Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It started with Windows Police Pro...


  • This topic is locked This topic is locked
42 replies to this topic

#1 IditoUser

IditoUser

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 October 2009 - 06:52 PM

Okay, so, first, please let me start off that I am an absolute idiot user. Perhaps I have learned a little more this time, but...well, let's at least say I learned about Bleeping Computer and I'm hoping you can help.

Am running Dell XPS400, with Windows XP Media Center Edition, Version 5.2

My Trend Microcillan exprired in May and I didn't prioritize the renewal.

Here comes the stupid.

A few days ago Windows Police Pro infected my system, couldn't use web pages, windows fixed an internet connection error; in all honesty, what happened next was pretty fast. Other parts of the system started shutting down and becoming inaccesible. I couldn't run PCillan, couldn't get my security center up and couldn't get to Add/Remove programs.

Then the real idiot, panic, set in.

I started looking up WPP online and started deleting, renaming, attempting to remove the files in any way I could. Might as well have handed a man on fire a can of gasoline...

I removed about five-seven files, some of which, I'm sure, were actually harmful! ugg.

Anyway, now, of course, I've gone the opposite route. I had little to no responsiveness, at all, to the system; when I log in, my desktop font is different and my toolbar is already open. Showing "My docs" "My computer" "My Network Places" "Recycle Bin" a dead "Internet Explorer" and "Coral Photo Album" open. I can look at those folders, but when I close them, they return to the toolbar...

I of course took my can of gasoline and started to apply napalm, thinking this would solve the problem...(again, please see username).

I downloaded to a laptop, "Dr Web Cure-It!", "Autoruns", "DDS", "HJT" (sorry), "MBAM", "OTM", Root Repeal, Spyware Doctor, spybots, stopzilla, TFC, unhook...

After that dowsing, some things actually work. I can access the stick I am using to destroy my machine, for example. I've been able to run most everything (see username), from the stick, but can't actually save any of it to any effectiveness. Most likely a good thing, now that I've stopped the panic, found Bleeping Computer and can perhaps get some help.

Thinking it may be WPP, I attempted to install and run MBAM, but have a run-time error '372", failed to load control 'vbalGrid' from vbalsgrid6.ocx.

Spyware Doctor notes Updates Required, seeks Proxy settings and asks to run Smart Update.

Whatever the heck is what I did got HJT up and running, it wouldn't. It would run, list the log and close immediately. I did move files with OTM.

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:52 AM

Posted 28 October 2009 - 02:17 PM

Hi IditoUser,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

The computer is obviously in a pretty bad shape. I can't say from the log who did the most damage, the malware or someone else. :(
But we are going to take a shot at it.
  • Please describe the condition of your computer so that I know what is going on and adjust my fixes to the current condition of the computer . What are the specific symptoms? Can you use internet? Can you copy and paste? etc.

  • Please download the attached file and run it. A log.txt file will be saved on your memory stick. Please post the content of it or attach it to your reply.


#3 IditoUser

IditoUser
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 29 October 2009 - 11:21 AM

I agree to refrain from making any changes to the system (scanning or running other tools, updating Windows, installing applications, removing files, etc.). :(


Okay, downloaded lookit, ran the file, received the following log.txt

Volume in drive C has no label.
Volume Serial Number is F8E7-8B22

Directory of c:\WINDOWS\$NtServicePackUninstall$

08/10/2004 07:00 AM 14,336 svchost.exe
1 File(s) 14,336 bytes

Directory of c:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 14,336 svchost.exe
1 File(s) 14,336 bytes

Directory of c:\WINDOWS\system32

04/13/2008 08:12 PM 14,336 svchost.exe
1 File(s) 14,336 bytes

Total Files Listed:
3 File(s) 43,008 bytes
0 Dir(s) 88,981,295,104 bytes free
Volume in drive C has no label.
Volume Serial Number is F8E7-8B22

Directory of c:\


I am sincerely hoping this is it; lookit opened a dos window, and then noted that the log.txt would be saved to my k drive.

My PC is limping along, I cannot copy and paste files to my desktop; just not an option. I have save as, which would create a shortcut.

When I open a word doc., it notes: “This document could not be registered. It will not be possible to create links from other documents to this document”.

Internet is dead. Both because I’ve disconnected and it wouldn’t work before hand anyway. Now, it won’t even open an explorer window.

I can now access My computer and open add/remove programs. I can also, now, open security center, however, when I attempt to open windows firewall, it notes: “Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service?”

Not sure if that helps with diagnosis.

Edited by IditoUser, 29 October 2009 - 11:30 AM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:52 AM

Posted 29 October 2009 - 12:55 PM

Have you tried to run ComboFix? Did it run?

Have you used Windows Configuration Utility (msconfig) to disable services?
  • Please download the following tool on your desktop.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • In all the sections on the left side (Processes, Services, Drivers, Modules, Standard Registry, Extra Registry) section check All.
    • Click Run Scan button.
    • Two reports will open (it might not open in your case), copy and paste or attach them to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#5 IditoUser

IditoUser
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 29 October 2009 - 02:27 PM

I did try to run ComboFix, it did run.

I did not use msconfig to disable services.

Here’s the query log.

------ REGISTRY:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
- HTTPFilter - HTTPFilter
- LocalService - Alerter, WebClient, LmHosts, RemoteRegistry, upnphost, SSDPSRV
- NetworkService - DnsCache
- DcomLaunch - DcomLaunch, TermService
- rpcss - RpcSs
- imgsvc - StiSvc
- termsvcs - TermService
- eapsvcs - eaphost
- dot3svc - dot3svc
- WudfServiceGroup - WUDFSvc
- netsvcs - 6to4, AppMgmt, AudioSrv, Browser, CryptSvc, DMServer, DHCP, ERSvc, EventSystem, FastUserSwitchingCompatibility, HidServ, Ias, Iprip, Irmon, LanmanServer, LanmanWorkstation, Messenger, Netman, Nla, Ntmssvc, NWCWorkstation, Nwsapagent, Rasauto, Rasman, Remoteaccess, Schedule, Seclogon, SENS, Sharedaccess, SRService, Tapisrv, Themes, TrkWks, W32Time, WZCSVC, Wmi, WmdmPmSp, winmgmt, wscsvc, xmlprov, MHN, BITS, wuauserv, ShellHWDetection, helpsvc, WmdmPmSN, napagent, hkmsvc


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 8 (0x8)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc
AuthenticationCapabilities REG_DWORD 12320 (0x3020)
CoInitializeSecurityParam REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs
AuthenticationCapabilities REG_DWORD 12320 (0x3020)
CoInitializeSecurityParam REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 8192 (0x2000)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 12320 (0x3020)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
CoInitializeSecurityParam REG_DWORD 2 (0x2)
AuthenticationCapabilities REG_DWORD 64 (0x40)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 8 (0x8)


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

------ SVCHOST SERVICES NOT RUNNING

STOPPED: AUTO_START: AudioSrv : Windows Audio
STOPPED: AUTO_START: BITS : Background Intelligent Transfer Service
STOPPED: AUTO_START: Browser : Computer Browser
STOPPED: AUTO_START: CryptSvc : CryptSvc
STOPPED: AUTO_START: DcomLaunch : DCOM Server Process Launcher
STOPPED: AUTO_START: Dhcp : DHCP Client
STOPPED: AUTO_START: dmserver : Logical Disk Manager
STOPPED: AUTO_START: Dnscache : DNS Client
STOPPED: AUTO_START: ERSvc : Error Reporting Service
STOPPED: AUTO_START: helpsvc : Help and Support
STOPPED: AUTO_START: lanmanserver : Server
STOPPED: AUTO_START: lanmanworkstation : Workstation
STOPPED: AUTO_START: LmHosts : TCP/IP NetBIOS Helper
STOPPED: AUTO_START: RemoteRegistry : Remote Registry
STOPPED: AUTO_START: RpcSs : Remote Procedure Call (RPC)
STOPPED: AUTO_START: Schedule : Task Scheduler
STOPPED: AUTO_START: seclogon : Secondary Logon
STOPPED: AUTO_START: SENS : System Event Notification
STOPPED: AUTO_START: SharedAccess : Windows Firewall/Internet Connection Sharing (ICS)
STOPPED: AUTO_START: ShellHWDetection : Shell Hardware Detection
STOPPED: AUTO_START: srservice : System Restore Service
STOPPED: AUTO_START: SSDPSRV : SSDP Discovery Service
STOPPED: AUTO_START: stisvc : Windows Image Acquisition (WIA)
STOPPED: AUTO_START: Themes : Themes
STOPPED: AUTO_START: TrkWks : Distributed Link Tracking Client
STOPPED: AUTO_START: W32Time : Windows Time
STOPPED: AUTO_START: WebClient : WebClient
STOPPED: AUTO_START: winmgmt : Windows Management Instrumentation
STOPPED: AUTO_START: wscsvc : Security Center
STOPPED: AUTO_START: wuauserv : Automatic Updates
STOPPED: AUTO_START: WudfSvc : Windows Driver Foundation - User-mode Driver Framework
STOPPED: AUTO_START: WZCSVC : Wireless Zero Configuration
STOPPED: DEMAND_START: AppMgmt : Application Management
STOPPED: DEMAND_START: Dot3svc : Wired AutoConfig
STOPPED: DEMAND_START: EapHost : Extensible Authentication Protocol Service
STOPPED: DEMAND_START: EventSystem : COM+ Event System
STOPPED: DEMAND_START: FastUserSwitchingCompatibility : Fast User Switching Compatibility
STOPPED: DEMAND_START: hkmsvc : Health Key and Certificate Management Service
STOPPED: DEMAND_START: HTTPFilter : HTTP SSL
STOPPED: DEMAND_START: MHN : MHN
STOPPED: DEMAND_START: napagent : Network Access Protection Agent
STOPPED: DEMAND_START: Netman : Network Connections
STOPPED: DEMAND_START: Nla : Network Location Awareness (NLA)
STOPPED: DEMAND_START: NtmsSvc : Removable Storage
STOPPED: DEMAND_START: RasAuto : Remote Access Auto Connection Manager
STOPPED: DEMAND_START: RasMan : Remote Access Connection Manager
STOPPED: DEMAND_START: TapiSrv : Telephony
STOPPED: DEMAND_START: TermService : Terminal Services
STOPPED: DEMAND_START: upnphost : Universal Plug and Play Device Host
STOPPED: DEMAND_START: WmdmPmSN : Portable Media Serial Number Service
STOPPED: DEMAND_START: Wmi : Windows Management Instrumentation Driver Extensions
STOPPED: DEMAND_START: xmlprov : Network Provisioning Service
STOPPED: DISABLED: Alerter : Alerter
STOPPED: DISABLED: HidServ : Human Interface Device Access
STOPPED: DISABLED: Messenger : Messenger
STOPPED: DISABLED: RemoteAccess : Routing and Remote Access

------ SVCHOST CURRENTLY RUNNING:

------ SVCHOST SUB-DEPENDENTS

HTTPFilter = 1
STOPPED: WMPNetworkSvc: Windows Media Player Network Sharing Service

upnphost = 1
STOPPED: WMPNetworkSvc: Windows Media Player Network Sharing Service

SSDPSRV = 4
STOPPED: CCALib8: Canon Camera Access Library 8
STOPPED: McrdSvc: Media Center Extender Service
STOPPED: upnphost: Universal Plug and Play Device Host
STOPPED: WMPNetworkSvc: Windows Media Player Network Sharing Service

DMServer = 1
STOPPED: dmadmin: Logical Disk Manager Administrative Service

EventSystem = 1
STOPPED: SENS: System Event Notification

LanmanServer = 1
STOPPED: Browser: Computer Browser

LanmanWorkstation = 5
STOPPED: Alerter: Alerter
STOPPED: Browser: Computer Browser
STOPPED: Messenger: Messenger
STOPPED: Netlogon: Net Logon
STOPPED: RpcLocator: Remote Procedure Call (RPC) Locator

Netman = 1
STOPPED: SharedAccess: Windows Firewall/Internet Connection Sharing (ICS)

Rasman = 2
STOPPED: RasAuto: Remote Access Auto Connection Manager
STOPPED: TmPfw: Trend Micro Personal Firewall

Tapisrv = 3
STOPPED: RasAuto: Remote Access Auto Connection Manager
STOPPED: RasMan: Remote Access Connection Manager
STOPPED: TmPfw: Trend Micro Personal Firewall

winmgmt = 2
STOPPED: SharedAccess: Windows Firewall/Internet Connection Sharing (ICS)
STOPPED: wscsvc: Security Center

TermService = 1
STOPPED: FastUserSwitchingCompatibility: Fast User Switching Compatibility

RpcSs = 64
STOPPED: AudioSrv: Windows Audio
STOPPED: BITS: Background Intelligent Transfer Service
STOPPED: Browser Defender Update Service: Browser Defender Update Service
STOPPED: CCALib8: Canon Camera Access Library 8
STOPPED: CiSvc: Indexing Service
STOPPED: COMSysApp: COM+ System Application
STOPPED: CryptSvc: CryptSvc
STOPPED: dmadmin: Logical Disk Manager Administrative Service
STOPPED: dmserver: Logical Disk Manager
STOPPED: Dot3svc: Wired AutoConfig
STOPPED: EapHost: Extensible Authentication Protocol Service
STOPPED: ehRecvr: Media Center Receiver Service
STOPPED: ehSched: Media Center Scheduler Service
STOPPED: ERSvc: Error Reporting Service
STOPPED: EventSystem: COM+ Event System
STOPPED: FastUserSwitchingCompatibility: Fast User Switching Compatibility
STOPPED: gupdate1c98fc134283962: Google Update Service (gupdate1c98fc134283962)
STOPPED: gusvc: Google Software Updater
STOPPED: helpsvc: Help and Support
STOPPED: HidServ: Human Interface Device Access
STOPPED: hkmsvc: Health Key and Certificate Management Service
STOPPED: IISADMIN: IIS Admin
STOPPED: iPod Service: iPod Service
STOPPED: LPDSVC: TCP/IP Print Server
STOPPED: McrdSvc: Media Center Extender Service
STOPPED: MDM: Machine Debug Manager
STOPPED: Messenger: Messenger
STOPPED: MHN: MHN
STOPPED: MSDTC: Distributed Transaction Coordinator
STOPPED: MSIServer: Windows Installer
STOPPED: napagent: Network Access Protection Agent
STOPPED: Netman: Network Connections
STOPPED: NtmsSvc: Removable Storage
STOPPED: PcCtlCom: Trend Micro Central Control Component
STOPPED: PolicyAgent: IPSEC Services
STOPPED: ProtectedStorage: Protected Storage
STOPPED: RasAuto: Remote Access Auto Connection Manager
STOPPED: RasMan: Remote Access Connection Manager
STOPPED: RDSessMgr: Remote Desktop Help Session Manager
STOPPED: RemoteAccess: Routing and Remote Access
STOPPED: RemoteRegistry: Remote Registry
STOPPED: RSVP: QoS RSVP
STOPPED: SamSs: Security Accounts Manager
STOPPED: Schedule: Task Scheduler
STOPPED: SENS: System Event Notification
STOPPED: SharedAccess: Windows Firewall/Internet Connection Sharing (ICS)
STOPPED: ShellHWDetection: Shell Hardware Detection
STOPPED: SMTPSVC: Simple Mail Transfer Protocol (SMTP)
STOPPED: Spooler: Print Spooler
STOPPED: srservice: System Restore Service
STOPPED: stisvc: Windows Image Acquisition (WIA)
STOPPED: SwPrv: MS Software Shadow Copy Provider
STOPPED: TapiSrv: Telephony
STOPPED: TermService: Terminal Services
STOPPED: TlntSvr: Telnet
STOPPED: TmPfw: Trend Micro Personal Firewall
STOPPED: TrkWks: Distributed Link Tracking Client
STOPPED: VSS: Volume Shadow Copy
STOPPED: W3SVC: World Wide Web Publishing
STOPPED: winmgmt: Windows Management Instrumentation
STOPPED: WmiApSrv: WMI Performance Adapter
STOPPED: wscsvc: Security Center
STOPPED: WZCSVC: Wireless Zero Configuration
STOPPED: xmlprov: Network Provisioning Service

StiSvc = 1
STOPPED: CCALib8: Canon Camera Access Library 8

TermService = 1
STOPPED: FastUserSwitchingCompatibility: Fast User Switching Compatibility

eaphost = 1
STOPPED: Dot3svc: Wired AutoConfig



Was unable to save OTL to desktop, BUT, was able to run the scan and am providing the logs:

Here is the OTL.txt log:

OTL logfile created on: 10/29/2009 3:07:01 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = K:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.08 Mb Total Physical Memory | 616.76 Mb Available Physical Memory | 60.34% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 82.87 Gb Free Space | 77.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 37.00 Gb Total Space | 0.83 Gb Free Space | 2.25% Space Free | Partition Type: NTFS
Drive I: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 3.77 Gb Total Space | 3.70 Gb Free Space | 98.05% Space Free | Partition Type: FAT32

Computer Name: I Deleted the name for this post.
Current User Name: See above
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (All) ==========

PRC - [2009/10/29 15:05:48 | 00,521,728 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/09/22 17:11:32 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/03/10 16:07:28 | 00,323,216 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2009/03/01 09:56:54 | 00,214,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2009/03/01 09:56:52 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/06 07:11:05 | 00,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 20:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe
PRC - [2008/04/13 20:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe
PRC - [2008/04/13 20:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/13 20:12:16 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe
PRC - [2008/04/13 20:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrss.exe
PRC - [2007/04/09 13:32:32 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
PRC - [2006/10/12 03:10:54 | 00,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
PRC - [2006/10/12 03:10:54 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
PRC - [2006/02/09 21:51:48 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/08/31 12:06:18 | 00,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
PRC - [2005/08/22 23:31:48 | 00,290,889 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/06/10 11:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/04/25 19:41:02 | 00,262,215 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Win32 Services (All) ==========

SRV - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service [Auto | Stopped])
SRV - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009/06/10 02:14:49 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll -- (lanmanworkstation [Auto | Stopped])
SRV - [2009/03/24 10:16:24 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009/02/15 19:00:29 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98fc134283962 [Auto | Stopped])
SRV - [2009/02/09 08:10:48 | 00,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll -- (Wmi [On_Demand | Stopped])
SRV - [2009/02/09 08:10:48 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcss.dll -- (RpcSs [Auto | Stopped])
SRV - [2009/02/09 08:10:48 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcss.dll -- (DcomLaunch [Auto | Stopped])
SRV - [2009/02/06 07:11:05 | 00,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe -- (PlugPlay [Auto | Running])
SRV - [2009/02/06 07:11:05 | 00,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe -- (Eventlog [Auto | Running])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/07 16:26:58 | 00,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\es.dll -- (EventSystem [On_Demand | Stopped])
SRV - [2008/06/20 13:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswsock.dll -- (Nla [On_Demand | Stopped])
SRV - [2008/04/13 20:12:40 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Stopped])
SRV - [2008/04/13 20:12:38 | 00,289,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssvc.exe -- (VSS [On_Demand | Stopped])
SRV - [2008/04/13 20:12:38 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
SRV - [2008/04/13 20:12:38 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ups.exe -- (UPS [On_Demand | Stopped])
SRV - [2008/04/13 20:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler [Auto | Stopped])
SRV - [2008/04/13 20:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2008/04/13 20:12:36 | 00,014,336 | ---- | M] () -- C:\WINDOWS\System32\svchost.exe -- (HidServ [Disabled | Stopped])
SRV - [2008/04/13 20:12:36 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
SRV - [2008/04/13 20:12:35 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smlogsvc.exe -- (SysmonLog [On_Demand | Stopped])
SRV - [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe -- (RDSessMgr [On_Demand | Stopped])
SRV - [2008/04/13 20:12:33 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SCardSvr.exe -- (SCardSvr [On_Demand | Stopped])
SRV - [2008/04/13 20:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe -- (NetDDEdsdm [Disabled | Stopped])
SRV - [2008/04/13 20:12:29 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe -- (NetDDE [Disabled | Stopped])
SRV - [2008/04/13 20:12:28 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
SRV - [2008/04/13 20:12:27 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe -- (MSDTC [On_Demand | Stopped])
SRV - [2008/04/13 20:12:25 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe -- (mnmsrvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:24 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe -- (RpcLocator [On_Demand | Stopped])
SRV - [2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (SamSs [Auto | Stopped])
SRV - [2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (ProtectedStorage [Auto | Stopped])
SRV - [2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (PolicyAgent [Auto | Stopped])
SRV - [2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
SRV - [2008/04/13 20:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (Netlogon [On_Demand | Stopped])
SRV - [2008/04/13 20:12:22 | 00,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi.exe -- (ImapiService [On_Demand | Stopped])
SRV - [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Stopped])
SRV - [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Stopped])
SRV - [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Stopped])
SRV - [2008/04/13 20:12:17 | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
SRV - [2008/04/13 20:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv [On_Demand | Stopped])
SRV - [2008/04/13 20:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
SRV - [2008/04/13 20:12:14 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clipsrv.exe -- (ClipSrv [On_Demand | Stopped])
SRV - [2008/04/13 20:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alg.exe -- (ALG [On_Demand | Stopped])
SRV - [2008/04/13 20:12:11 | 00,483,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsvc.dll -- (WZCSVC [Auto | Stopped])
SRV - [2008/04/13 20:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprov.dll -- (xmlprov [On_Demand | Stopped])
SRV - [2008/04/13 20:12:11 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll -- (wuauserv [Auto | Stopped])
SRV - [2008/04/13 20:12:10 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc [Auto | Stopped])
SRV - [2008/04/13 20:12:09 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WMIsvc.dll -- (winmgmt [Auto | Stopped])
SRV - [2008/04/13 20:12:08 | 00,333,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaservc.dll -- (stisvc [Auto | Stopped])
SRV - [2008/04/13 20:12:08 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\upnphost.dll -- (upnphost [On_Demand | Stopped])
SRV - [2008/04/13 20:12:08 | 00,175,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w32time.dll -- (W32Time [Auto | Stopped])
SRV - [2008/04/13 20:12:08 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webclnt.dll -- (WebClient [Auto | Stopped])
SRV - [2008/04/13 20:12:08 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ssl.dll -- (HTTPFilter [On_Demand | Stopped])
SRV - [2008/04/13 20:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll -- (TermService [On_Demand | Stopped])
SRV - [2008/04/13 20:12:07 | 00,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tapisrv.dll -- (TapiSrv [On_Demand | Stopped])
SRV - [2008/04/13 20:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll -- (srservice [Auto | Stopped])
SRV - [2008/04/13 20:12:07 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll -- (lanmanserver [Auto | Stopped])
SRV - [2008/04/13 20:12:07 | 00,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\trkwks.dll -- (TrkWks [Auto | Stopped])
SRV - [2008/04/13 20:12:07 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssdpsrv.dll -- (SSDPSRV [Auto | Stopped])
SRV - [2008/04/13 20:12:05 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll -- (Schedule [Auto | Stopped])
SRV - [2008/04/13 20:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (Themes [Auto | Stopped])
SRV - [2008/04/13 20:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection [Auto | Stopped])
SRV - [2008/04/13 20:12:05 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (FastUserSwitchingCompatibility [On_Demand | Stopped])
SRV - [2008/04/13 20:12:05 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sens.dll -- (SENS [Auto | Stopped])
SRV - [2008/04/13 20:12:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\seclogon.dll -- (seclogon [Auto | Stopped])
SRV - [2008/04/13 20:12:04 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvc.dll -- (RemoteRegistry [Auto | Stopped])
SRV - [2008/04/13 20:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll -- (BITS [Auto | Stopped])
SRV - [2008/04/13 20:12:03 | 00,291,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll -- (napagent [On_Demand | Stopped])
SRV - [2008/04/13 20:12:03 | 00,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasmans.dll -- (RasMan [On_Demand | Stopped])
SRV - [2008/04/13 20:12:03 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll -- (RasAuto [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmssvc.dll -- (NtmsSvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Stopped])
SRV - [2008/04/13 20:12:01 | 00,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netman.dll -- (Netman [On_Demand | Stopped])
SRV - [2008/04/13 20:11:59 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll -- (Messenger [Disabled | Stopped])
SRV - [2008/04/13 20:11:57 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mprdim.dll -- (RemoteAccess [Disabled | Stopped])
SRV - [2008/04/13 20:11:56 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll -- (hkmsvc [On_Demand | Stopped])
SRV - [2008/04/13 20:11:56 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll -- (LmHosts [Auto | Stopped])
SRV - [2008/04/13 20:11:55 | 00,331,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess [Auto | Stopped])
SRV - [2008/04/13 20:11:53 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc [Auto | Stopped])
SRV - [2008/04/13 20:11:52 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll -- (Dot3svc [On_Demand | Stopped])
SRV - [2008/04/13 20:11:52 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache [Auto | Stopped])
SRV - [2008/04/13 20:11:52 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost [On_Demand | Stopped])
SRV - [2008/04/13 20:11:52 | 00,023,552 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dmserver.dll -- (dmserver [Auto | Stopped])
SRV - [2008/04/13 20:11:51 | 00,126,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp [Auto | Stopped])
SRV - [2008/04/13 20:11:51 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc [Auto | Stopped])
SRV - [2008/04/13 20:11:50 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browser.dll -- (Browser [Auto | Stopped])
SRV - [2008/04/13 20:11:50 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\audiosrv.dll -- (AudioSrv [Auto | Stopped])
SRV - [2008/04/13 20:11:49 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt [On_Demand | Stopped])
SRV - [2008/04/13 20:11:49 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alrsvc.dll -- (Alerter [Disabled | Stopped])
SRV - [2006/10/18 22:47:16 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSNSv.dll -- (WmdmPmSN [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Stopped])
SRV - [2006/09/28 19:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFSvc.dll -- (WudfSvc [Auto | Stopped])
SRV - [2006/09/04 21:54:44 | 00,880,722 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe -- (PcCtlCom [Auto | Stopped])
SRV - [2006/02/09 22:05:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2006/02/09 21:51:48 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2005/09/30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Stopped])
SRV - [2005/08/22 23:31:48 | 00,290,889 | ---- | M] (Trend Micro Incorporated.) -- C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe -- (Tmntsrv [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Stopped])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Stopped])
SRV - [2005/06/21 16:19:38 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device [On_Demand | Stopped])
SRV - [2005/04/25 19:41:02 | 00,262,215 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe -- (tmproxy [Auto | Running])
SRV - [2005/04/25 19:39:02 | 00,585,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe -- (TmPfw [Auto | Stopped])
SRV - [2004/08/10 07:00:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsvp.exe -- (RSVP [On_Demand | Stopped])
SRV - [2004/08/10 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])

========== Driver Services (All) ==========

DRV - File not found -- -- (WDICA [On_Demand | Stopped])
DRV - File not found -- -- (ViaIde [Disabled | Stopped])
DRV - File not found -- -- (ultra [Disabled | Stopped])
DRV - File not found -- -- (TosIde [Disabled | Stopped])
DRV - File not found -- -- (symc8xx [Disabled | Stopped])
DRV - File not found -- -- (symc810 [Disabled | Stopped])
DRV - File not found -- -- (sym_u3 [Disabled | Stopped])
DRV - File not found -- -- (sym_hi [Disabled | Stopped])
DRV - File not found -- -- (Sparrow [Disabled | Stopped])
DRV - File not found -- -- (Simbad [Disabled | Stopped])
DRV - File not found -- -- (ql1280 [Disabled | Stopped])
DRV - File not found -- -- (ql1240 [Disabled | Stopped])
DRV - File not found -- -- (ql12160 [Disabled | Stopped])
DRV - File not found -- -- (Ql10wnt [Disabled | Stopped])
DRV - File not found -- -- (ql1080 [Disabled | Stopped])
DRV - File not found -- -- (perc2hib [Disabled | Stopped])
DRV - File not found -- -- (perc2 [Disabled | Stopped])
DRV - File not found -- -- (PDRFRAME [On_Demand | Stopped])
DRV - File not found -- -- (PDRELI [On_Demand | Stopped])
DRV - File not found -- -- (PDFRAME [On_Demand | Stopped])
DRV - File not found -- -- (PDCOMP [On_Demand | Stopped])
DRV - File not found -- -- (PCIDump [System | Stopped])
DRV - File not found -- -- (mraid35x [Disabled | Stopped])
DRV - File not found -- -- (lbrtfdc [System | Stopped])
DRV - File not found -- -- (IntelIde [Disabled | Stopped])
DRV - File not found -- -- (ini910u [Disabled | Stopped])
DRV - File not found -- -- (i2omp [Disabled | Stopped])
DRV - File not found -- -- (i2omgmt [System | Stopped])
DRV - File not found -- -- (hpn [Disabled | Stopped])
DRV - File not found -- -- (dpti2o [Disabled | Stopped])
DRV - File not found -- -- (dac960nt [Disabled | Stopped])
DRV - File not found -- -- (Cpqarray [Disabled | Stopped])
DRV - File not found -- -- (CmdIde [Disabled | Stopped])
DRV - File not found -- -- (Changer [System | Stopped])
DRV - File not found -- -- (cd20xrnt [Disabled | Stopped])
DRV - File not found -- -- (Atdisk [Disabled | Stopped])
DRV - File not found -- -- (asc3550 [Disabled | Stopped])
DRV - File not found -- -- (asc3350p [Disabled | Stopped])
DRV - File not found -- -- (asc [Disabled | Stopped])
DRV - File not found -- -- (amsint [Disabled | Stopped])
DRV - File not found -- -- (AliIde [Disabled | Stopped])
DRV - File not found -- -- (aic78xx [Disabled | Stopped])
DRV - File not found -- -- (aic78u2 [Disabled | Stopped])
DRV - File not found -- -- (Aha154x [Disabled | Stopped])
DRV - File not found -- -- (adpu160m [Disabled | Stopped])
DRV - File not found -- -- (abp480n5 [Disabled | Stopped])
DRV - File not found -- -- (Abiosdsk [Disabled | Stopped])
DRV - [2009/09/23 16:10:06 | 00,207,280 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2009/06/24 07:18:41 | 00,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD [Boot | Running])
DRV - [2008/12/11 06:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\srv.sys -- (Srv [On_Demand | Stopped])
DRV - [2008/12/04 23:58:48 | 00,241,296 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2008/11/26 18:42:42 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TmXPFlt.sys -- (Tmfilter [Auto | Running])
DRV - [2008/11/26 18:42:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\Tmpreflt.sys -- (Tmpreflt [Auto | Running])
DRV - [2008/11/26 18:39:56 | 01,195,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\Vsapint.sys -- (Vsapint [Auto | Running])
DRV - [2008/10/24 07:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mrxsmb.sys -- (MRxSmb [System | Running])
DRV - [2008/08/14 06:04:36 | 00,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD [System | Running])
DRV - [2008/06/20 07:51:12 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip.sys -- (Tcpip [System | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 20:13:22 | 00,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD [On_Demand | Stopped])
DRV - [2008/04/13 20:13:21 | 00,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP [On_Demand | Stopped])
DRV - [2008/04/13 20:13:20 | 00,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\termdd.sys -- (TermDD [System | Running])
DRV - [2008/04/13 20:13:20 | 00,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE [On_Demand | Stopped])
DRV - [2008/04/13 15:28:39 | 00,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\rdbss.sys -- (Rdbss [System | Running])
DRV - [2008/04/13 15:21:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\netbt.sys -- (NetBT [System | Running])
DRV - [2008/04/13 15:20:42 | 00,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ndiswan.sys -- (NdisWan [On_Demand | Running])
DRV - [2008/04/13 15:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
DRV - [2008/04/13 15:19:48 | 00,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\raspptp.sys -- (PptpMiniport [On_Demand | Running])
DRV - [2008/04/13 15:19:43 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp [On_Demand | Running])
DRV - [2008/04/13 15:19:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ipsec.sys -- (IPSec [System | Running])
DRV - [2008/04/13 15:18:00 | 00,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i8042prt.sys -- (i8042prt [System | Stopped])
DRV - [2008/04/13 15:17:18 | 00,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys -- (wdmaud [On_Demand | Stopped])
DRV - [2008/04/13 15:17:05 | 00,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup [Boot | Running])
DRV - [2008/04/13 15:15:55 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys -- (sysaudio [On_Demand | Stopped])
DRV - [2008/04/13 15:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
DRV - [2008/04/13 15:15:45 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serial.sys -- (Serial [Auto | Stopped])
DRV - [2008/04/13 15:14:29 | 00,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat [Disabled | Running])
DRV - [2008/04/13 15:14:21 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs [Disabled | Running])
DRV - [2008/04/13 15:00:19 | 00,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem [On_Demand | Running])
DRV - [2008/04/13 14:57:32 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\raspppoe.sys -- (RasPppoe [On_Demand | Running])
DRV - [2008/04/13 14:57:29 | 00,040,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy [On_Demand | Running])
DRV - [2008/04/13 14:57:27 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\asyncmac.sys -- (AsyncMac [On_Demand | Running])
DRV - [2008/04/13 14:57:27 | 00,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ndistapi.sys -- (NdisTapi [On_Demand | Running])
DRV - [2008/04/13 14:57:21 | 00,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wanarp.sys -- (Wanarp [On_Demand | Running])
DRV - [2008/04/13 14:57:15 | 00,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ipnat.sys -- (IpNat [On_Demand | Running])
DRV - [2008/04/13 14:57:07 | 00,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp [On_Demand | Stopped])
DRV - [2008/04/13 14:56:38 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\psched.sys -- (PSched [On_Demand | Running])
DRV - [2008/04/13 14:56:32 | 00,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msgpc.sys -- (Gpc [On_Demand | Running])
DRV - [2008/04/13 14:56:02 | 00,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\netbios.sys -- (NetBIOS [System | Running])
DRV - [2008/04/13 14:55:58 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ndisuio.sys -- (Ndisuio [On_Demand | Running])
DRV - [2008/04/13 14:54:28 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\irenum.sys -- (IRENUM [On_Demand | Stopped])
DRV - [2008/04/13 14:53:53 | 00,264,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\HTTP.sys -- (HTTP [On_Demand | Running])
DRV - [2008/04/13 14:53:34 | 00,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys -- (Ip6Fw [On_Demand | Stopped])
DRV - [2008/04/13 14:51:25 | 00,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nic1394.sys -- (NIC1394 [On_Demand | Running])
DRV - [2008/04/13 14:51:25 | 00,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\arp1394.sys -- (Arp1394 [On_Demand | Running])
DRV - [2008/04/13 14:51:25 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\atmarpc.sys -- (Atmarpc [On_Demand | Stopped])
DRV - [2008/04/13 14:47:37 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbprint.sys -- (usbprint [On_Demand | Stopped])
DRV - [2008/04/13 14:46:18 | 00,061,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394 [Boot | Running])
DRV - [2008/04/13 14:45:39 | 00,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbccgp.sys -- (usbccgp [On_Demand | Stopped])
DRV - [2008/04/13 14:45:38 | 00,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS -- (usbstor [On_Demand | Running])
DRV - [2008/04/13 14:45:37 | 00,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbhub.sys -- (usbhub [On_Demand | Running])
DRV - [2008/04/13 14:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
DRV - [2008/04/13 14:45:35 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbuhci.sys -- (usbuhci [On_Demand | Running])
DRV - [2008/04/13 14:45:34 | 00,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbscan.sys -- (usbscan [On_Demand | Stopped])
DRV - [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/13 14:45:27 | 00,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\hidusb.sys -- (hidusb [On_Demand | Running])
DRV - [2008/04/13 14:45:13 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys -- (drmkaud [On_Demand | Stopped])
DRV - [2008/04/13 14:45:09 | 00,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys -- (kmixer [On_Demand | Stopped])
DRV - [2008/04/13 14:45:09 | 00,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys -- (swmidi [On_Demand | Stopped])
DRV - [2008/04/13 14:45:07 | 00,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys -- (splitter [On_Demand | Stopped])
DRV - [2008/04/13 14:45:01 | 00,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys -- (DMusic [On_Demand | Stopped])
DRV - [2008/04/13 14:44:48 | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmboot.sys -- (dmboot [Disabled | Stopped])
DRV - [2008/04/13 14:44:46 | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio [Boot | Running])
DRV - [2008/04/13 14:44:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave [System | Running])
DRV - [2008/04/13 14:41:01 | 00,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap [Boot | Running])
DRV - [2008/04/13 14:40:58 | 00,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\imapi.sys -- (Imapi [System | Running])
DRV - [2008/04/13 14:40:49 | 00,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr [Boot | Running])
DRV - [2008/04/13 14:40:48 | 00,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy [System | Stopped])
DRV - [2008/04/13 14:40:47 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk [Boot | Running])
DRV - [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\cdrom.sys -- (Cdrom [System | Running])
DRV - [2008/04/13 14:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - [2008/04/13 14:40:27 | 00,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\redbook.sys -- (redbook [System | Running])
DRV - [2008/04/13 14:40:25 | 00,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fdc.sys -- (Fdc [On_Demand | Running])
DRV - [2008/04/13 14:40:25 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\flpydisk.sys -- (Flpydisk [On_Demand | Running])
DRV - [2008/04/13 14:40:10 | 00,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport [On_Demand | Stopped])
DRV - [2008/04/13 14:39:53 | 00,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\swenum.sys -- (swenum [On_Demand | Running])
DRV - [2008/04/13 14:39:52 | 00,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSKSSRV.sys -- (MSKSSRV [On_Demand | Stopped])
DRV - [2008/04/13 14:39:51 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPQM.sys -- (MSPQM [On_Demand | Stopped])
DRV - [2008/04/13 14:39:50 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPCLOCK.sys -- (MSPCLOCK [On_Demand | Stopped])
DRV - [2008/04/13 14:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\kbdhid.sys -- (kbdhid [System | Running])
DRV - [2008/04/13 14:39:47 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\kbdclass.sys -- (Kbdclass [System | Running])
DRV - [2008/04/13 14:39:47 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mouclass.sys -- (Mouclass [System | Running])
DRV - [2008/04/13 14:39:46 | 00,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\update.sys -- (Update [On_Demand | Running])
DRV - [2008/04/13 14:39:46 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr [Boot | Running])
DRV - [2008/04/13 14:36:52 | 00,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr [Boot | Running])
DRV - [2008/04/13 14:36:46 | 00,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mssmbios.sys -- (mssmbios [On_Demand | Running])
DRV - [2008/04/13 14:36:44 | 00,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI [Boot | Running])
DRV - [2008/04/13 14:36:43 | 00,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia [Disabled | Stopped])
DRV - [2008/04/13 14:36:41 | 00,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp [Boot | Running])
DRV - [2008/04/13 14:36:35 | 00,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI [Boot | Running])
DRV - [2008/04/13 14:33:28 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips [System | Running])
DRV - [2008/04/13 14:32:59 | 00,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr [Boot | Running])
DRV - [2008/04/13 14:32:51 | 00,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\rdpdr.sys -- (rdpdr [On_Demand | Running])
DRV - [2008/04/13 14:32:44 | 00,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mrxdav.sys -- (MRxDAV [On_Demand | Running])
DRV - [2008/04/13 14:32:39 | 00,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs [System | Running])
DRV - [2008/04/13 14:32:39 | 00,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs [System | Running])
DRV - [2008/04/13 14:32:36 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs [Disabled | Stopped])
DRV - [2008/04/13 14:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\intelppm.sys -- (intelppm [System | Running])
DRV - [2008/04/13 12:39:23 | 00,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys -- (aec [On_Demand | Stopped])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/07/26 03:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/04/18 09:59:40 | 00,098,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\COMMONFX.DLL -- (COMMONFX.DLL [On_Demand | Running])
DRV - [2007/04/12 09:10:26 | 00,164,608 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CT20XUT.DLL -- (CT20XUT.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:26 | 00,066,816 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTHWIUT.DLL -- (CTHWIUT.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:24 | 01,317,632 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:22 | 00,323,328 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:22 | 00,128,768 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:20 | 00,280,320 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:20 | 00,094,976 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTERFXFX.DLL -- (CTERFXFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:18 | 00,168,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL [On_Demand | Stopped])
DRV - [2007/04/12 09:10:16 | 00,560,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSBLFX.DLL -- (CTSBLFX.DLL [On_Demand | Running])
DRV - [2007/04/12 09:10:16 | 00,546,048 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTAUDFX.DLL -- (CTAUDFX.DLL [On_Demand | Running])
DRV - [2007/04/10 07:00:24 | 00,157,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2007/04/10 06:59:04 | 00,126,760 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2007/04/10 05:32:06 | 00,189,736 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Stopped])
DRV - [2007/04/10 05:31:18 | 00,163,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2007/04/10 05:29:10 | 00,797,992 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2007/04/10 05:28:36 | 00,092,968 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2007/04/10 05:25:46 | 00,014,632 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2007/04/10 05:21:06 | 00,347,128 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2007/04/10 05:20:38 | 00,520,488 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2007/04/10 05:19:30 | 00,511,272 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2006/10/18 21:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV - [2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wudfrd.sys -- (WudfRd [On_Demand | Stopped])
DRV - [2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf [Boot | Running])
DRV - [2006/05/11 12:30:52 | 00,247,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor [Boot | Running])
DRV - [2006/02/09 21:57:46 | 01,502,208 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2005/04/25 19:37:02 | 00,038,528 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\Drivers\tmtdi.sys -- (tmtdi [System | Running])
DRV - [2005/04/25 19:36:02 | 01,884,585 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\Drivers\tm_cfw.sys -- (tm_cfw [Auto | Running])
DRV - [2004/12/13 17:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2004/08/10 07:00:00 | 00,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk [Boot | Running])
DRV - [2004/08/10 07:00:00 | 00,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver [On_Demand | Stopped])
DRV - [2004/08/10 07:00:00 | 00,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
DRV - [2004/08/10 07:00:00 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio [System | Stopped])
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/10 07:00:00 | 00,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\raspti.sys -- (Raspti [On_Demand | Running])
DRV - [2004/08/10 07:00:00 | 00,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k [Disabled | Stopped])
DRV - [2004/08/10 07:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
DRV - [2004/08/10 07:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mouhid.sys -- (mouhid [On_Demand | Running])
DRV - [2004/08/10 07:00:00 | 00,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC [Disabled | Stopped])
DRV - [2004/08/10 07:00:00 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\rasacd.sys -- (RasAcd [System | Running])
DRV - [2004/08/10 07:00:00 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm [Auto | Stopped])
DRV - [2004/08/10 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload [Boot | Running])
DRV - [2004/08/10 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\RDPCDD.sys -- (RDPCDD [System | Running])
DRV - [2004/08/10 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd [System | Running])
DRV - [2004/08/10 07:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
DRV - [2004/08/10 07:00:00 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
DRV - [2004/08/10 04:45:04 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\mhndrv.sys -- (MHNDRV [On_Demand | Stopped])
DRV - [2003/11/17 16:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 16:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003/11/17 16:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2003/04/09 14:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/22 09:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde [Boot | Running])
DRV - [2001/08/17 09:59:44 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\audstub.sys -- (audstub [On_Demand | Running])

========== Modules (All) ==========

MOD - [2009/10/29 15:05:48 | 00,521,728 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
MOD - [2009/09/29 16:30:56 | 00,147,992 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctgmhk.dll
MOD - [2009/06/25 04:25:26 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Secur32.dll
MOD - [2009/04/15 10:51:25 | 00,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\RPCRT4.dll
MOD - [2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
MOD - [2009/02/09 08:10:48 | 00,714,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
MOD - [2009/02/09 08:10:48 | 00,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ADVAPI32.dll
MOD - [2008/10/23 08:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\GDI32.dll
MOD - [2008/06/17 15:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.dll
MOD - [2008/04/14 06:42:06 | 00,985,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SETUPAPI.dll
MOD - [2008/04/13 20:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 20:12:45 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
MOD - [2008/04/13 20:12:09 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmm.dll
MOD - [2008/04/13 20:12:09 | 00,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WLDAP32.dll
MOD - [2008/04/13 20:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\USER32.dll
MOD - [2008/04/13 20:12:08 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\UxTheme.dll
MOD - [2008/04/13 20:12:08 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\version.dll
MOD - [2008/04/13 20:12:05 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SHLWAPI.dll
MOD - [2008/04/13 20:12:04 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SAMLIB.dll
MOD - [2008/04/13 20:12:03 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PSAPI.dll
MOD - [2008/04/13 20:12:02 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ole32.dll
MOD - [2008/04/13 20:12:02 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
MOD - [2008/04/13 20:12:02 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\NTMARTA.DLL
MOD - [2008/04/13 20:12:02 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\olepro32.dll
MOD - [2008/04/13 20:12:01 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcrt.dll
MOD - [2008/04/13 20:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mslbui.dll
MOD - [2008/04/13 20:11:59 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msimg32.dll
MOD - [2008/04/13 20:11:58 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCTF.dll
MOD - [2008/04/13 20:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IMM32.DLL
MOD - [2008/04/13 20:10:06 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msctfime.ime
MOD - [2007/04/09 13:32:30 | 00,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctagent.dll

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-630328440-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1085031214-630328440-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1085031214-630328440-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1085031214-630328440-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1085031214-630328440-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1085031214-630328440-839522115-1007\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1085031214-630328440-839522115-1007\S-1-5-21-1085031214-630328440-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-630328440-839522115-1007\S-1-5-21-1085031214-630328440-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1085031214-630328440-839522115-1007\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1085031214-630328440-839522115-1007\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1085031214-630328440-839522115-1007\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1085031214-630328440-839522115-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe (Trend Micro Incorporated.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1085031214-630328440-839522115-1007..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1085031214-630328440-839522115-1007..\Run: [HijackThis startup scan] K:\HijackThis.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-1085031214-630328440-839522115-1007..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1085031214-630328440-839522115-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-630328440-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-630328440-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-630328440-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-630328440-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1085031214-630328440-839522115-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/19 15:23:05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 07:00:00 | 00,000,110 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/08/30 20:17:12 | 00,048,904 | ---- | M] () - K:\autoruns.chm -- [ FAT32 ]
O32 - AutoRun File - [2009/10/13 10:20:20 | 00,669,032 | ---- | M] (Sysinternals - www.sysinternals.com) - K:\autoruns.exe -- [ FAT32 ]
O32 - AutoRun File - [2009/10/13 10:20:20 | 00,559,976 | ---- | M] (Sysinternals - www.sysinternals.com) - K:\autorunsc.exe -- [ FAT32 ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe -- [2004/08/10 07:00:00 | 01,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/24 16:53:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/24 17:04:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/24 17:04:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/24 17:04:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\PC Tools
[2009/10/24 17:04:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/24 16:53:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/24 17:04:10 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/25 20:55:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/10/25 20:53:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/24 17:04:30 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/10/24 17:04:30 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/10/24 17:04:30 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/10/24 17:04:25 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/24 17:04:22 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/24 17:04:22 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/24 17:04:17 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/10/24 16:53:30 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/24 16:53:28 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2007/04/09 13:32:58 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[4 C:\Documents and Settings\\My Documents\*.tmp files]
[2009/10/29 08:46:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/27 04:11:22 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/10/27 04:11:22 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/10/27 04:11:22 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/10/27 04:11:22 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/10/27 04:11:22 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/10/26 04:56:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/26 04:49:09 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000002-00001102-00000004-20061102}.CDF
[2009/10/26 04:49:09 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000002-00001102-00000004-20061102}.BAK
[2009/10/26 04:45:32 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/26 04:39:12 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/25 20:46:30 | 00,000,000 | R--- | M] () -- C:\WINDOWS\win32k.sys
[2009/10/25 20:45:23 | 05,331,124 | -H-- | M] () -- C:\Documents and Settings\\Local Settings\Application Data\IconCache.db
[2009/10/25 18:13:47 | 00,000,254 | ---- | M] () -- C:\Documents and Settings\\Desktop\Shortcut to OTM.exe.lnk
[2009/10/25 16:50:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 17:04:20 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/24 15:57:12 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/23 04:57:20 | 00,000,092 | ---- | M] () -- C:\Documents and Settings\\Desktop\registry.reg
[2009/10/21 17:21:27 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel Photo Album 6.lnk
[2009/10/16 19:00:35 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/16 04:11:39 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/16 04:11:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/15 18:38:34 | 00,000,058 | ---- | M] () -- C:\WINDOWS\wp4.dat
[2009/10/15 18:38:34 | 00,000,003 | ---- | M] () -- C:\WINDOWS\wp3.dat
[2009/10/15 18:00:04 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/14 22:46:34 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\ \Desktop\New Microsoft Word Document.doc
[2009/10/13 19:48:13 | 00,064,000 | ---- | M] () -- C:\Documents and C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/08 11:31:46 | 00,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/10/08 11:31:44 | 01,636,304 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/10/08 11:31:44 | 00,165,840 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/10/08 11:31:14 | 00,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/06 19:12:06 | 00,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/10/06 16:31:30 | 00,087,784 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/03 08:40:16 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/02 14:19:04 | 01,152,470 | ---- | M] () -- C:\WINDOWS\UDB.zip
[2009/10/02 14:01:57 | 25,198,016 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 14:43:50 | 00,000,880 | ---- | M] () -- C:\WINDOWS\RegISSImport.xml
[2009/10/01 14:43:26 | 00,000,882 | ---- | M] () -- C:\WINDOWS\RegSDImport.xml


========== Files - No Company Name ==========
[2009/10/25 20:53:31 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/25 20:53:31 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/25 18:13:47 | 00,000,254 | ---- | C] () -- C:\Documents and Settings\\Desktop\Shortcut to OTM.exe.lnk
[2009/10/24 17:04:31 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/10/24 17:04:30 | 01,152,470 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/10/24 17:04:30 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/10/24 17:04:30 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/10/24 17:04:30 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/10/24 17:04:25 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/10/24 17:04:22 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/10/24 17:04:22 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/24 17:04:20 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/10/24 17:04:17 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/10/24 16:53:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/23 04:57:20 | 00,000,092 | ---- | C] () -- C:\Documents and Settings\\Desktop\registry.reg
[2009/10/21 18:52:57 | 00,031,056 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/10/21 18:52:57 | 00,031,056 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/10/21 18:52:57 | 00,030,528 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/10/21 18:52:57 | 00,030,528 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/10/21 18:52:57 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000004-20061102}.rfx
[2009/10/15 15:50:29 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wp4.dat
[2009/10/15 15:50:29 | 00,000,003 | ---- | C] () -- C:\WINDOWS\wp3.dat
[2009/10/15 14:10:16 | 00,000,000 | R--- | C] () -- C:\WINDOWS\win32k.sys
[2009/10/03 08:40:16 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/10 18:07:58 | 00,000,032 | ---- | C] () -- C:\WINDOWS\VivaMedia.ini
[2009/03/01 23:31:52 | 05,331,124 | -H-- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\IconCache.db
[2009/03/01 09:58:27 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/13 07:45:14 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\fusioncache.dat
[2009/01/26 10:25:22 | 00,000,466 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2009/01/25 09:14:14 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\\Application Data\$_hpcst$.hpc
[2009/01/21 10:16:21 | 00,000,403 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/01/19 21:09:03 | 00,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/01/19 18:54:49 | 00,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2009/01/19 18:31:32 | 00,021,824 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/19 18:12:59 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/19 18:07:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\\Application Data\desktop.ini
[2009/01/19 16:24:57 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/01/19 16:24:57 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/01/19 16:24:30 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/01/19 16:24:29 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/01/19 16:24:27 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/01/19 16:21:59 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/19 15:50:07 | 00,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2009/01/19 15:50:06 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2009/01/19 15:50:06 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2009/01/19 15:50:05 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2009/01/19 15:50:05 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2009/01/19 15:50:05 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2009/01/19 15:50:04 | 01,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2009/01/19 15:50:04 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2009/01/19 15:50:04 | 00,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2009/01/19 15:50:03 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2009/01/19 15:50:03 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2009/01/19 15:50:03 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2009/01/19 15:50:01 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2009/01/19 15:50:01 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2009/01/19 15:50:01 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2009/01/19 15:49:58 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2009/01/19 15:49:58 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2009/01/19 15:49:57 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2009/01/19 15:49:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2009/01/19 10:12:53 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/02/05 14:28:20 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\setup.txt
[2007/04/12 09:10:28 | 00,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 13:55:14 | 00,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 13:55:14 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 13:33:50 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/10/02 10:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/16 11:17:16 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/08/10 07:00:00 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[2004/08/10 07:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



Here is the extras.txt log:

OTL Extras logfile created on: 10/29/2009 3:07:01 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = K:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.08 Mb Total Physical Memory | 616.76 Mb Available Physical Memory | 60.34% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.07 Gb Total Space | 82.87 Gb Free Space | 77.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 37.00 Gb Total Space | 0.83 Gb Free Space | 2.25% Space Free | Partition Type: NTFS
Drive I: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 3.77 Gb Total Space | 3.70 Gb Free Space | 98.05% Space Free | Partition Type: FAT32

Computer Name: -70E859EF0
Current User Name:
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.DLL (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}" = Trend Micro PC-cillin Internet Security 12
"{777AD08E-B32A-4456-AFE1-094DBECEB268}" = Intel® Network Connections 13.5.32.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B3EF1460-CCF9-11D4-B231-0050DACD394D}" = Disney's Winnie the Pooh Kindergarten
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo UWF
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"Alphabet Express" = Alphabet Express
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Browser Defender_is1" = Browser Defender 2.0.6.10
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Clickables Online" = Clickables Online
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CSCLIB" = Canon Camera Support Core Library
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"EOS Utility" = Canon Utilities EOS Utility
"FPFarm" = Fisher-Price® - Discovery Farm
"Google Updater" = Google Updater
"Hearing Music" = Hearing Music
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo: Nemo's Underwater World of Fun
"JumpStart PreSchool" = JumpStart PreSchool
"Little People® Discovery Airport" = Little People® Discovery Airport
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Spyware Doctor" = Spyware Doctor 7.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-630328440-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2009 6:34:19 PM | Computer Name = -70E859EF0 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module b3f748e8.x86.dll, version 0.0.0.0, fault address 0x00004182.

Error - 10/15/2009 6:35:03 PM | Computer Name = -70E859EF0 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/15/2009 6:35:05 PM | Computer Name = -70E859EF0 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/16/2009 5:17:08 AM | Computer Name = -70E859EF0 | Source = Media Center Phone Service | ID = 8
Description = Initializing the telephony service failed with error 0x80040005.

Error - 10/16/2009 6:59:46 PM | Computer Name = -70E859EF0 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/16/2009 6:59:46 PM | Computer Name = -70E859EF0 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\evregistrar.cpp(213),
hr = 80040206: Failed to CoCreate EventSystem objec

Error - 10/18/2009 11:26:17 AM | Computer Name = -70E859EF0 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/18/2009 11:26:17 AM | Computer Name = -70E859EF0 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\evregistrar.cpp(213),
hr = 80040206: Failed to CoCreate EventSystem objec

Error - 10/25/2009 7:53:40 PM | Computer Name = -70E859EF0 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 00000000. The machine must now be restarted.

Error - 10/25/2009 8:14:39 PM | Computer Name = -70E859EF0 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 00000000. The machine must now be restarted.

[ System Events ]
Error - 10/26/2009 4:37:48 AM | Computer Name = -70E859EF0 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Spyware Doctor\SDContextExt32.dll.
Reference
error message: The operation completed successfully. .

Error - 10/27/2009 4:12:16 AM | Computer Name = -70E859EF0 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/27/2009 4:12:16 AM | Computer Name = -70E859EF0 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 10/27/2009 4:12:16 AM | Computer Name = -70E859EF0 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Spyware Doctor\SDContextExt32.dll.
Reference
error message: The operation completed successfully. .

Error - 10/29/2009 7:36:01 AM | Computer Name = -70E859EF0 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/29/2009 7:36:01 AM | Computer Name = -70E859EF0 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 10/29/2009 7:36:01 AM | Computer Name = -70E859EF0 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Spyware Doctor\SDContextExt32.dll.
Reference
error message: The operation completed successfully. .

Error - 10/29/2009 8:46:43 AM | Computer Name = -70E859EF0 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/29/2009 8:46:43 AM | Computer Name = -70E859EF0 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 10/29/2009 8:46:43 AM | Computer Name = -70E859EF0 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Spyware Doctor\SDContextExt32.dll.
Reference
error message: The operation completed successfully. .


< End of report >

So, I’ve gotten a little more security conscious as a part of this exercise and reviewed the logs before posting, to remove my name. The first file I found I replaced within this log, in all caps, indicating as such. Then I searched for my name and removed from the word doc I am editing now. Removed a couple of word docs i worked on over the preceding days of virus attack, which were work and/or personal, which i know what they were.

Not trying to be a git here, actually trying to take some of these extra steps I have been lax in doing.

Also, please let me know if you want me to attach the logs as files or copy the log as I am doing here...would prefer your preference.

Thank you!!!

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:52 AM

Posted 29 October 2009 - 05:15 PM

Copy and paste is preferred. Thanks.

I guess the ComboFix log was removed. It could have given us insight right away to the kind of initial infection. Often for us it is much easier to clean an infected computer than a relatively cleaned computer as we don't know any more what was on it. Each infection has its own behavior. But good news is that I might have spotted the issue.
  • Download Win32kDiag from any of the following locations and save it directly on your flash drive. Don't put it in a folder.
  • Download and run the attached file. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please post the contents here. If you couldn't copy the file to your flash drive see if you can do it after rebooting the next step. Otherwise tell me about it and I'll show you how to do it.

  • Reboot the computer.

  • Run querySvc.exe once more and post the log please.


#7 IditoUser

IditoUser
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 29 October 2009 - 06:16 PM

Okay, did all was said for win32kdiag, loaded to stick, ran on pc; at the end is said "Finished! Press any key to exit" I did so, but no file was saved to the stick.

I rebooted, ran it again off of the stick; no log.

Should I run query?

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:52 AM

Posted 29 October 2009 - 06:18 PM

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please post the contents here



#9 IditoUser

IditoUser
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 29 October 2009 - 06:50 PM

Ugg

Slaps head

Lives up to username

Posts log from win32...

Running from: K:\Win32kDiag.exe

Log file at : C:\Documents and Settings\Brian\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-10 07:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-10-02 14:01:57 25198016 C:\WINDOWS\system32\MRT.exe ()



Cannot access: C:\WINDOWS\system32\svchost.exe

[1] 2004-08-10 07:00:00 14336 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:36 14336 C:\WINDOWS\ServicePackFiles\i386\svchost.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:36 14336 C:\WINDOWS\system32\svchost.exe ()





Finished!




Ran Query:

------ REGISTRY:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
- HTTPFilter - HTTPFilter
- LocalService - Alerter, WebClient, LmHosts, RemoteRegistry, upnphost, SSDPSRV
- NetworkService - DnsCache
- DcomLaunch - DcomLaunch, TermService
- rpcss - RpcSs
- imgsvc - StiSvc
- termsvcs - TermService
- eapsvcs - eaphost
- dot3svc - dot3svc
- WudfServiceGroup - WUDFSvc
- netsvcs - 6to4, AppMgmt, AudioSrv, Browser, CryptSvc, DMServer, DHCP, ERSvc, EventSystem, FastUserSwitchingCompatibility, HidServ, Ias, Iprip, Irmon, LanmanServer, LanmanWorkstation, Messenger, Netman, Nla, Ntmssvc, NWCWorkstation, Nwsapagent, Rasauto, Rasman, Remoteaccess, Schedule, Seclogon, SENS, Sharedaccess, SRService, Tapisrv, Themes, TrkWks, W32Time, WZCSVC, Wmi, WmdmPmSp, winmgmt, wscsvc, xmlprov, MHN, BITS, wuauserv, ShellHWDetection, helpsvc, WmdmPmSN, napagent, hkmsvc


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 8 (0x8)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc
AuthenticationCapabilities REG_DWORD 12320 (0x3020)
CoInitializeSecurityParam REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs
AuthenticationCapabilities REG_DWORD 12320 (0x3020)
CoInitializeSecurityParam REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 8192 (0x2000)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 12320 (0x3020)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
CoInitializeSecurityParam REG_DWORD 2 (0x2)
AuthenticationCapabilities REG_DWORD 64 (0x40)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 8 (0x8)


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

------ SVCHOST SERVICES NOT RUNNING

STOPPED: AUTO_START: AudioSrv : Windows Audio
STOPPED: AUTO_START: BITS : Background Intelligent Transfer Service
STOPPED: AUTO_START: Browser : Computer Browser
STOPPED: AUTO_START: CryptSvc : CryptSvc
STOPPED: AUTO_START: DcomLaunch : DCOM Server Process Launcher
STOPPED: AUTO_START: Dhcp : DHCP Client
STOPPED: AUTO_START: dmserver : Logical Disk Manager
STOPPED: AUTO_START: Dnscache : DNS Client
STOPPED: AUTO_START: ERSvc : Error Reporting Service
STOPPED: AUTO_START: helpsvc : Help and Support
STOPPED: AUTO_START: lanmanserver : Server
STOPPED: AUTO_START: lanmanworkstation : Workstation
STOPPED: AUTO_START: LmHosts : TCP/IP NetBIOS Helper
STOPPED: AUTO_START: RemoteRegistry : Remote Registry
STOPPED: AUTO_START: RpcSs : Remote Procedure Call (RPC)
STOPPED: AUTO_START: Schedule : Task Scheduler
STOPPED: AUTO_START: seclogon : Secondary Logon
STOPPED: AUTO_START: SENS : System Event Notification
STOPPED: AUTO_START: SharedAccess : Windows Firewall/Internet Connection Sharing (ICS)
STOPPED: AUTO_START: ShellHWDetection : Shell Hardware Detection
STOPPED: AUTO_START: srservice : System Restore Service
STOPPED: AUTO_START: SSDPSRV : SSDP Discovery Service
STOPPED: AUTO_START: stisvc : Windows Image Acquisition (WIA)
STOPPED: AUTO_START: Themes : Themes
STOPPED: AUTO_START: TrkWks : Distributed Link Tracking Client
STOPPED: AUTO_START: W32Time : Windows Time
STOPPED: AUTO_START: WebClient : WebClient
STOPPED: AUTO_START: winmgmt : Windows Management Instrumentation
STOPPED: AUTO_START: wscsvc : Security Center
STOPPED: AUTO_START: wuauserv : Automatic Updates
STOPPED: AUTO_START: WudfSvc : Windows Driver Foundation - User-mode Driver Framework
STOPPED: AUTO_START: WZCSVC : Wireless Zero Configuration
STOPPED: DEMAND_START: AppMgmt : Application Management
STOPPED: DEMAND_START: Dot3svc : Wired AutoConfig
STOPPED: DEMAND_START: EapHost : Extensible Authentication Protocol Service
STOPPED: DEMAND_START: EventSystem : COM+ Event System
STOPPED: DEMAND_START: FastUserSwitchingCompatibility : Fast User Switching Compatibility
STOPPED: DEMAND_START: hkmsvc : Health Key and Certificate Management Service
STOPPED: DEMAND_START: HTTPFilter : HTTP SSL
STOPPED: DEMAND_START: MHN : MHN
STOPPED: DEMAND_START: napagent : Network Access Protection Agent
STOPPED: DEMAND_START: Netman : Network Connections
STOPPED: DEMAND_START: Nla : Network Location Awareness (NLA)
STOPPED: DEMAND_START: NtmsSvc : Removable Storage
STOPPED: DEMAND_START: RasAuto : Remote Access Auto Connection Manager
STOPPED: DEMAND_START: RasMan : Remote Access Connection Manager
STOPPED: DEMAND_START: TapiSrv : Telephony
STOPPED: DEMAND_START: TermService : Terminal Services
STOPPED: DEMAND_START: upnphost : Universal Plug and Play Device Host
STOPPED: DEMAND_START: WmdmPmSN : Portable Media Serial Number Service
STOPPED: DEMAND_START: Wmi : Windows Management Instrumentation Driver Extensions
STOPPED: DEMAND_START: xmlprov : Network Provisioning Service
STOPPED: DISABLED: Alerter : Alerter
STOPPED: DISABLED: HidServ : Human Interface Device Access
STOPPED: DISABLED: Messenger : Messenger
STOPPED: DISABLED: RemoteAccess : Routing and Remote Access

------ SVCHOST CURRENTLY RUNNING:

------ SVCHOST SUB-DEPENDENTS

HTTPFilter = 1
STOPPED: WMPNetworkSvc: Windows Media Player Network Sharing Service

upnphost = 1
STOPPED: WMPNetworkSvc: Windows Media Player Network Sharing Service

SSDPSRV = 4
STOPPED: CCALib8: Canon Camera Access Library 8
STOPPED: McrdSvc: Media Center Extender Service
STOPPED: upnphost: Universal Plug and Play Device Host
STOPPED: WMPNetworkSvc: Windows Media Player Network Sharing Service

DMServer = 1
STOPPED: dmadmin: Logical Disk Manager Administrative Service

EventSystem = 1
STOPPED: SENS: System Event Notification

LanmanServer = 1
STOPPED: Browser: Computer Browser

LanmanWorkstation = 5
STOPPED: Alerter: Alerter
STOPPED: Browser: Computer Browser
STOPPED: Messenger: Messenger
STOPPED: Netlogon: Net Logon
STOPPED: RpcLocator: Remote Procedure Call (RPC) Locator

Netman = 1
STOPPED: SharedAccess: Windows Firewall/Internet Connection Sharing (ICS)

Rasman = 2
STOPPED: RasAuto: Remote Access Auto Connection Manager
STOPPED: TmPfw: Trend Micro Personal Firewall

Tapisrv = 3
STOPPED: RasAuto: Remote Access Auto Connection Manager
STOPPED: RasMan: Remote Access Connection Manager
STOPPED: TmPfw: Trend Micro Personal Firewall

winmgmt = 2
STOPPED: SharedAccess: Windows Firewall/Internet Connection Sharing (ICS)
STOPPED: wscsvc: Security Center

TermService = 1
STOPPED: FastUserSwitchingCompatibility: Fast User Switching Compatibility

RpcSs = 64
STOPPED: AudioSrv: Windows Audio
STOPPED: BITS: Background Intelligent Transfer Service
STOPPED: Browser Defender Update Service: Browser Defender Update Service
STOPPED: CCALib8: Canon Camera Access Library 8
STOPPED: CiSvc: Indexing Service
STOPPED: COMSysApp: COM+ System Application
STOPPED: CryptSvc: CryptSvc
STOPPED: dmadmin: Logical Disk Manager Administrative Service
STOPPED: dmserver: Logical Disk Manager
STOPPED: Dot3svc: Wired AutoConfig
STOPPED: EapHost: Extensible Authentication Protocol Service
STOPPED: ehRecvr: Media Center Receiver Service
STOPPED: ehSched: Media Center Scheduler Service
STOPPED: ERSvc: Error Reporting Service
STOPPED: EventSystem: COM+ Event System
STOPPED: FastUserSwitchingCompatibility: Fast User Switching Compatibility
STOPPED: gupdate1c98fc134283962: Google Update Service (gupdate1c98fc134283962)
STOPPED: gusvc: Google Software Updater
STOPPED: helpsvc: Help and Support
STOPPED: HidServ: Human Interface Device Access
STOPPED: hkmsvc: Health Key and Certificate Management Service
STOPPED: IISADMIN: IIS Admin
STOPPED: iPod Service: iPod Service
STOPPED: LPDSVC: TCP/IP Print Server
STOPPED: McrdSvc: Media Center Extender Service
STOPPED: MDM: Machine Debug Manager
STOPPED: Messenger: Messenger
STOPPED: MHN: MHN
STOPPED: MSDTC: Distributed Transaction Coordinator
STOPPED: MSIServer: Windows Installer
STOPPED: napagent: Network Access Protection Agent
STOPPED: Netman: Network Connections
STOPPED: NtmsSvc: Removable Storage
STOPPED: PcCtlCom: Trend Micro Central Control Component
STOPPED: PolicyAgent: IPSEC Services
STOPPED: ProtectedStorage: Protected Storage
STOPPED: RasAuto: Remote Access Auto Connection Manager
STOPPED: RasMan: Remote Access Connection Manager
STOPPED: RDSessMgr: Remote Desktop Help Session Manager
STOPPED: RemoteAccess: Routing and Remote Access
STOPPED: RemoteRegistry: Remote Registry
STOPPED: RSVP: QoS RSVP
STOPPED: SamSs: Security Accounts Manager
STOPPED: Schedule: Task Scheduler
STOPPED: SENS: System Event Notification
STOPPED: SharedAccess: Windows Firewall/Internet Connection Sharing (ICS)
STOPPED: ShellHWDetection: Shell Hardware Detection
STOPPED: SMTPSVC: Simple Mail Transfer Protocol (SMTP)
STOPPED: Spooler: Print Spooler
STOPPED: srservice: System Restore Service
STOPPED: stisvc: Windows Image Acquisition (WIA)
STOPPED: SwPrv: MS Software Shadow Copy Provider
STOPPED: TapiSrv: Telephony
STOPPED: TermService: Terminal Services
STOPPED: TlntSvr: Telnet
STOPPED: TmPfw: Trend Micro Personal Firewall
STOPPED: TrkWks: Distributed Link Tracking Client
STOPPED: VSS: Volume Shadow Copy
STOPPED: W3SVC: World Wide Web Publishing
STOPPED: winmgmt: Windows Management Instrumentation
STOPPED: WmiApSrv: WMI Performance Adapter
STOPPED: wscsvc: Security Center
STOPPED: WZCSVC: Wireless Zero Configuration
STOPPED: xmlprov: Network Provisioning Service

StiSvc = 1
STOPPED: CCALib8: Canon Camera Access Library 8

TermService = 1
STOPPED: FastUserSwitchingCompatibility: Fast User Switching Compatibility

eaphost = 1
STOPPED: Dot3svc: Wired AutoConfig

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:52 AM

Posted 29 October 2009 - 07:08 PM

  • Please do the following:
    • Download this tool and save it to the flash drive: http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe
    • Go to Start => Run => Copy and paste or type the following line in the run box and click OK:

      "k:\inherit.exe" "C:\WINDOWS\system32\svchost.exe"

      Note: There is a space between "k:\inherit.exe" and "C:\WINDOWS\system32\svchost.exe"
    • If you get a security warning select Run.
    • You will get a "Finish" popup. Click OK.
  • Reboot the computer and run the querySvc.exe once more. Post the log please.


#11 IditoUser

IditoUser
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 30 October 2009 - 01:19 AM

Did as instructed, when I select Okay in the run box, the box attempts to run, but instead closes and nothing happens.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:52 AM

Posted 30 October 2009 - 05:48 AM

Go to start > Run copy/paste the following line in the run box and click OK.

k:\win32kdiag.exe -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop.

First reboot then post the log here.

#13 IditoUser

IditoUser
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 30 October 2009 - 05:53 AM

Okay, I think I got it: ran the log, copied it, then rebooted? I'm hoping so:

Running from: k:\Win32kDiag.exe

Log file at : C:\Documents and Settings\Brian\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Cannot access: C:\WINDOWS\system32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\system32\MRT.exe

Cannot access: C:\WINDOWS\system32\svchost.exe

Attempting to restore permissions of : C:\WINDOWS\system32\svchost.exe



Finished!

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:52 AM

Posted 30 October 2009 - 05:57 AM

Well done. :(

Please repeat the step once more.

#15 IditoUser

IditoUser
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 30 October 2009 - 07:49 AM

Okay, Win32diag log:

Running from: k:\Win32kDiag.exe

Log file at : C:\Documents and Settings\Brian\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users