xEC 0x6D 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6C 0x38 0x37 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4A 0xAF 0x42 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x54 0xC6 0x5C 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x45 0x09 0xDB 0x61 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0xE3 0xB7 0x3F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0xEC 0x6D 0x79 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6C 0x38 0x37 0xA6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x4A 0xAF 0x42 0x96 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x54 0xC6 0x5C 0x4D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x45 0x09 0xDB 0x61 ...

---- EOF - GMER 1.0.14 ----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:36 AM, on 3/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4509 bytes

#12 aokces

aokces
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:49 AM

Posted 02 March 2009 - 02:37 PM

For Step 9 you asked me to

"Go to start > Run copy/paste the following line in the run box and click OK after each line.

notepad C:\windows\system32\drivers\etc\hosts"

I'm not sure what you mean by "click OK after each line", I didn't get an option like that, but I did get a notepad file. It was was to long too post, so I'm attaching it.

Attached Files


Edited by aokces, 02 March 2009 - 02:42 PM.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:49 PM

Posted 02 March 2009 - 04:43 PM

aokces,

You have the step 9, and all the other steps thoroughly. The instruction was confusing, my apologies, as there was no more than one line.

So we have checked some areas and they are OK. The problem doesn't seem malware related. We have to check some other area.

Please give me feedback on these questions?

Also, I couldn't do step 7 (updating internet explorer). When I chose custom or express install I got a page load error.


a. So this time the computer didn't freeze?

b. Do you have your Windows installation CD. We might it the next step.

c. You seem to have a router isn't it? If yes does any other computer attached to it has any updating problem?
  • Since you are using a large hosts file you should set the DNS service to manual if you haven't done it. Go to start > Run copy/paste the following line in the run box and click OK.

    sc config Dnscache start= demand

  • Download Dial-a-fix from djlizard.net
    • Unzip the file and doubleclick Dial-a-fix.exe to start the program.
    • Press double green checkmark - "Check all"- to turn everything on.
    • Close all other open windows.
    • Press "GO" to start processing all checkmarked items.
    • REBOOT your computer afterwards, important.
      Note: It does no harm to apply the fix even twice. Rebooting is important.
  • After applying Dial-a-fix please repeat the Windows update from previous post and tell me how it went.

  • Please download http://OTListIt2 by OldTimer.
    • Save it to your desktop.
    • Double click on the OTListIt2 icon on your desktop.
    • Check under Services All.
    • Set Extra Registry to Use Safelist
  • Click Run Scan button.
  • Two reports will open, please attach them to your reply:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#14 aokces

aokces
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:09:49 AM

Posted 02 March 2009 - 07:40 PM

The computer does not freeze when I try to update on IE. The message is "[Error number: 0x8007043C]
The website has encountered a problem and cannot display the page you are trying to view. " Do i have to have Automatic Updates on for this to work? Unfortunately I cannot turn it on in safe mode (from services), and cannot go online in normal mode.

I'm connecting using a Linksys wireless router. The problem does not occur on the other computers, and I've had the same freezing issue connecting to other networks. Can't find my windows xP CD, have been looking for it a month ago and have given up. Since the problem doesn't seem to be Malware related, are you suggesting some form of reformatting?


Here are the logs

OTListIt Extras logfile created on: 3/2/2009 4:30:02 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.3 Folder = C:\Documents and Settings\aokces\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.48 Mb Total Physical Memory | 404.21 Mb Available Physical Memory | 63.31% Memory free
858.69 Mb Paging File | 736.92 Mb Available in Paging File | 85.82% Paging File free
Paging file location(s): C:\pagefile.sys 256 256;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 7.67 Gb Free Space | 20.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 2.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 384.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC343027361144
Current User Name: aokces
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/01/09 14:57:43 | 01,220,608 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Starcraft\starcraft.exe:*:Enabled:Starcraft
[2007/11/13 17:59:08 | 00,069,632 | ---- | M] (Google) -- C:\Program Files\Google\Google Earth\GoogleEarth.exe:*:Enabled:Google Earth
[2004/10/13 15:12:04 | 08,759,808 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes
[2000/07/28 12:33:14 | 02,555,949 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II
[2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/10/04 22:18:32 | 00,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
[2003/05/27 13:44:36 | 01,396,808 | ---- | M] () -- C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
[2004/08/04 00:00:00 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server
[2008/12/16 12:16:10 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2007/07/17 23:11:26 | 10,407,936 | ---- | M] (Firaxis Games) -- C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
[2007/09/22 21:48:34 | 09,976,832 | ---- | M] (Firaxis Games) -- C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords
[2007/05/16 18:57:52 | 08,581,120 | ---- | M] (Firaxis Games) -- C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10110FE9-1EE8-4A3D-ADFD-1294F86BE5FC}" = Logitech QuickCam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}" = Family Tree Maker 2008
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A2
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A71E27C-07D2-4CB8-ACA9-165242416758}" = Digital Video
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110378170}" = Catan - The Computer Game
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D1E8DC27-C3CD-4DD8-B37B-D26D7D7CFCBD}" = HP User Guides 0002
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"All ATI Software" = ATI - Software Uninstall Utility
"a-squared Free_is1" = a-squared Free 4.0
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"AviSplit Classic (Freeware)_is1" = AviSplit Classic Version 1.42
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.4
"Battleship Chess v2.1 DEMO_is1" = Battleship Chess v2.1 DEMO
"Battleship Chess v2.2 DEMO_is1" = Battleship Chess v2.2 DEMO
"Battleship_is1" = Battleship
"BroadJump Client Foundation" = BroadJump Client Foundation
"BUG Mod" = BUG Mod
"Canon iP1800 series User Registration" = Canon iP1800 series User Registration
"Civ3 MultiTool" = Civ3 MultiTool
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C" = Data Fax SoftModem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DDS Converter 2.1" = DDS Converter 2.1
"Dr.eye English/Japanese/Chinese" = Dr.eye English/Japanese/Chinese
"Dr.eye English/Japanese/Chinese-Voice Assistant " = Dr.eye English/Japanese/Chinese-Voice Assistant

"DVDx_is1" = DVDx
"ForceBindIP" = ForceBindIP
"GooglePinyin" = Google Pinyin IME
"GoogleVideoPlayer" = Google Video Player
"GRE POWERPREP" = GRE POWERPREP
"Half-Life: Blue Shift" = Half-Life: Blue Shift
"Half-Life: Opposing Force" = Half-Life: Opposing Force
"Hamachi" = Hamachi 1.0.1.1
"HijackThis" = HijackThis 2.0.2
"Homeworld2" = Homeworld2
"IBS" = IBS
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}" = Family Tree Maker 2008
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"IrfanView" = IrfanView (remove only)
"JEOPARDY! 21.0" = JEOPARDY! 2
"Kanji Gold_is1" = Kanji Gold 2.10
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Natural Selection_is1" = Natural Selection 3.2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Oregon Trail II" = Oregon Trail II
"PrimoPDF3.0" = PrimoPDF
"QcDrv" = Logitech Camera Driver
"RealPlayer 6.0" = RealPlayer
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Replay Media Catcher" = Replay Media Catcher
"Replay Media Catcher 3.01" = Replay Media Catcher 3.01
"Risk WarZone Client" = Risk WarZone Client
"SBC.MCCInstall" = AT&T Self Support Tool
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Softnyx Launcher_is1" = Softnyx Launcher
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Starcraft" = Starcraft
"Steam App 20" = Team Fortress Classic
"Steam™" = Steam™
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"Tweak Manager_is1" = Tweak Manager 2.1
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WarZone Client v1.0.41" = WarZone Client v1.0.41
"WarZone Client v1.0.44" = WarZone Client v1.0.44
"WGA" = Windows Genuine Advantage Validation Tool
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = The GIMP 2.2.13
"WinGTK-2_is1" = GTK+ 2.8.18-1 runtime environment
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"BitTorrent" = BitTorrent
"Warcraft III" = Warcraft III: All Products
"Warcraft III Demo" = Warcraft III Demo

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/5/2008 6:43:56 PM | Computer Name = PC343027361144 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\RCMPCSHFN.DLL failed, 0000001E.


Error - 2/6/2009 5:48:03 PM | Computer Name = PC343027361144 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\ipsmsnap.dll failed, 0000001E.

Error - 2/10/2009 9:13:05 PM | Computer Name = PC343027361144 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\ipsmsnap.dll failed, 0000001E.

Error - 2/17/2009 2:00:48 PM | Computer Name = PC343027361144 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\_ISUSRES.DLL failed,
0000001E.

Error - 2/17/2009 2:15:43 PM | Computer Name = PC343027361144 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MPBDGT.DLL failed, 0000001E.


Error - 2/17/2009 2:16:13 PM | Computer Name = PC343027361144 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\RCMPCSHFN.DLL failed, 0000001E.


Error - 2/17/2009 2:37:52 PM | Computer Name = PC343027361144 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP749\A0239820.DLL
failed, 0000001E.

Error - 2/17/2009 2:56:14 PM | Computer Name = PC343027361144 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\F079F64483DE750433B596960466DD78\SP2QFE\URLMON.DLL
failed, 0000001E.

Error - 2/21/2009 11:28:46 PM | Computer Name = PC343027361144 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Firaxis Games\Civilization III Complete\Civ3Edit.exe failed, 0000001E.


Error - 2/22/2009 3:25:47 PM | Computer Name = PC343027361144 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Firaxis Games\Civilization III Complete\Civ3Edit.exe failed, 0000001E.


[ Application Events ]
Error - 2/13/2009 1:55:47 PM | Computer Name = PC343027361144 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISDED53B0BB67C4244AE6AD6FD3C28D1EF_7_1_0_7.MSI is not permitted due to
an error in software restriction policy processing. The object cannot be trusted.

Error - 2/13/2009 2:10:05 PM | Computer Name = PC343027361144 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/14/2009 10:51:08 PM | Computer Name = PC343027361144 | Source = Application Error | ID = 1000
Description = Faulting application starcraft.exe, version 1.16.1.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 2/19/2009 11:41:59 PM | Computer Name = PC343027361144 | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module unknown,
version 0.0.0.0, fault address 0x00030009.

Error - 2/27/2009 6:59:03 PM | Computer Name = PC343027361144 | Source = ESENT | ID = 454
Description = wuauclt (3588) Database recovery/restore failed with unexpected error
-1014.

Error - 2/28/2009 4:05:41 PM | Computer Name = PC343027361144 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x000184ad.

Error - 2/28/2009 4:05:53 PM | Computer Name = PC343027361144 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

[ Application Events ]
Error - 2/13/2009 1:55:47 PM | Computer Name = PC343027361144 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISDED53B0BB67C4244AE6AD6FD3C28D1EF_7_1_0_7.MSI is not permitted due to
an error in software restriction policy processing. The object cannot be trusted.

Error - 2/13/2009 2:10:05 PM | Computer Name = PC343027361144 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/14/2009 10:51:08 PM | Computer Name = PC343027361144 | Source = Application Error | ID = 1000
Description = Faulting application starcraft.exe, version 1.16.1.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 2/19/2009 11:41:59 PM | Computer Name = PC343027361144 | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, faulting module unknown,
version 0.0.0.0, fault address 0x00030009.

Error - 2/27/2009 6:59:03 PM | Computer Name = PC343027361144 | Source = ESENT | ID = 454
Description = wuauclt (3588) Database recovery/restore failed with unexpected error
-1014.

Error - 2/28/2009 4:05:41 PM | Computer Name = PC343027361144 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x000184ad.

Error - 2/28/2009 4:05:53 PM | Computer Name = PC343027361144 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

[ System Events ]
Error - 3/2/2009 8:27:45 PM | Computer Name = PC343027361144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/2/2009 8:27:47 PM | Computer Name = PC343027361144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/2/2009 8:28:00 PM | Computer Name = PC343027361144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/2/2009 8:28:37 PM | Computer Name = PC343027361144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/2/2009 8:28:38 PM | Computer Name = PC343027361144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/2/2009 8:28:52 PM | Computer Name = PC343027361144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 3/2/2009 8:28:54 PM | Computer Name = PC343027361144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 3/2/2009 8:28:56 PM | Computer Name = PC343027361144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error - 3/2/2009 8:28:57 PM | Computer Name = PC343027361144 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/2/2009 8:29:10 PM | Computer Name = PC343027361144 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{529B9E0A-B319-4D6F-90D3-C9C2B4007890}. The
backup browser is stopping.


< End of report >


OTListIt logfile created on: 3/2/2009 4:30:02 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.3 Folder = C:\Documents and Settings\aokces\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.48 Mb Total Physical Memory | 404.21 Mb Available Physical Memory | 63.31% Memory free
858.69 Mb Paging File | 736.92 Mb Available in Paging File | 85.82% Paging File free
Paging file location(s): C:\pagefile.sys 256 256;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 7.67 Gb Free Space | 20.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 2.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 384.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC343027361144
Current User Name: aokces
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (All) ==========

PRC - [2004/08/04 00:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
PRC - [2004/08/04 00:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2004/08/04 00:00:00 | 00,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2004/08/04 00:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2004/08/04 00:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2004/08/04 00:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
PRC - [2004/08/04 00:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
PRC - [2004/08/04 00:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
PRC - [2004/08/04 00:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/24 13:34:25 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/04 00:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2009/03/02 16:29:20 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aokces\Desktop\OTListIt2.exe

========== Win32 Services (All) ==========

SRV - [2004/08/04 00:00:00 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alg.exe -- (ALG [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe -- (AppMgmt [On_Demand | Stopped])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/11/26 09:12:08 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Stopped])
SRV - [2005/04/11 05:31:26 | 00,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
SRV - [2004/08/04 00:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\audiosrv.dll -- (AudioSrv [Auto | Stopped])
SRV - [2008/11/26 09:18:46 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Stopped])
SRV - [2008/11/26 09:18:32 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2008/11/26 09:16:23 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\qmgr.dll -- (BITS [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browser.dll -- (Browser [Auto | Running])
SRV - [2007/03/06 10:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv [Disabled | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc [Auto | Running])
SRV - [2005/07/25 20:39:49 | 00,397,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch [Auto | Running])
SRV - [2006/05/19 04:59:41 | 00,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp [Auto | Running])
SRV - [2004/08/04 00:00:00 | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,023,552 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dmserver.dll -- (dmserver [On_Demand | Stopped])
SRV - [2008/02/19 21:32:43 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (Eventlog [Auto | Running])
SRV - [2008/07/07 12:32:22 | 00,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\es.dll -- (EventSystem [On_Demand | Stopped])
SRV - [2006/12/19 13:52:18 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (FastUserSwitchingCompatibility [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/03 23:56:44 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll -- (HidServ [Auto | Stopped])
SRV - [2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe -- (hpqwmi [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ssl.dll -- (HTTPFilter [On_Demand | Stopped])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,150,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imapi.exe -- (ImapiService [Disabled | Stopped])
SRV - [2004/10/13 15:03:54 | 00,327,680 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService [Disabled | Stopped])
SRV - [2004/12/07 11:32:34 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll -- (lanmanserver [Auto | Running])
SRV - [2006/08/17 04:28:27 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll -- (lanmanworkstation [Auto | Running])
SRV - [2005/02/22 15:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll -- (LmHosts [Auto | Running])
SRV - [2006/11/15 21:03:36 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe -- (LVPrcSrv [Auto | Stopped])
SRV - [2006/11/15 21:05:40 | 00,101,152 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Disabled | Stopped])
SRV - [2004/08/04 00:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll -- (Messenger [Disabled | Stopped])
SRV - [2004/08/04 00:00:00 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC [On_Demand | Stopped])
SRV - [2005/05/04 13:45:36 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msiexec.exe -- (MSIServer [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDE [Disabled | Stopped])
SRV - [2004/08/04 00:00:00 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm [Disabled | Stopped])
SRV - [2004/08/04 00:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (Netlogon [On_Demand | Stopped])
SRV - [2005/08/22 10:29:46 | 00,197,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netman.dll -- (Netman [On_Demand | Running])
SRV - [2004/08/04 00:00:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswsock.dll -- (Nla [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc [On_Demand | Stopped])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe -- (PlugPlay [Auto | Running])
SRV - [2008/03/18 21:34:32 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll -- (RasAuto [Auto | Stopped])
SRV - [2006/05/14 00:44:08 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasmans.dll -- (RasMan [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mprdim.dll -- (RemoteAccess [Disabled | Stopped])
SRV - [2004/08/04 00:00:00 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\locator.exe -- (RpcLocator [On_Demand | Stopped])
SRV - [2005/07/25 20:39:49 | 00,397,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcss.dll -- (RpcSs [Auto | Running])
SRV - [2004/08/04 00:00:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsvp.exe -- (RSVP [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe -- (SamSs [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SCardSvr.exe -- (SCardSvr [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,190,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\seclogon.dll -- (seclogon [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sens.dll -- (SENS [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,331,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess [Auto | Running])
SRV - [2006/12/19 13:52:18 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection [Auto | Stopped])
SRV - [2005/06/10 15:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,170,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srsvc.dll -- (srservice [Auto | Running])
SRV - [2004/08/04 00:00:00 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssdpsrv.dll -- (SSDPSRV [On_Demand | Stopped])
SRV - [2006/12/19 10:16:47 | 00,333,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe -- (SwPrv [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog [On_Demand | Stopped])
SRV - [2005/07/08 08:27:56 | 00,249,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tapisrv.dll -- (TapiSrv [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll -- (TermService [On_Demand | Running])
SRV - [2006/12/19 13:52:18 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (Themes [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,090,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks [Auto | Stopped])
SRV - [2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Disabled | Stopped])
SRV - [2007/02/05 12:17:02 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\upnphost.dll -- (upnphost [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ups.exe -- (UPS [On_Demand | Stopped])
SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe -- (usprserv [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,289,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssvc.exe -- (VSS [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\w32time.dll -- (W32Time [Auto | Stopped])
SRV - [2006/01/03 19:35:05 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webclnt.dll -- (WebClient [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\WMIsvc.dll -- (winmgmt [Auto | Running])
SRV - [2006/10/18 20:47:16 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSNSv.dll -- (WmdmPmSN [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Stopped])
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2004/08/04 00:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv [Auto | Stopped])
SRV - [2006/09/28 17:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFSvc.dll -- (WudfSvc [Auto | Stopped])
SRV - [2004/08/04 00:00:00 | 00,359,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsvc.dll -- (WZCSVC [Auto | Running])
SRV - [2004/08/04 00:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprov.dll -- (xmlprov [On_Demand | Stopped])

========== Driver Services (All) ==========

DRV - [2008/11/26 09:15:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Stopped])
DRV - File not found -- -- (Abiosdsk [Disabled | Stopped])
DRV - File not found -- -- (abp480n5 [Disabled | Stopped])
DRV - [2004/08/04 00:00:00 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI [Boot | Running])
DRV - [2004/08/04 00:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys -- (ACPIEC [Boot | Running])
DRV - File not found -- -- (adpu160m [Disabled | Stopped])
DRV - [2006/02/14 16:22:26 | 00,142,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys -- (aec [On_Demand | Stopped])
DRV - [2008/08/14 01:51:43 | 00,138,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD [System | Running])
DRV - File not found -- -- (Aha154x [Disabled | Stopped])
DRV - File not found -- -- (aic78u2 [Disabled | Stopped])
DRV - File not found -- -- (aic78xx [Disabled | Stopped])
DRV - [2001/08/17 07:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/11 15:30:00 | 00,039,424 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Stopped])
DRV - File not found -- -- (amsint [Disabled | Stopped])
DRV - [2004/08/04 00:00:00 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\arp1394.sys -- (Arp1394 [On_Demand | Stopped])
DRV - File not found -- -- (asc [Disabled | Stopped])
DRV - File not found -- -- (asc3350p [Disabled | Stopped])
DRV - File not found -- -- (asc3550 [Disabled | Stopped])
DRV - [2008/11/26 09:17:25 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Stopped])
DRV - [2008/11/26 09:18:18 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Stopped])
DRV - [2008/11/26 09:16:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
DRV - [2008/11/26 09:17:36 | 00,111,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Stopped])
DRV - [2008/11/26 09:16:38 | 00,050,864 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2004/08/04 00:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\asyncmac.sys -- (AsyncMac [On_Demand | Stopped])
DRV - [2004/08/03 16:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - File not found -- -- (Atdisk [Disabled | Stopped])
DRV - [2005/04/11 05:33:52 | 01,035,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\atmarpc.sys -- (Atmarpc [On_Demand | Stopped])
DRV - [2001/08/17 00:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\audstub.sys -- (audstub [On_Demand | Stopped])
DRV - [2005/12/17 17:25:12 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2004/08/04 00:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
DRV - [2004/08/04 00:00:00 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\bridge.sys -- (BRIDGE [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\bridge.sys -- (BridgeMP [On_Demand | Stopped])
DRV - [2005/01/18 08:52:16 | 00,055,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2005/02/18 07:41:18 | 00,038,016 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Stopped])
DRV - [2005/02/18 07:42:02 | 00,349,696 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Stopped])
DRV - File not found -- -- (catchme [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k [Disabled | Stopped])
DRV - [2004/08/03 22:10:18 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\CCDECODE.sys -- (CCDECODE [On_Demand | Stopped])
DRV - File not found -- -- (cd20xrnt [Disabled | Stopped])
DRV - [2004/08/04 00:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio [System | Stopped])
DRV - [2004/08/04 00:00:00 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs [Disabled | Running])
DRV - [2004/08/04 00:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\cdrom.sys -- (Cdrom [System | Running])
DRV - File not found -- -- (Changer [System | Stopped])
DRV - [2004/08/03 10:07:40 | 00,014,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand | Stopped])
DRV - File not found -- -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 00:58:00 | 00,009,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt [Boot | Running])
DRV - File not found -- -- (Cpqarray [Disabled | Stopped])
DRV - File not found -- -- (dac960nt [Disabled | Stopped])
DRV - [2004/08/04 00:00:00 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk [Boot | Running])
DRV - [2004/08/04 00:00:00 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys -- (dmboot [Disabled | Stopped])
DRV - [2004/08/04 00:00:00 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio [Disabled | Stopped])
DRV - [2004/08/04 00:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload [Disabled | Stopped])
DRV - [2004/08/03 22:07:40 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic [On_Demand | Stopped])
DRV - File not found -- -- (dpti2o [Disabled | Stopped])
DRV - [2004/08/03 22:07:58 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud [On_Demand | Stopped])
DRV - [2006/05/12 21:29:57 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
DRV - File not found -- -- (eabfiltr [System | Stopped])
DRV - [2004/08/04 00:00:00 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat [Disabled | Stopped])
DRV - [2004/08/04 00:00:00 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fdc.sys -- (Fdc [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,034,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips [System | Stopped])
DRV - [2004/08/04 00:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\flpydisk.sys -- (Flpydisk [On_Demand | Stopped])
DRV - [2006/08/21 01:14:58 | 00,128,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fltMgr.sys -- (FltMgr [Boot | Running])
DRV - [2004/08/04 00:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk [Boot | Running])
DRV - [2004/09/14 13:38:26 | 00,013,872 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/03/02 10:25:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msgpc.sys -- (Gpc [On_Demand | Running])
DRV - [2008/08/19 17:04:40 | 00,015,440 | ---- | M] (Applied Networking Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2001/08/17 13:02:20 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\hidusb.sys -- (HidUsb [On_Demand | Running])
DRV - File not found -- -- (hpn [Disabled | Stopped])
DRV - [2004/12/15 07:18:30 | 00,200,192 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys -- (HSFHWATI [On_Demand | Stopped])
DRV - [2004/12/15 07:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2006/03/16 16:33:10 | 00,262,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\HTTP.sys -- (HTTP [On_Demand | Stopped])
DRV - File not found -- -- (i2omgmt [System | Stopped])
DRV - File not found -- -- (i2omp [Disabled | Stopped])
DRV - [2004/08/03 23:14:38 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\i8042prt.sys -- (i8042prt [System | Running])
DRV - [2004/08/04 00:00:00 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\imapi.sys -- (Imapi [System | Running])
DRV - File not found -- -- (ini910u [Disabled | Stopped])
DRV - [2004/08/03 16:59:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde [Boot | Running])
DRV - [2004/08/04 00:00:00 | 00,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys -- (Ip6Fw [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ipinip.sys -- (IpInIp [On_Demand | Stopped])
DRV - [2004/09/29 14:28:37 | 00,134,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ipnat.sys -- (IpNat [On_Demand | Running])
DRV - [2004/08/04 00:00:00 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ipsec.sys -- (IPSec [System | Running])
DRV - [2004/08/04 00:00:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irenum.sys -- (IRENUM [On_Demand | Stopped])
DRV - [2001/08/17 07:58:02 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp [Boot | Running])
DRV - [2004/08/03 22:58:34 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\kbdclass.sys -- (Kbdclass [System | Running])
DRV - [2006/06/14 00:47:45 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,092,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD [Boot | Running])
DRV - File not found -- -- (lbrtfdc [System | Stopped])
DRV - [2006/11/15 21:00:56 | 01,678,368 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2006/11/15 21:02:50 | 01,962,912 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2006/11/15 21:03:12 | 00,024,736 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Stopped])
DRV - [2006/11/10 19:48:00 | 00,040,352 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - File not found -- -- (mcdbus [On_Demand | Stopped])
DRV - [2004/03/17 03:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Stopped])
DRV - [2004/08/04 00:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd [System | Stopped])
DRV - [2004/08/04 00:00:00 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\mouclass.sys -- (Mouclass [System | Running])
DRV - [2001/08/17 12:48:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\mouhid.sys -- (mouhid [On_Demand | Running])
DRV - [2004/08/04 00:00:00 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr [Boot | Running])
DRV - File not found -- -- (mraid35x [Disabled | Stopped])
DRV - [2007/12/18 01:51:35 | 00,179,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\mrxdav.sys -- (MRxDAV [On_Demand | Stopped])
DRV - [2008/10/24 03:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\mrxsmb.sys -- (MRxSmb [System | Running])
DRV - [2004/08/04 00:00:00 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs [System | Running])
DRV - [2004/08/03 21:58:42 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV [On_Demand | Stopped])
DRV - [2004/08/03 21:58:40 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK [On_Demand | Stopped])
DRV - [2004/08/03 21:58:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\mssmbios.sys -- (mssmbios [On_Demand | Running])
DRV - [2004/08/03 21:58:40 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,107,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup [Boot | Running])
DRV - [2004/08/03 22:10:30 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys -- (NABTSFEC [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
DRV - [2004/08/03 22:10:14 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NdisIP.sys -- (NdisIP [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ndistapi.sys -- (NdisTapi [On_Demand | Running])
DRV - [2004/08/04 00:00:00 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ndisuio.sys -- (Ndisuio [On_Demand | Running])
DRV - [2004/08/04 00:00:00 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ndiswan.sys -- (NdisWan [On_Demand | Running])
DRV - [2004/08/04 00:00:00 | 00,038,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy [On_Demand | Running])
DRV - [2004/08/04 00:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\netbios.sys -- (NetBIOS [System | Running])
DRV - [2004/08/04 00:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\netbt.sys -- (NetBT [System | Running])
DRV - [2004/08/04 00:00:00 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nic1394.sys -- (NIC1394 [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs [System | Running])
DRV - [2005/01/05 04:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2 [System | Stopped])
DRV - [2007/02/09 03:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
DRV - [2004/08/04 00:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
DRV - [2004/08/04 00:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,061,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394 [Boot | Running])
DRV - [2004/08/04 00:00:00 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\parport.sys -- (Parport [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr [Boot | Running])
DRV - [2004/08/04 00:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm [Disabled | Stopped])
DRV - [2004/08/03 17:07:48 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI [Boot | Running])
DRV - File not found -- -- (PCIDump [System | Stopped])
DRV - [2001/08/17 07:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde [Boot | Running])
DRV - [2004/08/04 00:00:00 | 00,119,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys -- (Pcmcia [Boot | Running])
DRV - File not found -- -- (PDCOMP [On_Demand | Stopped])
DRV - File not found -- -- (PDFRAME [On_Demand | Stopped])
DRV - File not found -- -- (PDRELI [On_Demand | Stopped])
DRV - File not found -- -- (PDRFRAME [On_Demand | Stopped])
DRV - [2006/11/10 19:43:15 | 00,013,344 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Stopped])
DRV - File not found -- -- (perc2 [Disabled | Stopped])
DRV - File not found -- -- (perc2hib [Disabled | Stopped])
DRV - [2006/11/10 19:43:15 | 00,933,536 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\raspptp.sys -- (PptpMiniport [On_Demand | Running])
DRV - [2004/08/27 13:42:45 | 00,035,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\processr.sys -- (Processor [System | Stopped])
DRV - [2004/08/04 00:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\psched.sys -- (PSched [On_Demand | Running])
DRV - [2004/08/04 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/07 15:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - File not found -- -- (ql1080 [Disabled | Stopped])
DRV - File not found -- -- (Ql10wnt [Disabled | Stopped])
DRV - File not found -- -- (ql12160 [Disabled | Stopped])
DRV - File not found -- -- (ql1240 [Disabled | Stopped])
DRV - File not found -- -- (ql1280 [Disabled | Stopped])
DRV - [2004/08/04 00:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rasacd.sys -- (RasAcd [System | Running])
DRV - [2001/08/17 00:51:32 | 00,019,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rasirda.sys -- (Rasirda [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rasl2tp.sys -- (Rasl2tp [On_Demand | Running])
DRV - [2004/08/04 00:00:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\raspppoe.sys -- (RasPppoe [On_Demand | Running])
DRV - [2004/08/04 00:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\raspti.sys -- (Raspti [On_Demand | Running])
DRV - [2006/05/05 01:47:57 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rdbss.sys -- (Rdbss [System | Running])
DRV - [2004/08/04 00:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\RDPCDD.sys -- (RDPCDD [System | Running])
DRV - [2005/06/09 20:09:46 | 00,139,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD [On_Demand | Stopped])
DRV - [2004/08/03 21:59:38 | 00,057,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\redbook.sys -- (redbook [System | Running])
DRV - [2005/03/03 11:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
DRV - [2008/09/03 14:07:14 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
DRV - [2008/09/03 14:07:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2008/09/03 14:07:12 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Stopped])
DRV - [2004/08/04 00:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\sdbus.sys -- (sdbus [On_Demand | Stopped])
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Stopped])
DRV - [2004/08/04 00:00:00 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serenum.sys -- (serenum [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,064,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serial.sys -- (Serial [Boot | Running])
DRV - [2005/03/03 09:53:57 | 00,048,640 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/02/23 07:59:54 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/08/04 00:00:00 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy [System | Stopped])
DRV - File not found -- -- (Simbad [Disabled | Stopped])
DRV - [2004/08/03 22:10:18 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\SLIP.sys -- (SLIP [On_Demand | Stopped])
DRV - [2001/08/17 11:10:28 | 00,035,913 | ---- | M] (SMC) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - File not found -- -- (Sparrow [Disabled | Stopped])
DRV - [2006/06/14 00:47:46 | 00,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter [On_Demand | Stopped])
DRV - [2006/05/12 21:22:44 | 00,642,560 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2004/08/04 00:00:00 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr [Boot | Running])
DRV - [2008/12/11 03:57:21 | 00,333,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\srv.sys -- (Srv [On_Demand | Running])
DRV - [2004/08/03 22:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\StreamIP.sys -- (streamip [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\swenum.sys -- (swenum [On_Demand | Running])
DRV - [2001/08/17 13:00:52 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi [On_Demand | Stopped])
DRV - File not found -- -- (symc810 [Disabled | Stopped])
DRV - File not found -- -- (symc8xx [Disabled | Stopped])
DRV - File not found -- -- (sym_hi [Disabled | Stopped])
DRV - File not found -- -- (sym_u3 [Disabled | Stopped])
DRV - [2005/02/02 03:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2004/08/03 22:15:56 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio [On_Demand | Stopped])
DRV - [2007/10/30 09:20:55 | 00,360,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\tcpip.sys -- (Tcpip [System | Running])
DRV - [2004/08/04 00:00:00 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP [On_Demand | Stopped])
DRV - [2004/08/03 19:01:08 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\termdd.sys -- (TermDD [System | Running])
DRV - File not found -- -- (tifm21 [On_Demand | Stopped])
DRV - File not found -- -- (TosIde [Disabled | Stopped])
DRV - [2004/08/04 00:00:00 | 00,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs [Disabled | Stopped])
DRV - File not found -- -- (ultra [Disabled | Stopped])
DRV - [2004/08/04 00:00:00 | 00,209,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\update.sys -- (Update [On_Demand | Running])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/08/03 23:08:48 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbccgp.sys -- (usbccgp [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
DRV - [2004/08/04 00:00:00 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbhub.sys -- (usbhub [On_Demand | Running])
DRV - [2004/08/03 22:08:38 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbohci.sys -- (usbohci [On_Demand | Running])
DRV - [2004/08/03 22:01:26 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbprint.sys -- (usbprint [On_Demand | Stopped])
DRV - [2004/08/03 21:58:46 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbscan.sys -- (usbscan [On_Demand | Stopped])
DRV - [2004/08/03 22:08:48 | 00,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS -- (USBSTOR [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbuhci.sys -- (usbuhci [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave [System | Running])
DRV - [2004/08/03 16:59:44 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde [Boot | Running])
DRV - [2004/08/04 00:00:00 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap [Boot | Running])
DRV - File not found -- -- (vsdatant [On_Demand | Stopped])
DRV - [2004/08/04 00:00:00 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wanarp.sys -- (Wanarp [On_Demand | Stopped])
DRV - File not found -- -- (WDICA [On_Demand | Stopped])
DRV - [2006/06/14 01:00:45 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud [On_Demand | Stopped])
DRV - [2004/12/15 07:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2004/08/03 10:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wmiacpi.sys -- (WmiAcpi [System | Running])
DRV - [2006/10/18 19:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV - [2004/08/03 22:10:22 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS -- (WSTCODEC [On_Demand | Stopped])
DRV - [2006/09/28 17:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf [Boot | Running])
DRV - [2006/09/28 18:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wudfrd.sys -- (WudfRd [On_Demand | Stopped])

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.0.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/02 13:03:00 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/24 13:34:34 00,000,000 | ---D | M]
FF - C:\Documents and Settings\aokces\Application Data\mozilla\Extensions [2008/09/04 19:13:46 00,000,000 | ---D | M]
FF - C:\Documents and Settings\aokces\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/09/04 19:13:46 00,000,000 | ---D | M]
FF - C:\Documents and Settings\aokces\Application Data\mozilla\Firefox\Profiles\m9z71809.default\extensions [2009/03/02 09:55:08 00,000,000 | ---D | M]
FF - C:\Documents and Settings\aokces\Application Data\mozilla\Firefox\Profiles\m9z71809.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/02/24 11:24:37 00,000,000 | ---D | M]
FF - C:\Documents and Settings\aokces\Application Data\mozilla\Firefox\Profiles\m9z71809.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08} [2009/01/15 17:20:52 00,000,000 | ---D | M]
FF - C:\Documents and Settings\aokces\Application Data\mozilla\Firefox\Profiles\m9z71809.default\extensions\foxmarks@kei.com [2009/02/24 11:24:28 00,000,000 | ---D | M]
FF - C:\Documents and Settings\aokces\Application Data\mozilla\Firefox\Profiles\m9z71809.default\extensions\moveplayer@movenetworks.com [2008/02/15 14:59:17 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions [2009/02/27 11:59:16 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/02/24 13:34:25 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2007/05/20 19:09:34 00,000,000 | ---D | M]
FF - C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2008/10/11 10:34:58 00,000,000 | ---D | M]

O1 HOSTS File: (293486 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10105 more lines...
O2 - BHO: (AcroIEHelperShimObj Class) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe (Motive, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/01 13:50:21 | 01,101,824 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 19:36:09 | 00,002,046 | R--- | M] () - F:\Autorun.csf -- [ CDFS ]
O32 - AutoRun File - [2003/09/01 13:50:21 | 01,101,824 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 19:15:46 | 00,000,027 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5da8b2ea-e710-11dd-a411-00904bf504fc}\Shell - "" = AutoRun
O33 - MountPoints2\{5da8b2ea-e710-11dd-a411-00904bf504fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5da8b2ea-e710-11dd-a411-00904bf504fc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5da8b2ef-e710-11dd-a411-00904bf504fc}\Shell - "" = AutoRun
O33 - MountPoints2\{5da8b2ef-e710-11dd-a411-00904bf504fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5da8b2ef-e710-11dd-a411-00904bf504fc}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8babd840-e505-11dd-a40d-00904bf504fc}\Shell - "" = AutoRun
O33 - MountPoints2\{8babd840-e505-11dd-a40d-00904bf504fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8babd840-e505-11dd-a40d-00904bf504fc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ce907aa4-3d67-11db-bbaa-00c09fba2bc1}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O33 - MountPoints2\{eb460a2a-f47a-11dd-a444-00904bf504fc}\Shell - "" = AutoRun
O33 - MountPoints2\{eb460a2a-f47a-11dd-a444-00904bf504fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb460a2a-f47a-11dd-a444-00904bf504fc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[2009/03/02 16:29:16 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aokces\Desktop\OTListIt2.exe
[2009/03/02 16:08:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/03/02 16:07:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/03/02 16:07:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aokces\Desktop\Dial-a-fix-v0.60.0.24
[2009/03/02 12:18:42 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/02 10:25:07 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/03/02 10:25:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/03/02 10:25:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/03/02 10:25:04 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/02 10:25:04 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/03/02 10:05:00 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\aokces\My Documents\Open your Malwarebytes.doc
[2009/03/01 09:47:10 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\aokces\My Documents\The Will to Dream.doc
[2009/02/27 18:08:30 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/27 14:29:50 | 00,000,210 | ---- | C] () -- C:\Boot.bak
[2009/02/27 14:29:43 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/02/27 14:29:40 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/02/27 14:27:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/02/27 14:27:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/02/27 14:27:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/02/27 14:27:35 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/02/27 14:27:35 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/02/27 14:27:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/02/27 14:27:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/27 14:27:35 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/02/27 14:27:35 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/02/27 14:27:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/02/27 14:27:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/02/27 14:17:11 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/02/27 10:01:19 | 00,000,000 | ---D | C] -- C:\rsit
[2009/02/26 11:48:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aokces\My Documents\Res
[2009/02/25 14:43:39 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/02/25 14:43:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aokces\My Documents\a-squared Free
[2009/02/24 12:23:49 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\aokces\My Documents\RN.doc
[2009/02/18 12:13:47 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\aokces\My Documents\Norwalk Census Bureau.doc
[2009/02/16 11:26:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aokces\Desktop\Grrr
[2009/02/14 10:54:22 | 00,122,880 | ---- | C] () -- C:\Documents and Settings\aokces\My Documents\Tactics.doc
[2009/02/13 10:14:06 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/11 15:43:13 | 00,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/02/10 09:57:32 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\aokces\My Documents\phone list.xls
[2009/02/07 22:07:22 | 00,000,610 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/02/07 21:53:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aokces\Local Settings\Application Data\TechSmith
[2009/02/07 21:34:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aokces\My Documents\Camtasia Studio
[2009/02/07 21:17:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2009/02/06 19:19:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aokces\Application Data\.freeciv
[2009/02/06 19:16:22 | 00,007,564 | ---- | C] () -- C:\Documents and Settings\aokces\Application Data\.civclientrc
[2009/02/06 19:16:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aokces\Application Data\.ggz
[2009/02/06 11:30:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aokces\Application Data\U3
[2009/02/05 13:31:22 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/02/05 13:20:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aokces\Application Data\Malwarebytes
[2009/02/05 13:20:02 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/05 13:20:00 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/05 13:19:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/05 13:19:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/05 12:14:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/04 15:41:32 | 00,107,864 | ---- | C] (TechSmith Corporation) -- C:\WINDOWS\System32\tsccvid.dll
[2009/02/04 15:41:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime

========== Files - Modified Within 30 Days ==========

[18 C:\WINDOWS\System32\*.tmp files]
[2009/03/02 16:29:20 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aokces\Desktop\OTListIt2.exe
[2009/03/02 16:22:15 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/02 16:20:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/02 16:10:10 | 01,090,576 | -H-- | M] () -- C:\Documents and Settings\aokces\Local Settings\Application Data\IconCache.db
[2009/03/02 16:09:38 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/03/02 16:09:38 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/03/02 12:18:42 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/02 10:25:07 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/03/02 10:25:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/03/02 10:25:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/03/02 10:25:04 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/03/02 10:12:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/02 10:05:00 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\aokces\My Documents\Open your Malwarebytes.doc
[2009/03/01 22:33:54 | 00,138,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/03/01 22:33:36 | 00,201,440 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/03/01 21:46:25 | 00,000,091 | ---- | M] () -- C:\WINDOWS\CIV.INI
[2009/03/01 18:51:46 | 00,077,856 | ---- | M] () -- C:\Documents and Settings\aokces\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/01 10:19:32 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\aokces\My Documents\The Will to Dream.doc
[2009/02/28 19:10:49 | 00,217,088 | ---- | M] () -- C:\Documents and Settings\aokces\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/28 10:40:21 | 00,348,408 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/02/27 14:33:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/27 14:29:51 | 00,000,281 | -H-- | M] () -- C:\boot.ini
[2009/02/25 10:06:02 | 00,000,210 | ---- | M] () -- C:\Boot.bak
[2009/02/25 10:06:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/24 15:11:52 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\aokces\My Documents\RN.doc
[2009/02/22 20:19:22 | 00,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/21 19:23:21 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/02/18 12:45:56 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\aokces\My Documents\Norwalk Census Bureau.doc
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/10 17:08:00 | 00,293,486 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/02/07 22:08:35 | 00,000,610 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2009/02/07 21:17:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\muveeapp.INI
[2009/02/06 20:39:17 | 00,007,564 | ---- | M] () -- C:\Documents and Settings\aokces\Application Data\.civclientrc
[2009/02/05 13:31:22 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/02/05 12:14:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/02/04 17:09:21 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/02/02 10:14:44 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/01/31 18:38:04 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\aokces\My Documents\Rate.xls

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\ForceBindIP.exe:SummaryInformation
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\ForceBindIP.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
< End of report >

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:49 PM

Posted 03 March 2009 - 04:04 AM

While I'm going to look the log over just a quick question and response to your question.

(1)The computer does not freeze when I try to update on IE. The message is "[Error number: 0x8007043C]
The website has encountered a problem and cannot display the page you are trying to view. (2)" Do i have to have Automatic Updates on for this to work? Unfortunately I cannot turn it on in safe mode (from services), and cannot go online in normal mode.

(3)Since the problem doesn't seem to be Malware related, are you suggesting some form of reformatting?

1. To make it clear you did this in normal mode didn't? Note that all the activities should be done in normal mode unless specifically mentioned safe mode. If you did it in normal mode does it mean the freezing when you use IE doesn't happen any more?
2. No need for automatic update.
3. No I'm not. Could you try to find it.

FYI: Trying to update has two functions: First we get IE going without crashing and that will resolve your initial problem. Second if we get connected to MS server and will be able to update, it means checking security signatures needed for updating Windows, IE or other third party software will be done without interruption. Updating Windows or IE is not our immediate aim. Succeeding here means resolving your problem.

Edited by farbar, 03 March 2009 - 04:06 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users