Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help - cannot run cmd.exe, google redirect - suspect malware


  • This topic is locked This topic is locked
11 replies to this topic

#1 ACha

ACha

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 21 May 2009 - 06:28 PM

Hi I think I have a malware in my system. I just discovered this forum, and would greatly appreciate help to solve this problem. Many thanks in advance.

I have noticed the following symptons in the last few days:
- not able to run cmd.exe (the task bar goes blank for a few seconds and Window Explorer closes)
- the "path" on my environment variables have been modified slightly with my network paths removed
- clicking google search results being redirected to other sites
- not able to go to mcafee.com in IE7: shows "The webiste is unable to display the wepage (HTTP501/HTTP505)"
- WM player taking much longer to start

The followng is the logfile from HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:01 PM, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1106076999781
O17 - HKLM\System\CCS\Services\Tcpip\..\{86DD8E2A-6126-4BB8-895F-62D5367FE33E}: NameServer = 209.202.110.120,209.202.110.121
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12673 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:09 AM

Posted 21 May 2009 - 07:02 PM

Hi ACha,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Type or copy and paste in the Custom Scans/Fixes section: drivers32
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#3 ACha

ACha
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 22 May 2009 - 12:03 PM

Hi Farbar,

Thank you kindly for your help. Here are the two reports:


OTL logfile created on: 22/05/2009 9:30:41 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1014.07 Mb Total Physical Memory | 501.64 Mb Available Physical Memory | 49.47% Memory free
1.64 Gb Paging File | 1.17 Gb Available in Paging File | 71.71% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.57 Gb Total Space | 22.14 Gb Free Space | 30.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 4.50 Gb Total Space | 2.39 Gb Free Space | 53.12% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 232.88 Gb Total Space | 33.44 Gb Free Space | 14.36% Space Free | Partition Type: NTFS

Computer Name: ACHAU
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 60 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 01:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
PRC - [2004/02/25 07:04:16 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2003/09/15 16:15:08 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/11/12 14:46:34 | 00,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2003/12/11 03:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe
PRC - [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2005/04/04 19:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2003/09/03 19:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
PRC - [2004/10/12 15:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/09/14 07:50:48 | 00,053,248 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
PRC - [2005/02/09 13:00:23 | 00,331,776 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2004/11/16 02:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2005/04/04 19:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2008/04/23 02:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
PRC - [2007/01/09 22:59:52 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/11 15:02:27 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/05/22 09:25:44 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/11/16 12:15:38 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [Auto | Running])
SRV - [2004/02/25 07:04:16 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2003/09/15 16:15:08 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/01/12 20:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/11/17 22:12:14 | 00,118,784 | ---- | M] (Alex Feinman) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper [On_Demand | Stopped])
SRV - [2007/01/14 00:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/01/09 22:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2003/12/17 12:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2004/04/15 20:59:42 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2003/11/12 14:46:34 | 00,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher [Auto | Running])
SRV - [2003/12/11 03:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc [Auto | Running])
SRV - [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2008/03/11 15:02:27 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
SRV - [2008/01/29 16:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist [On_Demand | Stopped])
SRV - [2007/01/05 01:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2003/09/15 15:44:40 | 00,021,861 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\DRIVERS\btaudio.sys -- (BtAudio [On_Demand | Running])
DRV - [2003/09/15 15:46:56 | 00,030,235 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])
DRV - [2003/09/17 07:42:00 | 01,258,154 | R--- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [Boot | Running])
DRV - [2003/09/15 15:59:04 | 00,022,183 | ---- | M] () -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
DRV - [2003/09/15 15:58:34 | 00,222,876 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP [Auto | Running])
DRV - [2003/09/17 07:37:00 | 00,041,315 | R--- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys -- (btwhid [On_Demand | Running])
DRV - [2003/09/15 15:44:06 | 00,051,848 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2004/02/10 14:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2008/09/02 01:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2008/09/02 01:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2006/03/23 20:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/02 17:37:48 | 00,005,504 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv [Boot | Running])
DRV - [2004/03/02 17:37:50 | 00,125,184 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv [Boot | Running])
DRV - [2004/03/05 21:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/05 21:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/06/15 21:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2003/10/07 17:51:00 | 00,022,356 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Running])
DRV - [2003/10/07 17:51:00 | 00,022,536 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidPPKE.Sys -- (LHidPPKE [On_Demand | Running])
DRV - [2003/10/07 17:51:00 | 00,072,164 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/05 21:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2008/12/17 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090206.007\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2008/12/17 02:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090206.007\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 12:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/05/07 18:00:00 | 00,090,357 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\P1130Vid.sys -- (P1130VID [On_Demand | Stopped])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/02 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2005/11/23 18:18:28 | 00,055,168 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\sdcplh.sys -- (sdcplh [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2004/04/09 11:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2007/01/03 08:05:02 | 00,417,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2008/10/03 14:14:08 | 00,012,848 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2009/01/05 19:58:08 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2008/10/03 14:14:10 | 00,146,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2008/10/03 14:14:10 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2008/09/12 00:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090129.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2006/11/09 15:03:51 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2008/10/03 14:14:10 | 00,035,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2008/10/03 14:14:10 | 00,027,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2008/10/03 14:14:10 | 00,187,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2004/11/16 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,086,554 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/11/16 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2003/01/10 15:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-871413776-1219651466-323528162-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-871413776-1219651466-323528162-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-871413776-1219651466-323528162-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-871413776-1219651466-323528162-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-871413776-1219651466-323528162-1006\S-1-5-21-871413776-1219651466-323528162-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/13 09:27:50 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-871413776-1219651466-323528162-1006..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-871413776-1219651466-323528162-1006..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\kem.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1106076999781 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{86DD8E2A-6126-4BB8-895F-62D5367FE33E}\\NameServer = 209.202.110.120,209.202.110.121
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTServ: DllName - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll (Logitech Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/19 12:29:54 | 00,000,051 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.SYD -- [ NTFS ]
O33 - MountPoints2\{334b7a8f-b0e8-11dd-af22-00038a000015}\Shell\Shell00\Command - "" = F:\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/22 09:28:09 | 00,000,000 | R--D | M]
Drivers32: aux - C:\WINDOWS\system32\..\prbcg.ovw ()
Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\system32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\system32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\system32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\system32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\system32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.X264 - C:\WINDOWS\system32\x264vfw.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\system32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\system32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 60 Days ==========

[1 C:\*.tmp files]
[2009/05/22 09:28:29 | 00,000,609 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\OTL.exe.lnk
[2009/05/22 09:25:36 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2009/05/21 14:27:07 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\HijackThis.lnk
[2009/05/21 14:27:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/08 15:17:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Alex\Application Data\Brother
[2009/05/08 14:47:33 | 00,511,075 | ---- | C] () -- C:\Documents and Settings\Alex\My Documents\smart_24hrs_may.pdf
[2009/05/06 16:20:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\ScanSoft
[2009/05/06 16:20:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\My Documents\My PaperPort Documents
[2009/05/06 16:20:08 | 00,000,062 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/05/06 15:11:37 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/06 15:11:12 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serscan.sys
[2009/05/06 15:11:12 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2009/05/06 15:10:58 | 00,001,104 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/05/06 15:10:58 | 00,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/05/06 15:10:58 | 00,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD8460N.DAT
[2009/05/06 15:10:24 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/05/06 15:10:23 | 00,118,784 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/05/06 15:10:23 | 00,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
[2009/05/06 15:10:23 | 00,069,632 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
[2009/05/06 15:10:23 | 00,024,223 | ---- | C] (brother Industries Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
[2009/05/06 15:10:23 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/05/06 15:10:22 | 00,052,224 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\brinsstr.dll
[2009/05/06 15:10:12 | 00,188,416 | ---- | C] (brother) -- C:\WINDOWS\System32\PDRVINST.DLL
[2009/05/06 15:10:12 | 00,086,016 | ---- | C] (brother) -- C:\WINDOWS\System32\BrWebIns.dll
[2009/05/06 15:10:12 | 00,069,632 | ---- | C] (brother) -- C:\WINDOWS\System32\BRWEBUP.EXE
[2009/05/06 15:10:11 | 00,054,784 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrNetSti.dll
[2009/05/06 15:10:11 | 00,034,816 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\BrWiaNCp.dll
[2009/05/06 15:10:11 | 00,033,280 | ---- | C] (Brother Industries,Ltd) -- C:\WINDOWS\System32\Brnsplg.dll
[2009/05/06 15:10:07 | 01,491,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia05c.dll
[2009/05/06 15:10:01 | 00,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.BMP
[2009/05/06 15:10:01 | 00,000,000 | ---D | C] -- C:\Brother
[2009/05/06 15:09:58 | 00,163,840 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2009/05/06 15:09:58 | 00,126,976 | ---- | C] (Brother Industries,LTD) -- C:\WINDOWS\System32\BrfxD05a.dll
[2009/05/06 15:09:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/05/06 15:09:57 | 00,147,456 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\brunin03.dll
[2009/05/06 15:09:57 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/05/06 15:09:57 | 00,053,248 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll
[2009/05/06 15:09:57 | 00,000,000 | ---D | C] -- C:\Program Files\Brother
[2009/05/06 15:02:08 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/05/06 15:01:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/05/06 15:01:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2009/05/06 15:01:11 | 00,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2009/05/06 15:01:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/05/06 14:59:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/05/04 16:27:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\BitTorrent
[2009/05/04 16:26:42 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/05/04 16:26:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\DNA
[2009/05/04 16:26:36 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/04/16 09:17:33 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 09:17:32 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 09:17:32 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 09:17:32 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/16 09:17:31 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 09:17:31 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 09:17:31 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 09:17:30 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 09:17:30 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 09:17:30 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 09:16:22 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 09:16:21 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 09:16:20 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 14:19:48 | 00,050,176 | ---- | C] () -- C:\Documents and Settings\Alex\My Documents\HSBC InvestDirect.doc
[2009/04/14 12:37:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/04/07 15:31:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\Mozilla
[2009/03/30 16:09:44 | 00,006,424 | ---- | C] () -- C:\Documents and Settings\Alex\My Documents\ExOfficio_Caravan_travel_.pdf
[2009/03/20 10:23:34 | 00,000,136 | ---- | C] () -- C:\WINDOWS\REDEMUNINS.INI
[2006/06/09 13:08:36 | 00,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2005/10/26 05:34:36 | 00,563,200 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2005/07/05 10:35:32 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/27 21:22:34 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 21:22:34 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/02/07 15:47:44 | 00,002,693 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2005/02/07 12:58:01 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2005/01/28 16:41:09 | 00,000,226 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2005/01/28 16:41:09 | 00,000,065 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2005/01/28 16:41:09 | 00,000,053 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2005/01/28 16:38:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2005/01/28 16:38:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2005/01/28 16:38:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\drvwp32.INI
[2005/01/18 17:35:56 | 00,000,178 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2005/01/18 17:02:02 | 00,000,273 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/01/18 17:02:01 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2005/01/18 17:01:56 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2005/01/18 16:19:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/08 06:59:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/08 06:55:11 | 00,000,309 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/08 06:18:38 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/19 06:29:40 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 06:17:10 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/10/26 15:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/15 21:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 12:04:08 | 00,000,717 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 11:57:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/04 04:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/09/15 16:13:28 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/09/15 16:12:32 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/09/15 16:06:34 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/09/15 15:59:04 | 00,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2002/10/06 11:42:57 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 16:04:25 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 16:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 16:04:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/16 00:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/11/23 19:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1979/12/31 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Files - Modified Within 60 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/22 09:28:30 | 00,000,609 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\OTL.exe.lnk
[2009/05/22 09:25:44 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2009/05/22 09:18:21 | 00,000,178 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2009/05/22 09:17:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/22 09:15:32 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Alex\Local Settings\DESKTOP.INI
[2009/05/22 09:15:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/22 09:15:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/22 09:15:09 | 10,634,07616 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/21 14:27:07 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\HijackThis.lnk
[2009/05/21 13:40:06 | 00,000,136 | ---- | M] () -- C:\WINDOWS\REDEMUNINS.INI
[2009/05/20 17:40:45 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/20 11:16:24 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/05/20 11:01:36 | 00,000,009 | ---- | M] () -- C:\CONFIG.SYD
[2009/05/12 10:17:13 | 00,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/05/08 15:19:59 | 00,001,104 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2009/05/08 15:19:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\brdfxspd.dat
[2009/05/08 15:03:56 | 00,000,153 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2009/05/08 14:47:33 | 00,511,075 | ---- | M] () -- C:\Documents and Settings\Alex\My Documents\smart_24hrs_may.pdf
[2009/05/07 00:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 16:20:08 | 00,000,062 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
[2009/05/06 15:11:37 | 00,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/06 15:11:37 | 00,000,065 | ---- | M] () -- C:\WINDOWS\System32\BD8460N.DAT
[2009/05/05 11:28:16 | 00,199,168 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\Thumbs.db
[2009/05/04 20:00:00 | 00,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Alex.job
[2009/05/01 10:31:13 | 00,050,176 | ---- | M] () -- C:\Documents and Settings\Alex\My Documents\HSBC InvestDirect.doc
[2009/04/16 09:44:59 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 09:44:59 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/04/16 09:44:59 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/04/16 09:35:14 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 12:38:32 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/04/14 12:37:35 | 00,001,476 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\DivX Movies.lnk
[2009/03/30 16:09:44 | 00,006,424 | ---- | M] () -- C:\Documents and Settings\Alex\My Documents\ExOfficio_Caravan_travel_.pdf
[2009/03/26 23:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

========== Alternate Data Streams ==========

@Alternate Data Stream - 3638 bytes -> C:\Documents and Settings\Alex\Desktop\Microsoft Office.url:favicon
@Alternate Data Stream - 318 bytes -> C:\Documents and Settings\Alex\Desktop\The Official Denon AVR-2808CI Owners Thread - Page 3 - AVS Forum.url:favicon
@Alternate Data Stream - 318 bytes -> C:\Documents and Settings\Alex\Desktop\OUTDOOR PRODUCTS products at Outdoor Super Store.url:favicon
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Alex\Desktop\Download Full Internet Explorer 6 SP1 Standalone Installer.url:favicon
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Alex\Desktop\selihpxe - RAM.url:favicon


______________________________________________________________________________________________

OTL Extras logfile created on: 22/05/2009 9:30:41 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1014.07 Mb Total Physical Memory | 501.64 Mb Available Physical Memory | 49.47% Memory free
1.64 Gb Paging File | 1.17 Gb Available in Paging File | 71.71% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.57 Gb Total Space | 22.14 Gb Free Space | 30.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 4.50 Gb Total Space | 2.39 Gb Free Space | 53.12% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 232.88 Gb Total Space | 33.44 Gb Free Space | 14.36% Space Free | Partition Type: NTFS

Computer Name: ACHAU
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 60 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/20 00:48:06 | 02,314,240 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Install Network Printer Wizard\hpjsi.exe:*:Enabled:HP Jetdirect Wireless Setup Wizard
File not found -- C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui
[2005/05/06 17:47:08 | 02,224,128 | ---- | M] (www.BitLord.com) -- C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord
[2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2
[2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
[2006/05/29 21:27:14 | 02,016,856 | ---- | M] () -- C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2009/05/04 16:26:46 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2009/04/08 12:37:48 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BB82D37-8E27-11D4-8EFB-525400DB607B}" = MYOB Accounting Plus V10
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{389D45C9-AA08-4034-A256-2A38C311999D}" = Iomega Discovery Tool Pro
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{67A5D171-4C74-4075-A492-0E480FA4B944}" = Brother BRAdmin Professiona 2.66
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E3499A-D25D-4B6B-8982-2BFA96AF9F09}" = Symantec Real Time Storage Protection Component
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABC4806B-26E4-40F3-8670-DF6A6F757BFE}" = SymNet
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5E5233B-17E9-4F1B-824D-46571B780EB1}" = HP Install Network Printer Wizard
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DCB91C79-B78B-44B1-A7FE-28DECA6E9245}" = Dell TrueMobile 2300 Wireless Broadband Router Control Utility
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E837279E-4C3F-411A-8E3D-0EFD97F818E3}" = WIDCOMM Bluetooth Software
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"America Online ca" = AOL (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AVI Codec Pack" = AVI Codec Pack
"BitLord" = BitLord 1.1
"Core FTP LE 2.1" = Core FTP LE 2.1
"Creative PD1130" = Creative WebCam NX Pro Driver (1.00.06.0512)
"Creative WebCam Monitor" = Creative WebCam Monitor
"Creative WebCam NX Pro User's Guide English" = Creative WebCam NX Pro User's Guide (English)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn (Remove Only)
"Intel® 537EP V9x DFV PCI Modem" = Intel® 537EP V9x DFV PCI Modem
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero BurnRights!UninstallKey" = Ahead Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PPLive" = PPLive 1.2.33
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"TOD" = TOD
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X264 H.264/AVC Video Codec (Sharktooth's build)" = X264 H.264/AVC Video Codec (Sharktooth's build) (remove only)
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-871413776-1219651466-323528162-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/04/2009 7:05:06 PM | Computer Name = ACHAU | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x0001a7ff.

Error - 17/04/2009 4:30:05 PM | Computer Name = ACHAU | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/04/2009 7:23:57 PM | Computer Name = ACHAU | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.2627.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00028c0b.

Error - 22/04/2009 7:47:27 PM | Computer Name = ACHAU | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001a5f3.

Error - 22/04/2009 8:16:20 PM | Computer Name = ACHAU | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00011689.

Error - 23/04/2009 2:30:11 PM | Computer Name = ACHAU | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/04/2009 8:30:58 PM | Computer Name = ACHAU | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00011689.

Error - 01/05/2009 5:00:01 PM | Computer Name = ACHAU | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 10.0.2614.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 13/05/2009 1:30:30 PM | Computer Name = ACHAU | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 14/05/2009 5:35:03 PM | Computer Name = ACHAU | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00011129.

[ System Events ]
Error - 20/05/2009 8:28:38 PM | Computer Name = ACHAU | Source = DCOM | ID = 10010
Description = The server {A0717E52-8AC8-4DD9-8682-0B76775125E6} did not register
with DCOM within the required timeout.

Error - 20/05/2009 8:29:35 PM | Computer Name = ACHAU | Source = DCOM | ID = 10010
Description = The server {A0717E52-8AC8-4DD9-8682-0B76775125E6} did not register
with DCOM within the required timeout.

Error - 20/05/2009 8:30:06 PM | Computer Name = ACHAU | Source = DCOM | ID = 10010
Description = The server {A0717E52-8AC8-4DD9-8682-0B76775125E6} did not register
with DCOM within the required timeout.

Error - 20/05/2009 8:30:43 PM | Computer Name = ACHAU | Source = DCOM | ID = 10010
Description = The server {A0717E52-8AC8-4DD9-8682-0B76775125E6} did not register
with DCOM within the required timeout.

Error - 20/05/2009 8:31:28 PM | Computer Name = ACHAU | Source = DCOM | ID = 10010
Description = The server {A0717E52-8AC8-4DD9-8682-0B76775125E6} did not register
with DCOM within the required timeout.

Error - 20/05/2009 8:34:56 PM | Computer Name = ACHAU | Source = DCOM | ID = 10010
Description = The server {A0717E52-8AC8-4DD9-8682-0B76775125E6} did not register
with DCOM within the required timeout.

Error - 20/05/2009 8:39:41 PM | Computer Name = ACHAU | Source = DCOM | ID = 10010
Description = The server {A0717E52-8AC8-4DD9-8682-0B76775125E6} did not register
with DCOM within the required timeout.

Error - 20/05/2009 8:40:11 PM | Computer Name = ACHAU | Source = DCOM | ID = 10010
Description = The server {A0717E52-8AC8-4DD9-8682-0B76775125E6} did not register
with DCOM within the required timeout.

Error - 20/05/2009 8:41:11 PM | Computer Name = ACHAU | Source = DCOM | ID = 10010
Description = The server {A0717E52-8AC8-4DD9-8682-0B76775125E6} did not register
with DCOM within the required timeout.

Error - 21/05/2009 1:13:04 PM | Computer Name = ACHAU | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec Core LC service.


< End of report >

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:09 AM

Posted 22 May 2009 - 12:47 PM

Hi again,

Please open OTL.
  • Copy the text in code box and paste it to Custom Scans/Fixes section:

    :Processes
    explorer.exe
    :otli
    O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    Drivers32: aux - C:\WINDOWS\system32\..\prbcg.ovw ()
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "aux"="wdmaud.drv"
    :commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Click Run Fix button.
  • If the fix needed a reboot please do it.
  • After finished a log will open. Copy and paste the log to your reply. Also tell me how is your computer running.


#5 ACha

ACha
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 22 May 2009 - 01:41 PM

Hi Farbar,

I ran the process and here is the log after rebooting.

Thanks,

========== PROCESSES ==========
Process explorer.exe killed successfully!
Error: Unable to interpret <:otli> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <Drivers32: aux - C:\WINDOWS\system32\..\prbcg.ovw ()> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found> in the current context!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\"aux"|"wdmaud.drv" /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\664 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib1682 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib1683 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib1684 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_694.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTL by OldTimer - Version 2.1.1.0 log created on 05222009_113027

Files moved on Reboot...
File C:\WINDOWS\temp\hsperfdata_SYSTEM\664 not found!
File C:\WINDOWS\temp\ib1682 not found!
File C:\WINDOWS\temp\ib1683 not found!
File C:\WINDOWS\temp\ib1684 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_694.dat not found!

Registry entries deleted on Reboot...

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:09 AM

Posted 22 May 2009 - 01:58 PM

We have to do this once more. I edited the syntax.
  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :Processes
      explorer.exe
      :otl
      O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
      O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
      O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
      O3 - HKU\S-1-5-21-871413776-1219651466-323528162-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
      :reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
      "aux"="wdmaud.drv"
      :files
      C:\WINDOWS\prbcg.ovw
      :commands
      [emptytemp]
      [start explorer]
      [Reboot]
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Also tell me how is your computer running after reboot.

Edited by farbar, 22 May 2009 - 02:08 PM.


#7 ACha

ACha
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 22 May 2009 - 02:01 PM

Hi Farbar,

After running the fix, it looks like everything is working fine now. All the problems I had before are gone. Also, the system seems to run faster now.

Can you please advise what caused the problem I had earlier so that I can try to be more careful in the future.

Thank you again for your kind help.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:09 AM

Posted 22 May 2009 - 02:09 PM

Yes I'll tell you later on. We need to make sure the trojan file is deleted. Plese run the fix on post #6 and post the log. It is a second fix.

#9 ACha

ACha
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 22 May 2009 - 02:25 PM

Hi FarBar,

Sorry to have jumped the gun. Here is the log after the 2nd fix:

Thanks,

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-871413776-1219651466-323528162-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-871413776-1219651466-323528162-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-871413776-1219651466-323528162-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-871413776-1219651466-323528162-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\"aux"|"wdmaud.drv" /E : value set successfully!
========== FILES ==========
C:\WINDOWS\prbcg.ovw moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\724 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib2 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib4 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_648.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTL by OldTimer - Version 2.1.1.0 log created on 05222009_121714

Files moved on Reboot...
File C:\WINDOWS\temp\hsperfdata_SYSTEM\724 not found!
File move failed. C:\WINDOWS\temp\ib2 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib3 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib4 scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_648.dat not found!

Registry entries deleted on Reboot...

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:09 AM

Posted 22 May 2009 - 02:43 PM

Well done. :thumbup2:

To answer your question the trojan we removed was a variant of Wind32/Daonol trojan.

Make sure you uninstall all those older version of Java and Java Runtime Environment before installing the new version.
  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
    • Click the Download button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
    -- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    -- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
    -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#11 ACha

ACha
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:09 PM

Posted 22 May 2009 - 03:09 PM

Hi FarBar,

My system is running fine now. I will finish up with all the other recommendations you made

Thank you very much for your help. Your instructions were amazingly clear and easy to follow. I am glad that I have discovered this forum.

Best Regards.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:09 AM

Posted 29 May 2009 - 05:45 AM

You are welcome, glad I could help.

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users