Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! What do with these HiJack logs...


  • This topic is locked This topic is locked
2 replies to this topic

#1 mickweaver

mickweaver

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 04 May 2009 - 11:52 AM

As in other posts I have red, below are the logs from the different programs...

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-04 14:18:42
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwConnectPort [0xB14250D2]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateFile [0xB1427302]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreatePort [0xB142502C]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateSection [0xB1425AAE]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteFile [0xB1426CB0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteKey [0xB1425EC0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteValueKey [0xB1425DDA]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenSection [0xB14259E0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetContextThread [0xB1424BB4]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetInformationFile [0xB1426DE0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetValueKey [0xB142526A]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwShutdownSystem [0xB1425FA0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwTerminateProcess [0xB1424F66]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFile [0xB142714A]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFileGather [0xB1426FB4]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Comodo\Firewall\CPF.exe[740] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Comodo\Firewall\CPF.exe[740] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [05, 5F]
.text C:\Program Files\Comodo\Firewall\CPF.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [BA10B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BA10B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BA10B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BA10B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BA10B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BA10B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BA10B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BA10B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BA10B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BA10B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BA10B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BA10B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BA10B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BA10B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BA10B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BA10B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BA10B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BA10B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA10B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BA10B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BA10B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BA10B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BA10B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BA10B910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BA10B950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BA10B6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BA10B730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\svchost.exe[408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004050E0
IAT C:\WINDOWS\system32\svchost.exe[408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040502C
IAT C:\WINDOWS\system32\svchost.exe[408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404FC7
IAT C:\WINDOWS\system32\svchost.exe[408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404F95
IAT C:\WINDOWS\system32\svchost.exe[408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405399
IAT C:\WINDOWS\system32\svchost.exe[408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\WINDOWS\system32\svchost.exe[408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\WINDOWS\system32\svchost.exe[408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405399
IAT C:\WINDOWS\system32\svchost.exe[408] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\WINDOWS\system32\svchost.exe[408] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004050E0
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013502C
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134FC7
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134F95
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[440] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[440] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[440] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[440] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[440] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[440] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013502C
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134FC7
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134F95
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[460] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[460] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[460] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[460] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\Program Files\Bonjour\mDNSResponder.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\Program Files\Bonjour\mDNSResponder.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013502C
IAT C:\Program Files\Bonjour\mDNSResponder.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134FC7
IAT C:\Program Files\Bonjour\mDNSResponder.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134F95
IAT C:\Program Files\Bonjour\mDNSResponder.exe[488] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\Program Files\Bonjour\mDNSResponder.exe[488] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\Program Files\Bonjour\mDNSResponder.exe[488] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\Program Files\Bonjour\mDNSResponder.exe[488] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\Program Files\Bonjour\mDNSResponder.exe[488] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\Program Files\Bonjour\mDNSResponder.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\WINDOWS\system32\svchost.exe[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004050E0
IAT C:\WINDOWS\system32\svchost.exe[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040502C
IAT C:\WINDOWS\system32\svchost.exe[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404FC7
IAT C:\WINDOWS\system32\svchost.exe[532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404F95
IAT C:\WINDOWS\system32\svchost.exe[532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405399
IAT C:\WINDOWS\system32\svchost.exe[532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\WINDOWS\system32\svchost.exe[532] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\WINDOWS\system32\svchost.exe[532] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405399
IAT C:\WINDOWS\system32\svchost.exe[532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\WINDOWS\system32\svchost.exe[532] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004050E0
IAT C:\Program Files\Comodo\Firewall\cmdagent.exe[640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\Program Files\Comodo\Firewall\cmdagent.exe[640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013502C
IAT C:\Program Files\Comodo\Firewall\cmdagent.exe[640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134FC7
IAT C:\Program Files\Comodo\Firewall\cmdagent.exe[640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134F95
IAT C:\Program Files\Comodo\Firewall\cmdagent.exe[640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\Program Files\Comodo\Firewall\cmdagent.exe[640] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\Program Files\Comodo\Firewall\cmdagent.exe[640] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\Program Files\Comodo\Firewall\cmdagent.exe[640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\Program Files\Comodo\Firewall\cmdagent.exe[640] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\Program Files\Comodo\Firewall\cmdagent.exe[640] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00DE50E0
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00DE50E0
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00DE502C
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00DE4FC7
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00DE4F95
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00DE50E0
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00DE564B
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00DE5399
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00DE564B
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00DE5399
IAT C:\WINDOWS\system32\services.exe[736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00DE564B
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CC50E0
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CC502C
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CC4FC7
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CC4F95
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00CC502C
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CC50E0
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00CC502C
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00CC4FC7
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00CC5399
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00CC564B
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00CC564B
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00CC5399
IAT C:\WINDOWS\system32\lsass.exe[748] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00CC564B
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00A54F95
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B150E0
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B1502C
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B14FC7
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B14F95
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00B15399
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00B1564B
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00B1564B
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B15399
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00B1564B
IAT C:\WINDOWS\system32\svchost.exe[1024] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00B150E0
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013502C
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134FC7
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134F95
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1076] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1076] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1076] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1076] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1076] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00A650E0
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00A6502C
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00A64FC7
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00A64F95
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1116] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00A6564B
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1116] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00A65399
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1116] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00A6564B
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1116] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00A65399
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1116] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00A6564B
IAT C:\Program Files\Windows Defender\MsMpEng.exe[1116] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00A650E0
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 016350E0
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0163502C
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01634FC7
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01634F95
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 01635399
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0163564B
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0163564B
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01635399
IAT C:\WINDOWS\System32\svchost.exe[1164] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0163564B
IAT C:\WINDOWS\System32\svchost.exe[1164] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 016350E0
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004050E0
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040502C
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404FC7
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404F95
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405399
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405399
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\WINDOWS\system32\svchost.exe[1276] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004050E0
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013502C
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134FC7
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134F95
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1864] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1864] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1864] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1864] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1864] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1864] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0013502C
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134FC7
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134F95
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1868] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1868] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1868] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1868] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001350E0
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1868] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135399
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1868] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013564B
IAT C:\WINDOWS\System32\alg.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004050E0
IAT C:\WINDOWS\System32\alg.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040502C
IAT C:\WINDOWS\System32\alg.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404FC7
IAT C:\WINDOWS\System32\alg.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404F95
IAT C:\WINDOWS\System32\alg.exe[2288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405399
IAT C:\WINDOWS\System32\alg.exe[2288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\WINDOWS\System32\alg.exe[2288] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004050E0
IAT C:\WINDOWS\System32\alg.exe[2288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\WINDOWS\System32\alg.exe[2288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405399
IAT C:\WINDOWS\System32\alg.exe[2288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\PROGRA~1\MICROS~2\rapimgr.exe[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004050E0
IAT C:\PROGRA~1\MICROS~2\rapimgr.exe[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 0040502C
IAT C:\PROGRA~1\MICROS~2\rapimgr.exe[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404FC7
IAT C:\PROGRA~1\MICROS~2\rapimgr.exe[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404F95
IAT C:\PROGRA~1\MICROS~2\rapimgr.exe[2616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\PROGRA~1\MICROS~2\rapimgr.exe[2616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405399
IAT C:\PROGRA~1\MICROS~2\rapimgr.exe[2616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040564B
IAT C:\PROGRA~1\MICROS~2\rapimgr.exe[2616] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004050E0
IAT C:\PROGRA~1\MICROS~2\rapimgr.exe[2616] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405399
IAT C:\PROGRA~1\MICROS~2\rapimgr.exe[2616] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040564B

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat ADEC2D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3c211359
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3c211359@002345eb108f 0x33 0xB9 0x6B 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3c211359@0021fb90ee27 0x58 0x25 0xAA 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000d3c211359
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000d3c211359@002345eb108f 0x33 0xB9 0x6B 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000d3c211359@0021fb90ee27 0x58 0x25 0xAA 0x4C ...

---- EOF - GMER 1.0.15 ----




OTViewIt logfile created on: 04/05/2009 14:25:19 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\UserXP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.55% Memory free
3.85 Gb Paging File | 3.30 Gb Available in Paging File | 85.68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.56 Gb Total Space | 80.44 Gb Free Space | 56.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 124.36 Gb Free Space | 53.40% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRIVE-3F773DE96
Current User Name: UserXP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/09/29 03:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2007/09/29 03:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2009/05/02 16:38:55 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2009/02/23 15:54:11 | 00,361,040 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cmdagent.exe
[2009/02/23 15:54:11 | 01,115,728 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cpf.exe
[2008/04/14 14:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/05/02 16:39:03 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2009/05/02 13:22:23 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/05/02 13:22:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2009/02/23 17:41:14 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
[2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
[2009/05/02 16:39:09 | 00,486,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/05/02 16:39:00 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
[2008/10/16 15:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/02/28 06:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/05/04 14:25:14 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserXP\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/09/29 03:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2009/05/02 16:38:55 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2009/02/23 15:54:11 | 00,361,040 | ---- | M] (COMODO) -- C:\Program Files\Comodo\Firewall\cmdagent.exe -- (CmdAgent [Auto | Running])
[2009/04/25 17:08:09 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2009/05/02 13:22:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2009/04/28 18:28:02 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2006/08/18 14:52:00 | 04,017,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running])
[2007/04/16 22:46:00 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM [System | Running])
[2007/09/29 04:06:00 | 02,456,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2009/05/02 16:39:09 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/05/02 16:39:09 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/05/02 16:38:58 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2008/04/14 01:16:34 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BthEnum.sys -- (BthEnum [On_Demand | Stopped])
[2008/04/14 01:21:36 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008/06/13 13:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/14 01:16:30 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Stopped])
[2009/02/23 15:54:12 | 00,075,520 | ---- | M] (Comodo Research Lab., Inc.) -- C:\WINDOWS\system32\drivers\cmdmon.sys -- (CmdMon [System | Running])
[2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2009/02/23 15:54:12 | 00,051,328 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect [Boot | Running])
[2009/04/28 18:28:09 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd [Boot | Running])
[2004/04/02 16:40:00 | 00,021,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [Boot | Running])
[2009/02/23 17:56:55 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2008/04/14 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/04/14 01:16:34 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2005/10/27 16:06:30 | 00,356,096 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61 [On_Demand | Stopped])
[2008/04/14 14:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2009/03/06 00:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2006/11/06 19:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
[2007/12/06 10:51:00 | 00,285,952 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=https://webmail.blueyonder.co.uk/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.google.com

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=https://webmail.blueyonder.co.uk/

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (305826 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
10530 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{46B35542-A3CF-4cca-9C0B-259DB2FFF078} (HKLM) -- File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" /background (COMODO)
"EPSON Stylus Photo R240 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240" (SEIKO EPSON CORPORATION)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=E0 FF FF 03 [binary data]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1
"DisableTaskMgr"=0
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=E0 FF FF 03 [binary data]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=E0 FF FF 03 [binary data]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=E0 FF FF 03 [binary data]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=E0 FF FF 03 [binary data]

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=181
"NoDriveAutoRun"=E0 FF FF 03 [binary data]

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"EnableProfileQuota"=1
"DisableTaskMgr"=0
"DisableRegistryTools"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: Create Mobile Favorite -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006/11/13 14:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: Create Mobile Favorite... -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006/11/13 14:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/14 14:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 14:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/11/13 14:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 14:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 14:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 14:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/11/13 14:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/11/13 14:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 14:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/C/0...heckControl.cab -- Windows Genuine Advantage Validation Tool
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{238F6F83-B8B4-11CF-8771-00A024541EE3}: https://eu.webapps.halcrow.com/CitrixSessio...AWEB/icaweb.cab -- Citrix ICA Client
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab -- Symantec AntiVirus scanner
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1235340631671 -- WUWebControl Class
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13

========== (O17) DNS Name Servers ==========

{0D768A53-9CDB-4DCA-A760-C8FB3AFCAEED} (Servers: | Description: Linksys Wireless-G PCI Adapter)
{102FAE8E-5377-43D6-852D-F5C58F2F509A} (Servers: | Description: )
{5EE5DAC9-793D-45E4-BD0B-ED70D3874118} (Servers: | Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit32.exe,
>File not found -- C:\WINDOWS\system32\userinit32.exe


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2009/02/22 23:14:55 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45a33b58-0c24-11de-a507-00148526acec}\Shell\AutoRun\command]
""=G:\RECYCLER\recycld.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45a33b58-0c24-11de-a507-00148526acec}\Shell\open\command]
""=G:\RECYCLER\recycld.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a89f71e-01c0-11de-a4d3-00148526acec}\Shell\AutoRun\command]
""=WDSetup.exe

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/04 14:24:57 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\UserXP\Desktop\OTViewIt.exe
[2009/05/04 13:39:09 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\e06zjv4s.exe
[2009/05/04 09:47:03 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\t55ft2692f44.dat
[2009/05/02 17:44:52 | 00,000,819 | ---- | C] () -- C:\Documents and Settings\UserXP\Desktop\Windows Live Messenger.lnk
[2009/05/02 15:28:06 | 00,000,000 | R--D | C] -- C:\Documents and Settings\UserXP\Desktop\Security
[2009/05/02 15:27:25 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/02 15:27:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/05/02 13:23:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/05/02 13:22:19 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/05/02 13:21:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Application Data\Sun
[2009/05/02 13:07:40 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/05/02 12:57:57 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/04/30 16:20:54 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/30 16:17:41 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/04/28 18:34:37 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/28 18:28:21 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/28 18:27:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/04/28 18:27:00 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/28 18:27:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/28 13:35:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/04/28 13:26:20 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/04/28 13:22:31 | 00,130,496 | ---- | C] () -- C:\Documents and Settings\UserXP\My Documents\cc_20090428_132224.reg
[2009/04/28 13:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/28 12:42:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/04/28 12:41:19 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/04/28 12:41:19 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/04/28 12:39:59 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/04/27 21:52:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/04/27 11:17:04 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\inform.dat
[2009/04/27 11:17:04 | 00,013,733 | ---- | C] () -- C:\WINDOWS\System32\pemz
[2009/04/24 21:23:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Local Settings\Application Data\VirginMedia
[2009/04/24 21:23:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VirginMedia
[2009/04/15 11:04:29 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/13 15:48:42 | 00,009,662 | ---- | C] () -- C:\WINDOWS\EPISME00.SWB
[2009/04/07 14:29:39 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/07 14:29:36 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/07 14:29:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/04 14:25:30 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/04 14:25:14 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserXP\Desktop\OTViewIt.exe
[2009/05/04 14:22:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/04 14:22:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/04 14:22:16 | 21,470,12608 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/04 13:39:21 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\e06zjv4s.exe
[2009/05/04 13:03:32 | 35,736,275 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/05/04 13:03:32 | 00,047,865 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/05/04 09:47:03 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\t55ft2692f44.dat
[2009/05/02 21:48:01 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/02 21:48:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/02 21:48:01 | 00,000,211 | ---- | M] () -- C:\boot.ini
[2009/05/02 17:44:52 | 00,000,819 | ---- | M] () -- C:\Documents and Settings\UserXP\Desktop\Windows Live Messenger.lnk
[2009/05/02 16:39:09 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/05/02 16:39:09 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/05/02 16:39:09 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/05/02 16:38:58 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/05/02 16:25:26 | 00,305,826 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/02 12:58:33 | 00,000,211 | ---- | M] () -- C:\boot.ini.comodofirewall
[2009/05/02 12:57:57 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/05/01 14:00:53 | 00,145,920 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/30 16:16:17 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/28 18:28:14 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/28 18:28:09 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/28 14:26:31 | 00,109,240 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/28 13:39:52 | 00,000,077 | -HS- | M] () -- C:\Documents and Settings\UserXP\My Documents\desktop.ini
[2009/04/28 13:37:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/28 13:28:31 | 00,380,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/28 13:22:54 | 00,130,496 | ---- | M] () -- C:\Documents and Settings\UserXP\My Documents\cc_20090428_132224.reg
[2009/04/27 11:17:04 | 00,059,392 | ---- | M] () -- C:\WINDOWS\System32\inform.dat
[2009/04/27 11:17:04 | 00,013,733 | ---- | M] () -- C:\WINDOWS\System32\pemz
[2009/04/17 22:38:03 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/15 12:08:19 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 12:08:19 | 00,311,912 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 12:08:19 | 00,040,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/14 21:37:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/13 15:48:43 | 00,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2009/04/06 16:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >



OTViewIt Extras logfile created on: 04/05/2009 14:25:19 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\UserXP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.55% Memory free
3.85 Gb Paging File | 3.30 Gb Available in Paging File | 85.68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.56 Gb Total Space | 80.44 Gb Free Space | 56.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 124.36 Gb Free Space | 53.40% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRIVE-3F773DE96
Current User Name: UserXP
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 14:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 13:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 14:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 14:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 13:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 14:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2009/02/23 17:41:14 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2009/02/17 21:10:02 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2009/05/02 16:36:04 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/05/02 16:39:00 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 04:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/05/02 16:39:00 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 19:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 04:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 19:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/02/23 19:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2009/04/25 17:06:26 | 00,470,512 | ---- | M] (Google Inc.) C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll x-sdch:{B1759355-3EEC-4C1E-B0F1-B719FE26E377} (HKLM) [Google Dictionary Compression filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}"=Windows Live Messenger
"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}"=Serif PagePlus SE 1.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}"=Java™ 6 Update 13
"{3B4E636E-9D65-4D67-BA61-189800823F52}"=Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}"=Windows Live Sign-in Assistant
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}"=iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{71CFAF42-86B8-4468-97A8-2C78CD8F08DE}"=OpenOffice.org 3.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}"=Choice Guard
"{90110409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}"=Microsoft ActiveSync
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI
"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}"=Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B5DDA2D8-111C-4B53-890C-67B68D7A859A}_is1"=Next Video iPod Converter 2.0.0
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1"=ConvertXtoDVD 2.2.3.258g
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}"=Windows Live Essentials
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}"=Marvell Miniport Driver
"{DE5BFF9C-84D1-4B09-9C20-54633044CB85}"=Watchtower Library 2008 - English
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}"=Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01"=Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}"=Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"Ad-Aware"=Ad-Aware
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 6 FREE_is1"=Ashampoo Burning Studio 6 FREE
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG 8.5
"CCleaner"=CCleaner (remove only)
"Citrix ICA Web Client"=Citrix Presentation Server Web Client for Win32
"COMODO Firewall Pro"=COMODO Firewall Pro
"Corel Uninstaller"=Corel Uninstaller
"EPSON Printer and Utilities"=EPSON Printer Software
"ESPR240 User's Guide"=ESPR240 User's Guide
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"KLiteCodecPack_is1"=K-Lite Codec Pack 4.0.0 (Full)
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"RealPlayer 6.0"=RealPlayer
"VLC media player"=VLC media player 0.9.8a
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinLiveSuite_Wave3"=Windows Live Essentials
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-1229272821-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/04/2009 08:27:41 | Computer Name = PRIVE-3F773DE96 | Source = Application Hang | ID = 1001
Description = Fault bucket 1203548446.

Error - 28/04/2009 12:02:04 | Computer Name = PRIVE-3F773DE96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/04/2009 12:27:39 | Computer Name = PRIVE-3F773DE96 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 28/04/2009 14:00:42 | Computer Name = PRIVE-3F773DE96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/04/2009 14:01:03 | Computer Name = PRIVE-3F773DE96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/05/2009 09:56:47 | Computer Name = PRIVE-3F773DE96 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module jscript.dll, version 5.7.0.18066, fault address 0x00020c73.

Error - 03/05/2009 11:00:51 | Computer Name = PRIVE-3F773DE96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/05/2009 11:01:45 | Computer Name = PRIVE-3F773DE96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/05/2009 13:00:30 | Computer Name = PRIVE-3F773DE96 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/05/2009 08:20:40 | Computer Name = PRIVE-3F773DE96 | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.21.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 03/05/2009 10:30:48 | Computer Name = PRIVE-3F773DE96 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 03/05/2009 11:22:41 | Computer Name = PRIVE-3F773DE96 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 03/05/2009 12:56:53 | Computer Name = PRIVE-3F773DE96 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 04/05/2009 03:42:31 | Computer Name = PRIVE-3F773DE96 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00148526ACEC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 04/05/2009 03:42:45 | Computer Name = PRIVE-3F773DE96 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 04/05/2009 06:42:08 | Computer Name = PRIVE-3F773DE96 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00148526ACEC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 04/05/2009 06:42:36 | Computer Name = PRIVE-3F773DE96 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 04/05/2009 06:46:34 | Computer Name = PRIVE-3F773DE96 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 04/05/2009 07:01:06 | Computer Name = PRIVE-3F773DE96 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 04/05/2009 08:22:49 | Computer Name = PRIVE-3F773DE96 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type


< End of report >


Thanks in advance...

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,960 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:34 PM

Posted 17 May 2009 - 04:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,960 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:34 PM

Posted 26 May 2009 - 12:35 AM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users