Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image - f521c00e1.dll


  • This topic is locked This topic is locked
26 replies to this topic

#1 sfrewins

sfrewins

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 03 January 2010 - 08:12 AM

Hi Everyone,

Thanks for taking a look at this.

I started getting this popup on bootup a few days ago.

f521c00e1.dll - Bad image
The application or DLL c:\documents and settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e1.dll is not a valid Windows image. Please check this against you installation diskette.

Adaware no longer runs or downloads updates, which may be unrelated, but made me suspicious this might be something to worry about.

I have no installation diskette.

Thanks for your time and trouble in having a look at this.


Simon


hijackthis log is: (rootrepeal log follows)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:10, on 03/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\mspaint.exe
C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WAB] C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e19.exe
O4 - HKUS\S-1-5-21-1777509275-7026196-927476729-1006\..\Run: [rundll32.exe] (User '?')
O4 - HKUS\S-1-5-21-1777509275-7026196-927476729-1006\..\Run: [WAB] C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e19.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7268 bytes


rootrepeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/03 13:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xF79FE000 Size: 23552 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF76E7000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF7B52000 Size: 11648 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xF7650000 Size: 101888 File Visible: - Signed: -
Status: -

Name: aeaudio.sys
Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF7C4A000 Size: 4384 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF1DCB000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7836000 Size: 42368 File Visible: - Signed: -
Status: -

Name: agpCPQ.sys
Image Path: agpCPQ.sys
Address: 0xF7866000 Size: 44928 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Address: 0xF7253000 Size: 1205216 File Visible: - Signed: -
Status: -

Name: aha154x.sys
Image Path: aha154x.sys
Address: 0xF7B5A000 Size: 12800 File Visible: - Signed: -
Status: -

Name: aic78u2.sys
Image Path: aic78u2.sys
Address: 0xF7796000 Size: 55168 File Visible: - Signed: -
Status: -

Name: aic78xx.sys
Image Path: aic78xx.sys
Address: 0xF7766000 Size: 56960 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xF7C3A000 Size: 5248 File Visible: - Signed: -
Status: -

Name: alim1541.sys
Image Path: alim1541.sys
Address: 0xF7846000 Size: 42752 File Visible: - Signed: -
Status: -

Name: amdagp.sys
Image Path: amdagp.sys
Address: 0xF7856000 Size: 43008 File Visible: - Signed: -
Status: -

Name: amsint.sys
Image Path: amsint.sys
Address: 0xF7B66000 Size: 12032 File Visible: - Signed: -
Status: -

Name: Apfiltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Address: 0xF715E000 Size: 91712 File Visible: - Signed: -
Status: -

Name: asc.sys
Image Path: asc.sys
Address: 0xF79CE000 Size: 26496 File Visible: - Signed: -
Status: -

Name: asc3350p.sys
Image Path: asc3350p.sys
Address: 0xF7A06000 Size: 22400 File Visible: - Signed: -
Status: -

Name: asc3550.sys
Image Path: asc3550.sys
Address: 0xF7B6A000 Size: 14848 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7669000 Size: 96512 File Visible: - Signed: -
Status: -

Name: atksgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atksgt.sys
Address: 0xF195F000 Size: 165376 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7DB7000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF7B4E000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7C5E000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7B46000 Size: 12288 File Visible: - Signed: -
Status: -

Name: btkrnl.sys
Image Path: C:\WINDOWS\system32\DRIVERS\btkrnl.sys
Address: 0xF701A000 Size: 1326304 File Visible: - Signed: -
Status: -

Name: cbidf2k.sys
Image Path: cbidf2k.sys
Address: 0xF7B72000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cd20xrnt.sys
Image Path: cd20xrnt.sys
Address: 0xF7C44000 Size: 7680 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF748F000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7896000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF77F6000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF7BEE000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cmdide.sys
Image Path: cmdide.sys
Address: 0xF7C3C000 Size: 6656 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7B4A000 Size: 10240 File Visible: - Signed: -
Status: -

Name: cpqarray.sys
Image Path: cpqarray.sys
Address: 0xF7B56000 Size: 14976 File Visible: - Signed: -
Status: -

Name: dac2w2k.sys
Image Path: dac2w2k.sys
Address: 0xF7624000 Size: 179584 File Visible: - Signed: -
Status: -

Name: dac960nt.sys
Image Path: dac960nt.sys
Address: 0xF7B62000 Size: 14720 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF77E6000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dpti2o.sys
Image Path: dpti2o.sys
Address: 0xF7A0E000 Size: 20192 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF78B6000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF1CC8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C72000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF74CB000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7D4B000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF74AF000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7604000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7C5A000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7699000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF7A8E000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 81152 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7A5E000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hpn.sys
Image Path: hpn.sys
Address: 0xF7A1E000 Size: 25952 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xF18F6000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF74C7000 Size: 8576 File Visible: - Signed: -
Status: -

Name: i2omp.sys
Image Path: i2omp.sys
Address: 0xF79DE000 Size: 18560 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF78C6000 Size: 52480 File Visible: - Signed: -
Status: -

Name: ini910u.sys
Image Path: ini910u.sys
Address: 0xF7B6E000 Size: 16000 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7C42000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF7886000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF1EAA000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7736000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7ADE000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7C36000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xF130D000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF737A000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF75DB000 Size: 92928 File Visible: - Signed: -
Status: -

Name: lirsgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lirsgt.sys
Address: 0xF7A4E000 Size: 18048 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7C62000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7AA6000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7AEE000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7746000 Size: 42368 File Visible: - Signed: -
Status: -

Name: MpFirewall.sys
Image Path: C:\WINDOWS\System32\Drivers\MpFirewall.sys
Address: 0xF1E15000 Size: 80640 File Visible: - Signed: -
Status: -

Name: mraid35x.sys
Image Path: mraid35x.sys
Address: 0xF79D6000 Size: 17280 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF1CE0000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7A76000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7966000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7C22000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7507000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7521000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7C0E000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF7003000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7916000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7986000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF1DED000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7A86000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF754E000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7DEC000 Size: 2944 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7CFF000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF79BE000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF76D6000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7CFE000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF79B6000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF76B8000 Size: 120192 File Visible: - Signed: -
Status: -

Name: perc2.sys
Image Path: perc2.sys
Address: 0xF7A16000 Size: 27296 File Visible: - Signed: -
Status: -

Name: perc2hib.sys
Image Path: perc2hib.sys
Address: 0xF7C46000 Size: 5504 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF7199000 Size: 147456 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7B26000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7806000 Size: 36320 File Visible: - Signed: -
Status: -

Name: ql1080.sys
Image Path: ql1080.sys
Address: 0xF77B6000 Size: 40320 File Visible: - Signed: -
Status: -

Name: ql10wnt.sys
Image Path: ql10wnt.sys
Address: 0xF7776000 Size: 33152 File Visible: - Signed: -
Status: -

Name: ql12160.sys
Image Path: ql12160.sys
Address: 0xF77D6000 Size: 45312 File Visible: - Signed: -
Status: -

Name: ql1240.sys
Image Path: ql1240.sys
Address: 0xF7786000 Size: 40448 File Visible: - Signed: -
Status: -

Name: ql1280.sys
Image Path: ql1280.sys
Address: 0xF77C6000 Size: 49024 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7406000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF78D6000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF78E6000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF78F6000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7B36000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF1DA0000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7C66000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF78A6000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF13D0000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF7681000 Size: 98304 File Visible: - Signed: -
Status: -

Name: SISAGPX.sys
Image Path: SISAGPX.sys
Address: 0xF7816000 Size: 36992 File Visible: - Signed: -
Status: -

Name: sisgrp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sisgrp.sys
Address: 0xF73B1000 Size: 216320 File Visible: - Signed: -
Status: -

Name: SiSGRV.dll
Image Path: C:\WINDOWS\System32\SiSGRV.dll
Address: 0xBF012000 Size: 1138688 File Visible: - Signed: -
Status: -

Name: sisnic.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sisnic.sys
Address: 0xF7ACE000 Size: 32256 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xF71BD000 Size: 612352 File Visible: - Signed: -
Status: -

Name: sparrow.sys
Image Path: sparrow.sys
Address: 0xF79C6000 Size: 19072 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF75F2000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srvkp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srvkp.sys
Address: 0xF73EE000 Size: 12160 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7C50000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sym_hi.sys
Image Path: sym_hi.sys
Address: 0xF79EE000 Size: 28384 File Visible: - Signed: -
Status: -

Name: sym_u3.sys
Image Path: sym_u3.sys
Address: 0xF79F6000 Size: 30688 File Visible: - Signed: -
Status: -

Name: symc810.sys
Image Path: symc810.sys
Address: 0xF7B5E000 Size: 16256 File Visible: - Signed: -
Status: -

Name: symc8xx.sys
Image Path: symc8xx.sys
Address: 0xF79E6000 Size: 32640 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF6F35000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF1E51000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7B16000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7906000 Size: 40704 File Visible: - Signed: -
Status: -

Name: toside.sys
Image Path: toside.sys
Address: 0xF7C3E000 Size: 4992 File Visible: - Signed: -
Status: -

Name: ultra.sys
Image Path: ultra.sys
Address: 0xF77A6000 Size: 36736 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6FA5000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7C56000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7AC6000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7956000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF7ABE000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF7175000 Size: 147456 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7A66000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaagp.sys
Image Path: viaagp.sys
Address: 0xF7826000 Size: 42240 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7C40000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF739D000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7756000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF7976000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7AE6000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xF17C9000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7C38000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:53 PM

Posted 11 January 2010 - 11:13 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:53 PM

Posted 16 January 2010 - 10:58 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:53 PM

Posted 17 January 2010 - 08:19 AM

Hi,

topic reopened please post your logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 sfrewins

sfrewins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 18 January 2010 - 08:20 AM

Here are the OTL and extras logs. Many thanks for your help.

Simon


OTL.txt log:

OTL logfile created on: 17/01/2010 13:09:50 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Simon Eriksson\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

445.00 Mb Total Physical Memory | 89.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.92 Gb Total Space | 2.71 Gb Free Space | 10.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJD44061
Current User Name: Simon Eriksson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/17 13:08:47 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\OTL.exe
PRC - [2009/12/09 23:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/08/23 11:27:24 | 00,521,736 | ---- | M] () -- C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/24 13:00:28 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe


========== Modules (SafeList) ==========

MOD - [2010/01/17 13:08:47 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MySql)
SRV - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/06 00:00:00 | 00,024,640 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/30 07:58:40 | 00,183,280 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/03 18:53:38 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9862bd0c09d80) Google Update Service (gupdate1c9862bd0c09d80)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/11/30 11:18:51 | 00,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\spupdsvc.exe -- (spupdsvc)
SRV - [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/03/26 12:06:24 | 00,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2005/11/11 16:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) [Disabled | Stopped] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/08/24 13:00:28 | 00,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/10 11:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) [Disabled | Stopped] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)
SRV - [2005/07/01 19:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/14 16:04:00 | 00,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys -- (atksgt)
DRV - [2009/07/14 16:03:59 | 00,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys -- (lirsgt)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/02/23 02:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/04/03 14:12:42 | 00,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmaCDriverV32.sys -- (WmaCDriverV32)
DRV - [2005/11/11 16:43:52 | 00,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/08/24 12:53:46 | 00,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btaudio.sys -- (btaudio)
DRV - [2005/08/24 12:51:10 | 01,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - [2005/08/24 12:49:12 | 00,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys -- (BTDriver)
DRV - [2005/08/24 12:45:46 | 00,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/08/10 11:22:10 | 00,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/27 18:33:50 | 00,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Simon Eriksson\Local Settings\Temp\adxapie.sys -- (adxapie)
DRV - [2004/06/10 16:56:24 | 00,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srvkp.sys -- (SiSkp)
DRV - [2004/06/10 16:56:16 | 00,216,320 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisgrp.sys -- (SiS315)
DRV - [2004/04/06 14:48:50 | 00,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisnic.sys -- (SISNIC)
DRV - [2004/03/29 15:04:42 | 00,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/03/24 09:12:44 | 00,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/19 14:41:18 | 01,205,292 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/08/21 18:25:52 | 00,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/07/18 08:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel®
DRV - [2000/07/17 12:04:38 | 00,430,336 | ---- | M] (Eastman Kodak Company.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dc31vid.sys -- (KodakPPCAM)
DRV - [2000/07/14 08:53:06 | 00,028,669 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DC31Bulk.sys -- (PA7333I)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\S-1-5-21-1777509275-7026196-927476729-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\S-1-5-21-1777509275-7026196-927476729-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.gmail.com/"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.4
FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0
FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.6.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 5\components [2009/11/15 19:52:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 5\plugins [2009/11/15 19:52:02 | 00,000,000 | ---D | M]

[2009/10/27 21:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Extensions
[2009/02/16 13:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/10/27 21:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/23 19:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions
[2009/11/23 19:57:43 | 00,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
[2009/11/15 20:12:53 | 00,000,000 | ---D | M] (Property Bee) -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
[2009/11/23 19:57:44 | 00,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2009/11/15 19:57:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\firebug@software.joehewitt.com
[2009/11/15 19:59:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\piclens@cooliris.com

O1 HOSTS File: ([2004/08/04 04:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-1777509275-7026196-927476729-1006\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1777509275-7026196-927476729-1006..\Run: [rundll32.exe] File not found
O4 - HKU\S-1-5-21-1777509275-7026196-927476729-1006..\Run: [WAB] C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e19.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\SYSTEM32\sdra64.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\Simon Eriksson\Desktop\HappyFathersDay&Lizard.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\1\Command - "" = Recycled.exe
O33 - MountPoints2\F\Shell\2\Command - "" = Recycled.exe
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/11 12:52:38 | 00,000,000 | ---D | C] -- C:\Program Files\thinkbroadband.com
[2010/01/11 12:50:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Downloaded Installations
[2010/01/03 11:35:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/28 16:16:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a5
[2009/12/28 15:22:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a4
[2009/12/28 14:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a3
[2009/12/28 13:49:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a2
[2009/12/24 12:03:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\Application Data\Quick Search And Replace
[2009/12/24 12:03:35 | 00,000,000 | ---D | C] -- C:\Program Files\Quick Search and Replace
[2009/09/29 05:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2009/02/13 07:59:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/07/11 07:30:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/07/06 16:37:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/01/28 22:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/04/05 21:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/10/05 22:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/16 22:17:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/16 13:08:45 | 07,340,032 | -H-- | M] () -- C:\Documents and Settings\Simon Eriksson\ntuser.dat
[2010/01/16 13:08:45 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Simon Eriksson\NTUSER.INI
[2010/01/11 12:53:18 | 00,050,160 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/11 12:52:41 | 00,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\tbbMeter.lnk
[2010/01/05 10:24:01 | 00,030,766 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\.recently-used.xbel
[2010/01/03 11:35:34 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\Desktop\HijackThis.lnk
[2009/12/24 13:28:36 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/24 12:03:35 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Search and Replace.lnk
[2009/12/22 03:10:09 | 00,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/19 19:58:17 | 00,002,351 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\Desktop\Google Chrome.lnk
[2009/12/19 19:23:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/11 12:52:41 | 00,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\tbbMeter.lnk
[2010/01/05 10:24:01 | 00,030,766 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\.recently-used.xbel
[2010/01/03 11:35:33 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Desktop\HijackThis.lnk
[2009/12/24 12:03:35 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Search and Replace.lnk
[2009/12/19 19:58:16 | 00,002,351 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Desktop\Google Chrome.lnk
[2009/12/17 21:30:41 | 00,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2009/12/17 21:30:37 | 00,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2009/12/17 21:30:30 | 00,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2009/12/17 20:20:21 | 00,105,472 | ---- | C] () -- C:\WINDOWS\msacm32.drv
[2009/12/17 20:20:21 | 00,000,102 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2009/11/19 11:33:58 | 00,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/11/19 11:33:36 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/10/03 21:52:29 | 00,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2009/07/14 16:04:00 | 00,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/07/14 16:03:59 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/03/03 18:52:56 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\PnkBstrK.sys
[2008/12/10 22:39:30 | 00,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/06/13 19:41:11 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\Final Draft Tagger Preferences
[2008/06/12 18:48:32 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/06/10 11:03:18 | 00,000,011 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2007/12/26 18:13:44 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\kodakpcd.ini
[2007/12/04 15:55:13 | 00,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/10/18 16:36:54 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/07/10 16:13:04 | 00,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2007/07/02 16:49:52 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/07 09:34:31 | 00,004,472 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\BonsaiErrorLog.txt
[2007/04/06 02:01:49 | 00,000,140 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/01 18:19:30 | 00,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2007/03/23 21:46:27 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2007/01/27 18:16:00 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/01/27 18:16:00 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/01/27 18:15:59 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/01/27 18:15:12 | 00,000,081 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/09/13 20:00:43 | 00,034,900 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/29 18:31:33 | 00,002,726 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2006/07/29 18:15:32 | 00,139,776 | ---- | C] () -- C:\WINDOWS\System32\DCclean.dll
[2006/07/11 20:54:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/06/26 19:58:43 | 00,140,800 | ---- | C] () -- C:\WINDOWS\unez200.dll
[2006/06/14 20:08:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\sversion.ini
[2006/03/11 15:58:25 | 01,069,056 | ---- | C] () -- C:\WINDOWS\libmysql.dll
[2006/02/01 21:34:28 | 00,042,724 | ---- | C] () -- C:\WINDOWS\php.ini
[2006/01/28 23:59:39 | 00,000,459 | ---- | C] () -- C:\WINDOWS\my.ini
[2005/12/30 22:26:50 | 00,000,255 | ---- | C] () -- C:\WINDOWS\Web2Text.ini
[2005/12/17 21:05:00 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/08/24 12:56:04 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/05/15 19:52:35 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/05/08 23:27:24 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/04/19 03:11:40 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/04/17 02:35:19 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/10/05 23:44:46 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/05 23:31:54 | 00,108,295 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/10/05 23:31:40 | 00,108,329 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/09/30 15:55:58 | 00,000,399 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 12:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2002/05/15 22:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 17:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
< End of report >



Extras.txt log:

OTL Extras logfile created on: 17/01/2010 13:09:50 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Simon Eriksson\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

445.00 Mb Total Physical Memory | 89.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.92 Gb Total Space | 2.71 Gb Free Space | 10.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJD44061
Current User Name: Simon Eriksson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" File not found
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" File not found
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\Simon Eriksson\Local Settings\Temp\CRY343D.tmp\install.exe" = C:\Documents and Settings\Simon Eriksson\Local Settings\Temp\CRY343D.tmp\install.exe:*:Enabled:setup wizard -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Betfair Poker\UA.exe" = C:\Program Files\Betfair Poker\UA.exe:*:Enabled:UA Application -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN\MSNCoreFiles\Install\MSNSUSII.EXE" = C:\Program Files\MSN\MSNCoreFiles\Install\MSNSUSII.EXE:*:Enabled:MSN -- File not found
"C:\Program Files\NetMeeting\CONF.EXE" = C:\Program Files\NetMeeting\CONF.EXE:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- File not found
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Media Player\WMPLAYER.EXE" = C:\Program Files\Windows Media Player\WMPLAYER.EXE:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Belkin Bluetooth Software
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{48D19E26-B817-4123-BADE-B04C3B5D9B66}" = tbbMeter
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5EE85447-448E-4ABC-AA0B-3C4B7A693252}" = Modem on Hold
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407}" = Sheep
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4A6F05B-D32D-4EA3-B288-05894E803225}" = Betfair Poker
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E05B1C38-AE31-4146-8D47-E5E71BEB8D9E}" = Immortal Cities
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE24D361-A3E8-11DE-88F3-005056806466}" = Google Earth Plug-in
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Any Video Converter_is1" = Any Video Converter 2.7.8
"ArcSoft PhotoImpression 2000" = ArcSoft PhotoImpression 2000
"Boots F2CD Picture Suite" = Boots F2CD Picture Suite
"DebugBar" = DebugBar v5.3 for Internet Explorer (remove only)
"deskPDF 2.5 Standard_is1" = deskPDF 2.5 Standard Edition
"DirectVobSub" = DirectVobSub (remove only)
"Driving Test Success All Tests_is1" = Driving Test Success 2006/7
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"FileZilla Client" = FileZilla Client 3.3.0.1
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"HijackThis" = HijackThis 2.0.2
"IETester" = IETester v0.4.2 (remove only)
"Inkscape" = Inkscape 0.47
"IrfanView" = IrfanView (remove only)
"Kodak EZ200 DIGITAL CAMERA" = Kodak EZ200 DIGITAL CAMERA Installation
"LimeWire" = LimeWire 5.3.6
"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus
"Mcafee SecurityCenter" = McAfee SecurityCenter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly Deluxe" = Monopoly Deluxe
"Monopoly Junior" = Monopoly Junior
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"New LEGO Digital Designer" = LEGO Digital Designer
"Nokia PC Suite" = Nokia PC Suite
"Pacific Poker" = Pacific Poker
"PartyPoker" = PartyPoker
"Picasa2" = Picasa 2
"PokerStars" = PokerStars
"Quick Search and Replace_is1" = Quick Search and Replace 1.0
"RealPlayer 12.0" = RealPlayer
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Soulseek" = SoulSeek Client 156c
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirusScan Online" = McAfee VirusScan
"VLC media player" = VLC media player 1.0.2
"Web2Text" = Web2Text
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Simon Eriksson
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/01/2010 04:53:12 | Computer Name = DJD44061 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 14/01/2010 04:53:12 | Computer Name = DJD44061 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 16/01/2010 02:25:47 | Computer Name = DJD44061 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 16/01/2010 02:25:47 | Computer Name = DJD44061 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 16/01/2010 02:25:48 | Computer Name = DJD44061 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 16/01/2010 02:25:48 | Computer Name = DJD44061 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 16/01/2010 18:19:33 | Computer Name = DJD44061 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 16/01/2010 18:19:33 | Computer Name = DJD44061 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 16/01/2010 18:19:34 | Computer Name = DJD44061 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 16/01/2010 18:19:34 | Computer Name = DJD44061 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

[ System Events ]
Error - 16/01/2010 03:25:51 | Computer Name = DJD44061 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 16/01/2010 03:25:52 | Computer Name = DJD44061 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 16/01/2010 18:18:34 | Computer Name = DJD44061 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 16/01/2010 18:18:34 | Computer Name = DJD44061 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 16/01/2010 19:19:38 | Computer Name = DJD44061 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 16/01/2010 19:19:38 | Computer Name = DJD44061 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 16/01/2010 20:38:42 | Computer Name = DJD44061 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 16/01/2010 22:12:54 | Computer Name = DJD44061 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 17/01/2010 06:18:22 | Computer Name = DJD44061 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 17/01/2010 08:32:45 | Computer Name = DJD44061 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}


< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:53 PM

Posted 18 January 2010 - 08:54 AM

Hi,

please run a scan with gmer as well:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrit

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 sfrewins

sfrewins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 19 January 2010 - 05:30 AM

Hi Myrti,

Here's the GMER log. Once again, many thanks.

Simon


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-19 09:32:53
Windows 5.1.2600 Service Pack 3
Running: 1wj8bvn4.exe; Driver: C:\DOCUME~1\SIMONE~1\LOCALS~1\Temp\kxloapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xF1937300, 0x22020, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF7A3E300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[408] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 000438EF
.text C:\WINDOWS\system32\services.exe[408] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00043AE4
.text C:\WINDOWS\system32\services.exe[408] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00043A4D
.text C:\WINDOWS\system32\services.exe[408] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 000512D0
.text C:\WINDOWS\system32\services.exe[408] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00051405
.text C:\WINDOWS\system32\services.exe[408] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0004D538
.text C:\WINDOWS\system32\services.exe[408] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0004D56C
.text C:\WINDOWS\system32\services.exe[408] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0004D589
.text C:\WINDOWS\system32\services.exe[408] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 000433CC
.text C:\WINDOWS\system32\services.exe[408] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 000538BA
.text C:\WINDOWS\system32\services.exe[408] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 000537E8
.text C:\WINDOWS\system32\services.exe[408] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 000538F9
.text C:\WINDOWS\system32\services.exe[408] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00053852
.text C:\WINDOWS\system32\services.exe[408] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 0005380A
.text C:\WINDOWS\system32\services.exe[408] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 00053897
.text C:\WINDOWS\system32\services.exe[408] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 00053874
.text C:\WINDOWS\system32\services.exe[408] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 000537C6
.text C:\WINDOWS\system32\services.exe[408] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 0005382E
.text C:\WINDOWS\system32\lsass.exe[420] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00E138EF
.text C:\WINDOWS\system32\lsass.exe[420] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E13AE4
.text C:\WINDOWS\system32\lsass.exe[420] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00E13A4D
.text C:\WINDOWS\system32\lsass.exe[420] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00E212D0
.text C:\WINDOWS\system32\lsass.exe[420] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00E21405
.text C:\WINDOWS\system32\lsass.exe[420] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E1D538
.text C:\WINDOWS\system32\lsass.exe[420] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E1D56C
.text C:\WINDOWS\system32\lsass.exe[420] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E1D589
.text C:\WINDOWS\system32\lsass.exe[420] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00E133CC
.text C:\WINDOWS\system32\lsass.exe[420] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 00E238BA
.text C:\WINDOWS\system32\lsass.exe[420] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 00E237E8
.text C:\WINDOWS\system32\lsass.exe[420] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 00E238F9
.text C:\WINDOWS\system32\lsass.exe[420] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00E23852
.text C:\WINDOWS\system32\lsass.exe[420] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 00E2380A
.text C:\WINDOWS\system32\lsass.exe[420] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 00E23897
.text C:\WINDOWS\system32\lsass.exe[420] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 00E23874
.text C:\WINDOWS\system32\lsass.exe[420] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 00E237C6
.text C:\WINDOWS\system32\lsass.exe[420] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 00E2382E
.text C:\WINDOWS\system32\svchost.exe[564] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00A738EF
.text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00B238EF
.text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B23AE4
.text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B23A4D
.text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00B312D0
.text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00B31405
.text C:\WINDOWS\system32\svchost.exe[644] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B2D538
.text C:\WINDOWS\system32\svchost.exe[644] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B2D56C
.text C:\WINDOWS\system32\svchost.exe[644] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B2D589
.text C:\WINDOWS\system32\svchost.exe[644] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00B233CC
.text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 00B338BA
.text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 00B337E8
.text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 00B338F9
.text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00B33852
.text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 00B3380A
.text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 00B33897
.text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 00B33874
.text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 00B337C6
.text C:\WINDOWS\system32\svchost.exe[644] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 00B3382E
.text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 017938EF
.text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01793AE4
.text C:\WINDOWS\System32\svchost.exe[700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01793A4D
.text C:\WINDOWS\System32\svchost.exe[700] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 017A12D0
.text C:\WINDOWS\System32\svchost.exe[700] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 017A1405
.text C:\WINDOWS\System32\svchost.exe[700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0179D538
.text C:\WINDOWS\System32\svchost.exe[700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0179D56C
.text C:\WINDOWS\System32\svchost.exe[700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0179D589
.text C:\WINDOWS\System32\svchost.exe[700] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 017933CC
.text C:\WINDOWS\System32\svchost.exe[700] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 017A38BA
.text C:\WINDOWS\System32\svchost.exe[700] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 017A37E8
.text C:\WINDOWS\System32\svchost.exe[700] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 017A38F9
.text C:\WINDOWS\System32\svchost.exe[700] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 017A3852
.text C:\WINDOWS\System32\svchost.exe[700] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 017A380A
.text C:\WINDOWS\System32\svchost.exe[700] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 017A3897
.text C:\WINDOWS\System32\svchost.exe[700] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 017A3874
.text C:\WINDOWS\System32\svchost.exe[700] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 017A37C6
.text C:\WINDOWS\System32\svchost.exe[700] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 017A382E
.text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 006338EF
.text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00633AE4
.text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00633A4D
.text C:\WINDOWS\system32\svchost.exe[756] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 006412D0
.text C:\WINDOWS\system32\svchost.exe[756] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00641405
.text C:\WINDOWS\system32\svchost.exe[756] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0063D538
.text C:\WINDOWS\system32\svchost.exe[756] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0063D56C
.text C:\WINDOWS\system32\svchost.exe[756] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0063D589
.text C:\WINDOWS\system32\svchost.exe[756] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 006333CC
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 006438BA
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 006437E8
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 006438F9
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00643852
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 0064380A
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 00643897
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 00643874
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 006437C6
.text C:\WINDOWS\system32\svchost.exe[756] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 0064382E
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D538EF
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D53AE4
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D53A4D
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D612D0
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00D61405
.text C:\WINDOWS\system32\svchost.exe[812] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D5D538
.text C:\WINDOWS\system32\svchost.exe[812] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D5D56C
.text C:\WINDOWS\system32\svchost.exe[812] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D5D589
.text C:\WINDOWS\system32\svchost.exe[812] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00D533CC
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 00D638BA
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 00D637E8
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 00D638F9
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00D63852
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 00D6380A
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 00D63897
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 00D63874
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 00D637C6
.text C:\WINDOWS\system32\svchost.exe[812] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 00D6382E
.text C:\WINDOWS\system32\spoolsv.exe[832] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00A238EF
.text C:\WINDOWS\system32\spoolsv.exe[832] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A23AE4
.text C:\WINDOWS\system32\spoolsv.exe[832] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A23A4D
.text C:\WINDOWS\system32\spoolsv.exe[832] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00A312D0
.text C:\WINDOWS\system32\spoolsv.exe[832] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00A31405
.text C:\WINDOWS\system32\spoolsv.exe[832] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A2D538
.text C:\WINDOWS\system32\spoolsv.exe[832] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A2D56C
.text C:\WINDOWS\system32\spoolsv.exe[832] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A2D589
.text C:\WINDOWS\system32\spoolsv.exe[832] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00A233CC
.text C:\WINDOWS\system32\spoolsv.exe[832] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 00A338BA
.text C:\WINDOWS\system32\spoolsv.exe[832] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 00A337E8
.text C:\WINDOWS\system32\spoolsv.exe[832] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 00A338F9
.text C:\WINDOWS\system32\spoolsv.exe[832] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00A33852
.text C:\WINDOWS\system32\spoolsv.exe[832] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 00A3380A
.text C:\WINDOWS\system32\spoolsv.exe[832] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 00A33897
.text C:\WINDOWS\system32\spoolsv.exe[832] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 00A33874
.text C:\WINDOWS\system32\spoolsv.exe[832] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 00A337C6
.text C:\WINDOWS\system32\spoolsv.exe[832] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 00A3382E
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D438EF
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D43AE4
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D43A4D
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D4D538
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D4D56C
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D4D589
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D512D0
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00D51405
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00D433CC
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 00D538BA
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 00D537E8
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 00D538F9
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00D53852
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 00D5380A
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 00D53897
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 00D53874
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 00D537C6
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[900] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 00D5382E
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00F938EF
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F93AE4
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F93A4D
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F9D538
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F9D56C
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F9D589
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00FA12D0
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00FA1405
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00F933CC
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 00FA38BA
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 00FA37E8
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 00FA38F9
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00FA3852
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 00FA380A
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 00FA3897
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 00FA3874
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 00FA37C6
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 00FA382E
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00B738EF
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B73AE4
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B73A4D
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00B812D0
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00B81405
.text C:\WINDOWS\system32\svchost.exe[1008] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00B733CC
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B7D538
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B7D56C
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B7D589
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 00B838BA
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 00B837E8
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 00B838F9
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00B83852
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 00B8380A
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 00B83897
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 00B83874
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 00B837C6
.text C:\WINDOWS\system32\svchost.exe[1008] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 00B8382E
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 001338EF
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00133AE4
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00133A4D
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 001412D0
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00141405
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0013D538
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0013D56C
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0013D589
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 001333CC
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 001438BA
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 001437E8
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 001438F9
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00143852
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 0014380A
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 00143897
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 00143874
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 001437C6
.text C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\1wj8bvn4.exe[1180] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 0014382E
.text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00D338EF
.text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00D33AE4
.text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D33A4D
.text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00D412D0
.text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00D41405
.text C:\WINDOWS\Explorer.EXE[1308] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00D333CC
.text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!InternetCloseHandle 771C4D94 5 Bytes JMP 00D438BA
.text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!HttpSendRequestA 771C60A9 5 Bytes JMP 00D437E8
.text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!HttpQueryInfoA 771C79CA 5 Bytes JMP 00D438F9
.text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!InternetReadFile 771C82F2 5 Bytes JMP 00D43852
.text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!HttpSendRequestExW 771CEA01 5 Bytes JMP 00D4380A
.text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!InternetQueryDataAvailable 771D8A67 5 Bytes JMP 00D43897
.text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!InternetReadFileExA 771F934E 5 Bytes JMP 00D43874
.text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!HttpSendRequestW 77213224 5 Bytes JMP 00D437C6
.text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!HttpSendRequestExA 77213329 5 Bytes JMP 00D4382E
.text C:\WINDOWS\Explorer.EXE[1308] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D3D538
.text C:\WINDOWS\Explorer.EXE[1308] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D3D56C
.text C:\WINDOWS\Explorer.EXE[1308] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D3D589

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat F1121D20

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:53 PM

Posted 19 January 2010 - 12:44 PM

Hi,

the good news is that you aren't infected by a rootkit. The bad news is your logs reveal an information stealing trojan.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required to clean your PC.

If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation as soon as possible.

If you do not have access to a known clean computer, you will still need to change your passwords, and all other sensitive information, but only once your system is deemed clean.

Please run the following fix:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O4 - HKU\S-1-5-21-1777509275-7026196-927476729-1006..\Run: [rundll32.exe] File not found
    O4 - HKU\S-1-5-21-1777509275-7026196-927476729-1006..\Run: [WAB] C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e19.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\SYSTEM32\sdra64.exe ()
    O33 - MountPoints2\F\Shell\1\Command - "" = Recycled.exe
    O33 - MountPoints2\F\Shell\2\Command - "" = Recycled.exe
    
    @Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA
    [2009/12/17 21:30:41 | 00,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
    [2009/12/17 21:30:37 | 00,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
    [2009/12/17 21:30:30 | 00,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
    [2009/12/17 20:20:21 | 00,105,472 | ---- | C] () -- C:\WINDOWS\msacm32.drv
    [2009/12/17 20:20:21 | 00,000,102 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
    
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 sfrewins

sfrewins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 19 January 2010 - 02:39 PM

OTL fix log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_USERS\S-1-5-21-1777509275-7026196-927476729-1006\Software\Microsoft\Windows\CurrentVersion\Run\\rundll32.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1777509275-7026196-927476729-1006\Software\Microsoft\Windows\CurrentVersion\Run\\WAB deleted successfully.
C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e19.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\sdra64.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
File C:\Recycled.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File C:\Recycled.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6B803FAA deleted successfully.
C:\WINDOWS\rasqervy.dll moved successfully.
C:\WINDOWS\sdfinacs.dll moved successfully.
C:\WINDOWS\sdfixwcs.dll moved successfully.
C:\WINDOWS\msacm32.drv moved successfully.
C:\WINDOWS\wuasirvy.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3407630 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Simon Eriksson
->Temp folder emptied: 3111470613 bytes
->Temporary Internet Files folder emptied: 20643449 bytes
->Java cache emptied: 45784672 bytes
->FireFox cache emptied: 54115872 bytes
->Google Chrome cache emptied: 290933714 bytes
->Apple Safari cache emptied: 45696573 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4532241 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7285726 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23986752 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 51645772 bytes

Total Files Cleaned = 3,490.00 mb


OTL by OldTimer - Version 3.1.25.2 log created on 01192010_191719

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\SYSTEM32\sdra64.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:53 PM

Posted 19 January 2010 - 05:46 PM

Hi,

please post the follow up scan I asked for.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 sfrewins

sfrewins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 20 January 2010 - 05:18 AM

Hi.

Here's the rescan log:

OTL logfile created on: 20/01/2010 09:59:25 - Run 3
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Simon Eriksson\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

445.00 Mb Total Physical Memory | 138.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.92 Gb Total Space | 6.05 Gb Free Space | 23.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJD44061
Current User Name: Simon Eriksson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/20 09:44:37 | 00,688,648 | ---- | M] () -- C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe
PRC - [2010/01/17 13:08:47 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\OTL.exe
PRC - [2009/12/09 23:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/24 13:00:28 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe


========== Modules (SafeList) ==========

MOD - [2010/01/17 13:08:47 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MySql)
SRV - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/06 00:00:00 | 00,024,640 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/30 07:58:40 | 00,183,280 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/03 18:53:38 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9862bd0c09d80) Google Update Service (gupdate1c9862bd0c09d80)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/11/30 11:18:51 | 00,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\spupdsvc.exe -- (spupdsvc)
SRV - [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/03/26 12:06:24 | 00,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2005/11/11 16:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) [Disabled | Stopped] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/08/24 13:00:28 | 00,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/10 11:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) [Disabled | Stopped] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)
SRV - [2005/07/01 19:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/14 16:04:00 | 00,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys -- (atksgt)
DRV - [2009/07/14 16:03:59 | 00,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys -- (lirsgt)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/02/23 02:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/04/03 14:12:42 | 00,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmaCDriverV32.sys -- (WmaCDriverV32)
DRV - [2005/11/11 16:43:52 | 00,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/08/24 12:53:46 | 00,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btaudio.sys -- (btaudio)
DRV - [2005/08/24 12:51:10 | 01,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - [2005/08/24 12:49:12 | 00,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys -- (BTDriver)
DRV - [2005/08/24 12:45:46 | 00,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/08/10 11:22:10 | 00,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/10 16:56:24 | 00,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srvkp.sys -- (SiSkp)
DRV - [2004/06/10 16:56:16 | 00,216,320 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisgrp.sys -- (SiS315)
DRV - [2004/04/06 14:48:50 | 00,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisnic.sys -- (SISNIC)
DRV - [2004/03/29 15:04:42 | 00,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/03/24 09:12:44 | 00,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/19 14:41:18 | 01,205,292 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/08/21 18:25:52 | 00,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/07/18 08:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel®
DRV - [2000/07/17 12:04:38 | 00,430,336 | ---- | M] (Eastman Kodak Company.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dc31vid.sys -- (KodakPPCAM)
DRV - [2000/07/14 08:53:06 | 00,028,669 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DC31Bulk.sys -- (PA7333I)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {9eb64fa9-57c4-4a41-9940-e12e0418b693} - C:\Program Files\CashKeywords\tbCash.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.gmail.com/"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.4
FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0
FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.6.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 5\components [2009/11/15 19:52:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 5\plugins [2009/11/15 19:52:02 | 00,000,000 | ---D | M]

[2009/10/27 21:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Extensions
[2009/02/16 13:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/10/27 21:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/23 19:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions
[2009/11/23 19:57:43 | 00,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
[2009/11/15 20:12:53 | 00,000,000 | ---D | M] (Property Bee) -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
[2009/11/23 19:57:44 | 00,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2009/11/15 19:57:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\firebug@software.joehewitt.com
[2009/11/15 19:59:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\piclens@cooliris.com

O1 HOSTS File: ([2004/08/04 04:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (CashKeywords Toolbar) - {9eb64fa9-57c4-4a41-9940-e12e0418b693} - C:\Program Files\CashKeywords\tbCash.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKLM\..\Toolbar: (CashKeywords Toolbar) - {9eb64fa9-57c4-4a41-9940-e12e0418b693} - C:\Program Files\CashKeywords\tbCash.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKCU\..\Toolbar\WebBrowser: (CashKeywords Toolbar) - {9EB64FA9-57C4-4A41-9940-E12E0418B693} - C:\Program Files\CashKeywords\tbCash.dll (Conduit Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Simon Eriksson\Desktop\HappyFathersDay&Lizard.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/10/05 22:51:40 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "MpfService"
MsConfig - Services: "mcupdmgr.exe"
MsConfig - Services: "McTskshd.exe"
MsConfig - Services: "McShield"
MsConfig - Services: "McDetect.exe"
MsConfig - Services: "xmlprov"
MsConfig - Services: "WZCSVC"
MsConfig - Services: "wscsvc"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "WmiApSrv"
MsConfig - Services: "WmdmPmSN"
MsConfig - Services: "winmgmt"
MsConfig - Services: "TrkWks"
MsConfig - Services: "TermService"
MsConfig - Services: "TapiSrv"
MsConfig - Services: "ShellHWDetection"
MsConfig - Services: "SharedAccess"
MsConfig - Services: "seclogon"
MsConfig - Services: "Schedule"
MsConfig - Services: "SCardSvr"
MsConfig - Services: "SamSs"
MsConfig - Services: "RSVP"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - Services: "NtLmSsp"
MsConfig - Services: "Nla"
MsConfig - Services: "Netman"
MsConfig - Services: "Netlogon"
MsConfig - Services: "MySQL41"
MsConfig - Services: "MySql"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "KService"
MsConfig - Services: "gusvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk - C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^Monitor Apache Servers.lnk - C:\PROGRA~1\APACHE~1\Apache2\bin\APACHE~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^OpenOffice.org 1.1.3.lnk - C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^WinMySQLadmin.lnk - C:\mysql\bin\winmysqladmin.exe - File not found
MsConfig - StartUpReg: 4oD - hkey= - key= - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: Boots Insert Detect - hkey= - key= - C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe ()
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: kdx - hkey= - key= - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MCAgentExe - hkey= - key= - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
MsConfig - StartUpReg: MCUpdateExe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
MsConfig - StartUpReg: MPFExe - hkey= - key= - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: OASClnt - hkey= - key= - C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: rundll32.exe - hkey= - key= - File not found
MsConfig - StartUpReg: SiS Windows KeyHook - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
MsConfig - StartUpReg: USB Storage Toolbox - hkey= - key= - C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
MsConfig - StartUpReg: VirusScan Online - hkey= - key= - C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
MsConfig - StartUpReg: VSOCheckTask - hkey= - key= - C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
MsConfig - StartUpReg: WAB - hkey= - key= - C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e19.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 1

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux1 - C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e1.dll ()
Drivers32: aux2 - C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e1.dll ()
Drivers32: midi1 - C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e1.dll ()
Drivers32: midi2 - C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e1.dll ()
Drivers32: mixer1 - C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e1.dll ()
Drivers32: mixer2 - C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e1.dll ()
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VQJK - C:\WINDOWS\System32\DC31DEC.dll (Eastman Kodak Company)
Drivers32: wave1 - C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e1.dll ()
Drivers32: wave2 - C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e1.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/01/19 19:17:19 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/18 13:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/01/18 13:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Conduit
[2010/01/18 13:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\CashKeywords
[2010/01/18 13:13:47 | 00,000,000 | ---D | C] -- C:\Program Files\CashKeywords
[2010/01/11 12:52:38 | 00,000,000 | ---D | C] -- C:\Program Files\thinkbroadband.com
[2010/01/11 12:50:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Downloaded Installations
[2010/01/03 11:35:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/28 16:16:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a5
[2009/12/28 15:22:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a4
[2009/12/28 14:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a3
[2009/12/28 13:49:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a2
[2009/12/24 12:03:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\Application Data\Quick Search And Replace
[2009/12/24 12:03:35 | 00,000,000 | ---D | C] -- C:\Program Files\Quick Search and Replace
[2009/09/29 05:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2009/07/31 16:29:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/13 07:59:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/07/11 07:30:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/07/06 16:37:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/01/28 22:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/04/05 21:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall

========== Files - Modified Within 30 Days ==========

[2010/01/20 09:40:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/19 23:43:28 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Simon Eriksson\NTUSER.INI
[2010/01/19 23:43:27 | 07,340,032 | -H-- | M] () -- C:\Documents and Settings\Simon Eriksson\ntuser.dat
[2010/01/19 09:38:44 | 00,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/01/11 12:53:18 | 00,050,160 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/11 12:52:41 | 00,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\tbbMeter.lnk
[2010/01/05 10:24:01 | 00,030,766 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\.recently-used.xbel
[2010/01/03 11:35:34 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\Desktop\HijackThis.lnk
[2009/12/24 13:28:36 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/24 12:03:35 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Search and Replace.lnk
[2009/12/22 03:10:09 | 00,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/01/19 09:38:44 | 00,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/01/11 12:52:41 | 00,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\tbbMeter.lnk
[2010/01/05 10:24:01 | 00,030,766 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\.recently-used.xbel
[2010/01/03 11:35:33 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Desktop\HijackThis.lnk
[2009/12/24 12:03:35 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Search and Replace.lnk
[2009/11/19 11:33:58 | 00,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/11/19 11:33:36 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/10/03 21:52:29 | 00,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2009/07/14 16:04:00 | 00,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/07/14 16:03:59 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/03/03 18:52:56 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\PnkBstrK.sys
[2008/12/10 22:39:30 | 00,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/06/13 19:41:11 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\Final Draft Tagger Preferences
[2008/06/12 18:48:32 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/06/10 11:03:18 | 00,000,011 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2007/12/26 18:13:44 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\kodakpcd.ini
[2007/12/04 15:55:13 | 00,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/10/18 16:36:54 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/07/10 16:13:04 | 00,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2007/07/02 16:49:52 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/07 09:34:31 | 00,004,472 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\BonsaiErrorLog.txt
[2007/04/06 02:01:49 | 00,000,140 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/01 18:19:30 | 00,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2007/03/23 21:46:27 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2007/01/27 18:16:00 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/01/27 18:16:00 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/01/27 18:15:59 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/01/27 18:15:12 | 00,000,081 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/09/13 20:00:43 | 00,034,900 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/29 18:31:33 | 00,002,726 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2006/07/29 18:15:32 | 00,139,776 | ---- | C] () -- C:\WINDOWS\System32\DCclean.dll
[2006/07/11 20:54:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/06/26 19:58:43 | 00,140,800 | ---- | C] () -- C:\WINDOWS\unez200.dll
[2006/06/14 20:08:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\sversion.ini
[2006/03/11 15:58:25 | 01,069,056 | ---- | C] () -- C:\WINDOWS\libmysql.dll
[2006/02/01 21:34:28 | 00,042,724 | ---- | C] () -- C:\WINDOWS\php.ini
[2006/01/28 23:59:39 | 00,000,459 | ---- | C] () -- C:\WINDOWS\my.ini
[2005/12/30 22:26:50 | 00,000,255 | ---- | C] () -- C:\WINDOWS\Web2Text.ini
[2005/12/17 21:05:00 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/08/24 12:56:04 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/05/15 19:52:35 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/05/08 23:27:24 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/04/19 03:11:40 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/04/17 02:35:19 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/10/05 23:44:46 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/05 23:31:54 | 00,108,295 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/10/05 23:31:40 | 00,108,329 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/09/30 15:55:58 | 00,000,399 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 12:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2002/05/15 22:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 17:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/22 05:57:16 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/09/22 05:57:16 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/22 05:57:16 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/09/22 05:57:16 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\ATAPI.SYS
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2009/08/06 00:00:00 | 00,028,787 | ---- | M] () MD5=9517DD94BABFCCDBA18772AB41AF4A57 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:53 PM

Posted 20 January 2010 - 03:16 PM

Hi,

there are some more leftovers, please run a new fix:

Please follow steps 1-3 behind this link to backup your registry with ERUNT (use current date while naming the location).

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
    :reg
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32]
    aux1=-
    aux2=-
    midi1=-
    midi2=-
    mixer1=-
    mixer2=-
    :files
    C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e1.dll
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Afterwards please run another follow up scan as mentioned in my previous post.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 sfrewins

sfrewins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 20 January 2010 - 06:53 PM

New Fix Log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32\\aux1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32\\aux2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32\\midi1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32\\midi2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32\\mixer1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32\\mixer2 deleted successfully.
========== FILES ==========
C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e1.dll moved successfully.

OTL by OldTimer - Version 3.1.25.2 log created on 01202010_235148

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:53 PM

Posted 20 January 2010 - 07:21 PM

Hi,

please provide a new log from OTL:
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    drivers32
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 sfrewins

sfrewins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 20 January 2010 - 08:01 PM

Follow up scan:

OTL logfile created on: 20/01/2010 23:54:46 - Run 4
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Simon Eriksson\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

445.00 Mb Total Physical Memory | 128.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.92 Gb Total Space | 5.81 Gb Free Space | 22.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJD44061
Current User Name: Simon Eriksson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/20 09:44:37 | 00,688,648 | ---- | M] () -- C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe
PRC - [2010/01/17 13:08:47 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\OTL.exe
PRC - [2009/12/09 23:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/24 13:00:28 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe


========== Modules (SafeList) ==========

MOD - [2010/01/17 13:08:47 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Eriksson\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MySql)
SRV - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/06 00:00:00 | 00,024,640 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/30 07:58:40 | 00,183,280 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/03 18:53:38 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9862bd0c09d80) Google Update Service (gupdate1c9862bd0c09d80)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/11/30 11:18:51 | 00,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\spupdsvc.exe -- (spupdsvc)
SRV - [2007/04/23 11:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/03/26 12:06:24 | 00,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2005/11/11 16:43:04 | 00,548,864 | ---- | M] (McAfee Corporation) [Disabled | Stopped] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
SRV - [2005/10/13 19:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/08/24 13:00:28 | 00,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/10 11:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) [Disabled | Stopped] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)
SRV - [2005/07/01 19:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) [Disabled | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/14 16:04:00 | 00,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys -- (atksgt)
DRV - [2009/07/14 16:03:59 | 00,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys -- (lirsgt)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/02/23 02:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/04/03 14:12:42 | 00,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmaCDriverV32.sys -- (WmaCDriverV32)
DRV - [2005/11/11 16:43:52 | 00,080,640 | ---- | M] (McAfee) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFirewall.sys -- (MPFIREWL)
DRV - [2005/08/24 12:53:46 | 00,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btaudio.sys -- (btaudio)
DRV - [2005/08/24 12:51:10 | 01,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - [2005/08/24 12:49:12 | 00,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys -- (BTDriver)
DRV - [2005/08/24 12:45:46 | 00,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/08/10 11:22:10 | 00,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/10 16:56:24 | 00,012,160 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srvkp.sys -- (SiSkp)
DRV - [2004/06/10 16:56:16 | 00,216,320 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisgrp.sys -- (SiS315)
DRV - [2004/04/06 14:48:50 | 00,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisnic.sys -- (SISNIC)
DRV - [2004/03/29 15:04:42 | 00,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2004/03/24 09:12:44 | 00,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/19 14:41:18 | 01,205,292 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/08/21 18:25:52 | 00,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/07/18 08:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B) Intel®
DRV - [2000/07/17 12:04:38 | 00,430,336 | ---- | M] (Eastman Kodak Company.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dc31vid.sys -- (KodakPPCAM)
DRV - [2000/07/14 08:53:06 | 00,028,669 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DC31Bulk.sys -- (PA7333I)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\..\URLSearchHook: {9eb64fa9-57c4-4a41-9940-e12e0418b693} - C:\Program Files\CashKeywords\tbCash.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\S-1-5-21-1777509275-7026196-927476729-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1777509275-7026196-927476729-1006\S-1-5-21-1777509275-7026196-927476729-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.gmail.com/"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.4
FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0
FF - prefs.js..extensions.enabledItems: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.6.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 5\components [2009/11/15 19:52:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 5\plugins [2009/11/15 19:52:02 | 00,000,000 | ---D | M]

[2009/10/27 21:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Extensions
[2009/02/16 13:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/10/27 21:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/23 19:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions
[2009/11/23 19:57:43 | 00,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
[2009/11/15 20:12:53 | 00,000,000 | ---D | M] (Property Bee) -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}
[2009/11/23 19:57:44 | 00,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2009/11/15 19:57:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\firebug@software.joehewitt.com
[2009/11/15 19:59:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Simon Eriksson\Application Data\Mozilla\Firefox\Profiles\seul270s.default\extensions\piclens@cooliris.com

O1 HOSTS File: ([2004/08/04 04:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (CashKeywords Toolbar) - {9eb64fa9-57c4-4a41-9940-e12e0418b693} - C:\Program Files\CashKeywords\tbCash.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKLM\..\Toolbar: (CashKeywords Toolbar) - {9eb64fa9-57c4-4a41-9940-e12e0418b693} - C:\Program Files\CashKeywords\tbCash.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-1777509275-7026196-927476729-1006\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKU\S-1-5-21-1777509275-7026196-927476729-1006\..\Toolbar\WebBrowser: (CashKeywords Toolbar) - {9EB64FA9-57C4-4A41-9940-E12E0418B693} - C:\Program Files\CashKeywords\tbCash.dll (Conduit Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1777509275-7026196-927476729-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab (ChessControl Class)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Simon Eriksson\Desktop\HappyFathersDay&Lizard.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/10/05 22:51:40 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "MpfService"
MsConfig - Services: "mcupdmgr.exe"
MsConfig - Services: "McTskshd.exe"
MsConfig - Services: "McShield"
MsConfig - Services: "McDetect.exe"
MsConfig - Services: "xmlprov"
MsConfig - Services: "WZCSVC"
MsConfig - Services: "wscsvc"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "WmiApSrv"
MsConfig - Services: "WmdmPmSN"
MsConfig - Services: "winmgmt"
MsConfig - Services: "TrkWks"
MsConfig - Services: "TermService"
MsConfig - Services: "TapiSrv"
MsConfig - Services: "ShellHWDetection"
MsConfig - Services: "SharedAccess"
MsConfig - Services: "seclogon"
MsConfig - Services: "Schedule"
MsConfig - Services: "SCardSvr"
MsConfig - Services: "SamSs"
MsConfig - Services: "RSVP"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - Services: "NtLmSsp"
MsConfig - Services: "Nla"
MsConfig - Services: "Netman"
MsConfig - Services: "Netlogon"
MsConfig - Services: "MySQL41"
MsConfig - Services: "MySql"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "KService"
MsConfig - Services: "gusvc"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk - C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^Monitor Apache Servers.lnk - C:\PROGRA~1\APACHE~1\Apache2\bin\APACHE~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^OpenOffice.org 1.1.3.lnk - C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Simon Eriksson^Start Menu^Programs^Startup^WinMySQLadmin.lnk - C:\mysql\bin\winmysqladmin.exe - File not found
MsConfig - StartUpReg: 4oD - hkey= - key= - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: Boots Insert Detect - hkey= - key= - C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe ()
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: kdx - hkey= - key= - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MCAgentExe - hkey= - key= - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
MsConfig - StartUpReg: MCUpdateExe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
MsConfig - StartUpReg: MPFExe - hkey= - key= - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: OASClnt - hkey= - key= - C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: rundll32.exe - hkey= - key= - File not found
MsConfig - StartUpReg: SiS Windows KeyHook - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
MsConfig - StartUpReg: USB Storage Toolbox - hkey= - key= - C:\Program Files\USB Disk Win98 Driver\Res.exe (ali)
MsConfig - StartUpReg: VirusScan Online - hkey= - key= - C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
MsConfig - StartUpReg: VSOCheckTask - hkey= - key= - C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
MsConfig - StartUpReg: WAB - hkey= - key= - C:\Documents and Settings\Simon Eriksson\Application Data\Macromedia\Common\f521c00e19.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 1

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VQJK - C:\WINDOWS\System32\DC31DEC.dll (Eastman Kodak Company)
Drivers32: wave1 - C:\DOCUME~1\SIMONE~1\APPLIC~1\MACROM~1\Common\f521c00e1.dll File not found
Drivers32: wave2 - C:\DOCUME~1\SIMONE~1\APPLIC~1\MACROM~1\Common\f521c00e1.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/01/20 23:49:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/20 23:48:29 | 00,000,000 | ---D | C] -- C:\Program Files\NT Registry Optimizer
[2010/01/20 23:47:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/19 19:17:19 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/18 13:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/01/18 13:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Conduit
[2010/01/18 13:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\CashKeywords
[2010/01/18 13:13:47 | 00,000,000 | ---D | C] -- C:\Program Files\CashKeywords
[2010/01/11 12:52:38 | 00,000,000 | ---D | C] -- C:\Program Files\thinkbroadband.com
[2010/01/11 12:50:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\Downloaded Installations
[2010/01/03 11:35:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/28 16:16:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a5
[2009/12/28 15:22:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a4
[2009/12/28 14:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a3
[2009/12/28 13:49:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\My Documents\a2
[2009/12/24 12:03:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Simon Eriksson\Application Data\Quick Search And Replace
[2009/12/24 12:03:35 | 00,000,000 | ---D | C] -- C:\Program Files\Quick Search and Replace
[2009/09/29 05:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2009/07/31 16:29:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/13 07:59:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/07/11 07:30:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/07/06 16:37:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/01/28 22:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/04/05 21:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall

========== Files - Modified Within 30 Days ==========

[2010/01/20 23:48:29 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\Desktop\NTREGOPT.lnk
[2010/01/20 23:47:26 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\Desktop\ERUNT.lnk
[2010/01/20 09:40:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/19 23:43:28 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Simon Eriksson\NTUSER.INI
[2010/01/19 23:43:27 | 07,340,032 | -H-- | M] () -- C:\Documents and Settings\Simon Eriksson\ntuser.dat
[2010/01/19 09:38:44 | 00,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/01/11 12:53:18 | 00,050,160 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/11 12:52:41 | 00,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\tbbMeter.lnk
[2010/01/05 10:24:01 | 00,030,766 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\.recently-used.xbel
[2010/01/03 11:35:34 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Simon Eriksson\Desktop\HijackThis.lnk
[2009/12/24 13:28:36 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/24 12:03:35 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Search and Replace.lnk
[2009/12/22 03:10:09 | 00,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/01/20 23:47:26 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Desktop\NTREGOPT.lnk
[2010/01/20 23:47:26 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Desktop\ERUNT.lnk
[2010/01/19 09:38:44 | 00,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2010/01/11 12:52:41 | 00,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\tbbMeter.lnk
[2010/01/05 10:24:01 | 00,030,766 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\.recently-used.xbel
[2010/01/03 11:35:33 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Desktop\HijackThis.lnk
[2009/12/24 12:03:35 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Search and Replace.lnk
[2009/11/19 11:33:58 | 00,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/11/19 11:33:36 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/10/03 21:52:29 | 00,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2009/07/14 16:04:00 | 00,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/07/14 16:03:59 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/03/03 18:52:56 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\PnkBstrK.sys
[2008/12/10 22:39:30 | 00,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/06/13 19:41:11 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\Final Draft Tagger Preferences
[2008/06/12 18:48:32 | 00,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/06/10 11:03:18 | 00,000,011 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2007/12/26 18:13:44 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\kodakpcd.ini
[2007/12/04 15:55:13 | 00,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/10/18 16:36:54 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/07/10 16:13:04 | 00,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2007/07/02 16:49:52 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/07 09:34:31 | 00,004,472 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\BonsaiErrorLog.txt
[2007/04/06 02:01:49 | 00,000,140 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/01 18:19:30 | 00,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2007/03/23 21:46:27 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2007/01/27 18:16:00 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/01/27 18:16:00 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/01/27 18:15:59 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/01/27 18:15:12 | 00,000,081 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/09/13 20:00:43 | 00,034,900 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/29 18:31:33 | 00,002,726 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2006/07/29 18:15:32 | 00,139,776 | ---- | C] () -- C:\WINDOWS\System32\DCclean.dll
[2006/07/11 20:54:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2006/06/26 19:58:43 | 00,140,800 | ---- | C] () -- C:\WINDOWS\unez200.dll
[2006/06/14 20:08:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Application Data\sversion.ini
[2006/03/11 15:58:25 | 01,069,056 | ---- | C] () -- C:\WINDOWS\libmysql.dll
[2006/02/01 21:34:28 | 00,042,724 | ---- | C] () -- C:\WINDOWS\php.ini
[2006/01/28 23:59:39 | 00,000,459 | ---- | C] () -- C:\WINDOWS\my.ini
[2005/12/30 22:26:50 | 00,000,255 | ---- | C] () -- C:\WINDOWS\Web2Text.ini
[2005/12/17 21:05:00 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Simon Eriksson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/08/24 12:56:04 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/05/15 19:52:35 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/05/08 23:27:24 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/04/19 03:11:40 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/04/17 02:35:19 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/10/05 23:44:46 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/05 23:31:54 | 00,108,295 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/10/05 23:31:40 | 00,108,329 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/09/30 15:55:58 | 00,000,399 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 12:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2002/05/15 22:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 17:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/22 05:57:16 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/09/22 05:57:16 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/22 05:57:16 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/09/22 05:57:16 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\ATAPI.SYS
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2009/08/06 00:00:00 | 00,028,787 | ---- | M] () MD5=9517DD94BABFCCDBA18772AB41AF4A57 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users