Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware or hijacked computer - excessive sent packets


  • This topic is locked This topic is locked
8 replies to this topic

#1 madmikee

madmikee

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 13 February 2010 - 03:06 PM

Hello,

I noticed that my internet activity icon is on all the time, and the sent packets way exceed the downloaded packets. It looks like some nameless person who has access to this computer has picked up some porn site malware? I don't know, but I need help getting rid of it. I am running Kaspersky Internet Secirity (firewall and anti-virus), but don't know how to kick this thing.

thank you for the help!!!

DDS text log

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike at 11:22:03.06 on Sat 02/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.62 [GMT -8:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Documents and Settings\Mike\Desktop\Printkey.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Mike\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DVDTray] c:\program files\ahead\odd toolkit\DVDTray.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} - hxxp://www.mushkin.com/_detect/InSPECS3_0.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-1-1 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-12-30 91392]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys --> c:\windows\system32\drivers\motport.sys [?]

=============== Created Last 30 ================

2010-02-13 19:19:42 0 ----a-w- c:\documents and settings\mike\defogger_reenable

==================== Find3M ====================

2010-01-02 00:35:30 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-02 00:35:30 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-29 16:25:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-12-29 16:25:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-13 08:23:14 74264 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-11-21 15:51:04 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2008-09-30 17:06:06 128535711 ----a-w- c:\program files\openofficeorg1.cab
2008-09-30 16:29:36 217 ----a-w- c:\program files\setup.ini
2008-09-30 16:29:32 9772544 ----a-w- c:\program files\openofficeorg30.msi
2008-09-18 16:08:54 424728 ----a-w- c:\program files\setup.exe
2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe
2009-10-11 22:21:34 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-09-27 17:16:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 11:23:56.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:35 PM

Posted 18 February 2010 - 12:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 madmikee

madmikee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 19 February 2010 - 01:04 AM

thank you for helping!!!

I noticed that my computer was sending a huge amount of packets, ran a netscan, and posted the image of what I saw in the prevoius post. I ran and posted the DDS log. I downlaoded and ran Malwarebyte;s and it picked up a number of rouge installers. I then did a complete Kaspersky Internet Security 2010 scan (found nothing) then set up a rule to block outgoing packets to the www.3x-galls.com website, which appears to still have a large number port connections established.

OTL logfile created on: 2/18/2010 9:13:44 PM - Run 1
OTL by OldTimer - Version 3.1.30.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.44 Gb Total Space | 148.44 Gb Free Space | 53.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 55.84 Gb Total Space | 8.58 Gb Free Space | 15.36% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-B7B19283C4
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/18 21:10:37 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/01/30 08:51:13 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/10/20 19:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/25 04:23:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/16 19:12:28 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/15 13:55:10 | 000,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/04/18 01:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 00:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/09 00:15:10 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/03/25 19:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 19:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/11/02 19:12:50 | 000,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/10/14 20:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/03/31 11:44:32 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/06/20 23:10:30 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2004/09/03 00:58:48 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe
PRC - [2003/10/06 13:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/08/29 04:59:24 | 000,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/18 21:10:37 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/30 08:51:13 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/25 21:12:04 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/16 19:12:28 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/04/18 01:30:43 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/09 00:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 20:25:50 | 000,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/06/20 23:10:30 | 000,053,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/10/06 13:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)


========== Driver Services (SafeList) ==========

DRV - [2010/01/01 16:27:31 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/20 11:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 11:45:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/13 10:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 10:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 10:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/09 00:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 00:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/11 15:31:33 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/01/17 08:37:19 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/01/17 08:37:18 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/01/17 08:37:17 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/12/31 10:09:58 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermptxp.sys -- (usbsermptxp)
DRV - [2006/12/31 09:05:54 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/22 20:55:11 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/06/02 19:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 18:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2003/10/06 13:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/22 10:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 06:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 06:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2002/10/15 13:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2002/09/03 08:56:37 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2002/09/03 08:53:10 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/06/13 14:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/30 11:53:08 | 000,139,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2001/08/17 05:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1960408961-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1960408961-2049760794-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1960408961-2049760794-839522115-1004\S-1-5-21-1960408961-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1960408961-2049760794-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1960408961-2049760794-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1960408961-2049760794-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKU\S-1-5-21-1960408961-2049760794-839522115-1005\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1960408961-2049760794-839522115-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1960408961-2049760794-839522115-1005\S-1-5-21-1960408961-2049760794-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2008/12/06 09:00:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/04 09:05:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/01/01 16:29:42 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/03/22 08:58:12 | 000,303,238 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.3x-galls.com
O1 - Hosts: 127.0.0.1 3x-galls.com
O1 - Hosts: 127.0.0.1 www.3xmiracle.com
O1 - Hosts: 127.0.0.1 3xmiracle.com
O1 - Hosts: 127.0.0.1 www.3xmoviesblog.com
O1 - Hosts: 127.0.0.1 3xmoviesblog.com
O1 - Hosts: 127.0.0.1 www.404dns.com
O1 - Hosts: 127.0.0.1 404dns.com
O1 - Hosts: 127.0.0.1 www.4199.com
O1 - Hosts: 127.0.0.1 4199.com
O1 - Hosts: 127.0.0.1 www.4corn.net
O1 - Hosts: 127.0.0.1 4corn.net
O1 - Hosts: 127.0.0.1 www.4ebay.it
O1 - Hosts: 127.0.0.1 4ebay.it
O1 - Hosts: 127.0.0.1 4klm.com
O1 - Hosts: 127.0.0.1 www.4mpg.com
O1 - Hosts: 127.0.0.1 4mpg.com
O1 - Hosts: 127.0.0.1 www.5zgmu7o20kt5d8yq.com
O1 - Hosts: 127.0.0.1 5zgmu7o20kt5d8yq.com
O1 - Hosts: 127.0.0.1 www.680180.net
O1 - Hosts: 127.0.0.1 680180.net
O1 - Hosts: 127.0.0.1 www.6sek.com
O1 - Hosts: 127.0.0.1 6sek.com
O1 - Hosts: 127.0.0.1 www.70-music.com
O1 - Hosts: 127.0.0.1 70-music.com
O1 - Hosts: 10450 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1960408961-2049760794-839522115-1004\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1960408961-2049760794-839522115-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1960408961-2049760794-839522115-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1960408961-2049760794-839522115-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1960408961-2049760794-839522115-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ben\Start Menu\Programs\Startup\Event Reminder.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-2049760794-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-2049760794-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-1960408961-2049760794-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1960408961-2049760794-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-2049760794-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1960408961-2049760794-839522115-1004\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1960408961-2049760794-839522115-1005\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} http://www.mushkin.com/_detect/InSPECS3_0.cab (InSPECS3_0 Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/18 15:53:00 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\PROGRA~1\iolo\SYSTEM~1\) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/10/28 18:15:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/18 21:10:30 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/02/17 23:36:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\Recent
[2010/02/14 10:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\New Folder
[2010/02/14 08:45:19 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys
[2010/02/14 08:45:19 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010/02/13 12:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2010/02/13 12:43:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/13 12:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/13 12:43:00 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/13 12:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/13 12:33:49 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\mbam-setup.exe
[2010/02/13 11:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\gmer
[2010/02/08 19:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\2009 Tax Returns
[2010/02/02 20:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\pics to iPhone
[2010/01/28 17:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\tires
[2010/01/01 16:15:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/01 16:15:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/01 16:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/01 16:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/06 14:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/06 13:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/12/26 23:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/22 09:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2002/04/10 23:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2002/03/11 01:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002/03/11 00:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[230 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/18 21:19:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0CEE4D3B-5CDA-4C1C-9907-A5E36D3FCAD4}.job
[2010/02/18 21:10:37 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/02/18 21:00:38 | 000,579,482 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/18 21:00:38 | 000,481,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/18 21:00:38 | 000,087,496 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/18 20:57:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/18 20:57:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mike\ntuser.ini
[2010/02/18 20:57:26 | 012,845,056 | ---- | M] () -- C:\Documents and Settings\Mike\ntuser.dat
[2010/02/18 20:56:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/18 15:58:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/18 15:55:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/18 15:55:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/18 15:54:59 | 502,317,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/17 23:35:40 | 011,426,156 | -H-- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\IconCache.db
[2010/02/16 19:07:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/15 14:51:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/15 11:55:12 | 000,248,552 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\netstat.jpg
[2010/02/15 11:53:06 | 000,065,645 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\network packet activity.jpg
[2010/02/14 13:56:37 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 7.lnk
[2010/02/14 13:43:22 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
[2010/02/14 09:50:02 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\CCleaner.lnk
[2010/02/14 08:56:31 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/13 12:43:28 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/13 12:33:49 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\mbam-setup.exe
[2010/02/13 11:27:24 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\gmer.zip
[2010/02/13 11:21:34 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/02/13 11:19:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mike\defogger_reenable
[2010/02/13 11:18:47 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Defogger.exe
[2010/02/13 10:45:14 | 000,009,404 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\cc_20100213_104509.reg
[2010/02/13 10:21:21 | 000,154,112 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 08:32:08 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/02/01 23:05:46 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/19 23:07:31 | 110,043,136 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\pup-431.iso
[230 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/14 19:32:30 | 502,317,056 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/14 13:43:22 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
[2010/02/13 12:43:28 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/13 11:27:23 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\gmer.zip
[2010/02/13 11:21:34 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/02/13 11:19:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mike\defogger_reenable
[2010/02/13 11:18:47 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Defogger.exe
[2010/02/13 10:45:13 | 000,009,404 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\cc_20100213_104509.reg
[2010/02/13 08:15:51 | 000,248,552 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\netstat.jpg
[2010/02/13 07:49:56 | 000,065,645 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\network packet activity.jpg
[2010/01/30 08:51:41 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/30 08:51:40 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/19 23:06:31 | 110,043,136 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\pup-431.iso
[2009/05/31 18:14:29 | 000,818,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/03/03 11:19:11 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/02/05 10:18:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/11/17 21:18:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sensor.INI
[2008/09/30 09:06:06 | 128,535,711 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2008/09/30 08:29:36 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2008/09/30 08:29:32 | 009,772,544 | ---- | C] () -- C:\Program Files\openofficeorg30.msi
[2008/09/10 16:16:31 | 000,003,601 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/12 22:47:02 | 000,000,702 | ---- | C] () -- C:\WINDOWS\NewsRover.INI
[2007/11/25 10:34:51 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/01 07:43:24 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2006/12/23 20:27:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/11/26 10:17:58 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2006/11/22 11:43:34 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2006/11/22 11:31:13 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2006/11/22 11:31:13 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2006/11/22 11:31:13 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2006/11/22 11:31:13 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2006/11/22 11:31:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/11/01 18:12:15 | 000,001,289 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/22 12:22:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2006/06/26 19:49:05 | 000,000,172 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/21 17:57:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\~tmp.INI
[2006/02/21 15:45:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/23 07:36:29 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/10/04 07:32:32 | 000,154,112 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/04 05:57:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/04 05:24:44 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSC82.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2004/12/20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/07/17 10:48:44 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004490_.tmp.dll
[2004/07/17 10:48:44 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004458_.tmp.dll
[2003/07/08 12:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/12/07 00:00:00 | 000,024,974 | ---- | C] () -- C:\WINDOWS\twain_16.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/04/13 16:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[230 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/24 08:47:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/24 08:47:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 15:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 15:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/24 08:47:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/24 08:47:03 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 14:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\boot.ini:SummaryInformation
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
< End of report >

OTL Extras logfile created on: 2/18/2010 9:13:44 PM - Run 1
OTL by OldTimer - Version 3.1.30.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 140.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.44 Gb Total Space | 148.44 Gb Free Space | 53.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 55.84 Gb Total Space | 8.58 Gb Free Space | 15.36% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-B7B19283C4
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1960408961-2049760794-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.18.8 -- (Lime Wire, LLC)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"D:\setup\HPZNUI01.EXE" = D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe -- File not found
"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- File not found
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Pinnacle\Studio 10\programs\studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\studio.exe:*:Enabled:Studio program file -- (Pinnacle Systems)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\IObit\Advanced SystemCare 3\IObitUpdate.exe" = C:\Program Files\IObit\Advanced SystemCare 3\IObitUpdate.exe:*:Enabled:IObitUpdate.exe -- (IObit)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 4
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD4203ED-7683-435E-B436-C299773A9936}" = MapSource - US Topo v3.02
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3B76517-C1BC-40A7-814C-4C0A87E7D9DF}" = Garmin MapSource
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.7
"File Recover_is1" = File Recover 5.0
"FileZilla" = FileZilla (remove only)
"Handy Recovery 2.0" = Handy Recovery 2.0
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"Hollywood FX Pack 26 - Extra FX" = Hollywood FX Pack 26 - Extra FX
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IrfanView" = IrfanView (remove only)
"KAISPOWERSHOW" = Kai's Power SHOW
"LimeWire" = LimeWire 4.16.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapSource" = MapSource
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"proDAD-Heroglyph-2.0" = proDAD Heroglyph 2.0
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Serif DrawPlus 3.0" = Serif DrawPlus 3.0
"Smart Defrag_is1" = Smart Defrag
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/18/2010 1:56:09 AM | Computer Name = MIKE-B7B19283C4 | Source = Google Update | ID = 20
Description =

Error - 2/18/2010 2:56:06 AM | Computer Name = MIKE-B7B19283C4 | Source = Google Update | ID = 20
Description =

Error - 2/18/2010 7:56:05 PM | Computer Name = MIKE-B7B19283C4 | Source = Google Update | ID = 20
Description =

Error - 2/18/2010 7:57:14 PM | Computer Name = MIKE-B7B19283C4 | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Sign-in Assistant -- The installer has encountered
an unexpected error installing this package. This may indicate a problem with this
package. The error code is 2753. The arguments are: SDKCOMPONENTS_PPCRL_WLLOGINPROXY.EXE,
,

Error - 2/18/2010 7:57:27 PM | Computer Name = MIKE-B7B19283C4 | Source = MsiInstaller | ID = 11722
Description = Product: Windows Live Sign-in Assistant -- Error 1722. There is a
problem with this Windows Installer package. A program run as part of the setup
did not finish as expected. Contact your support personnel or package vendor. Action
RegisterWLLoginProxy, location: C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe, command: -regserver

Error - 2/18/2010 8:56:06 PM | Computer Name = MIKE-B7B19283C4 | Source = Google Update | ID = 20
Description =

Error - 2/18/2010 9:56:05 PM | Computer Name = MIKE-B7B19283C4 | Source = Google Update | ID = 20
Description =

Error - 2/18/2010 10:56:05 PM | Computer Name = MIKE-B7B19283C4 | Source = Google Update | ID = 20
Description =

Error - 2/18/2010 11:56:05 PM | Computer Name = MIKE-B7B19283C4 | Source = Google Update | ID = 20
Description =

Error - 2/19/2010 12:56:05 AM | Computer Name = MIKE-B7B19283C4 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2/17/2010 9:28:21 PM | Computer Name = MIKE-B7B19283C4 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {41C8D38D-3B56-4AF4-8BC2-361BC6ADED23}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Kaspersky Lab\Kaspersky
Internet Security 2010\klwtblfs.exe" -Embedding

Error - 2/17/2010 9:28:24 PM | Computer Name = MIKE-B7B19283C4 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {641B9FB0-C2B1-41BD-8563-5F484E3BE84A}.
The
error: "%2" Happened while starting this command: "C:\Program Files\HP\Digital Imaging\Smart
Web Printing\hpswp_clipbook.exe" -Embedding

Error - 2/17/2010 9:28:38 PM | Computer Name = MIKE-B7B19283C4 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 2/17/2010 9:30:09 PM | Computer Name = MIKE-B7B19283C4 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {41C8D38D-3B56-4AF4-8BC2-361BC6ADED23}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Kaspersky Lab\Kaspersky
Internet Security 2010\klwtblfs.exe" -Embedding

Error - 2/17/2010 9:30:12 PM | Computer Name = MIKE-B7B19283C4 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {641B9FB0-C2B1-41BD-8563-5F484E3BE84A}.
The
error: "%2" Happened while starting this command: "C:\Program Files\HP\Digital Imaging\Smart
Web Printing\hpswp_clipbook.exe" -Embedding

Error - 2/17/2010 9:30:21 PM | Computer Name = MIKE-B7B19283C4 | Source = DCOM | ID = 10001
Description = Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-Embedding

Error - 2/18/2010 7:56:51 PM | Computer Name = MIKE-B7B19283C4 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 2/18/2010 7:58:00 PM | Computer Name = MIKE-B7B19283C4 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Windows Live Sign-In Assistant (KB 967912).

Error - 2/18/2010 8:04:47 PM | Computer Name = MIKE-B7B19283C4 | Source = DCOM | ID = 10010
Description = The server {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} did not register
with DCOM within the required timeout.

Error - 2/18/2010 8:06:49 PM | Computer Name = MIKE-B7B19283C4 | Source = DCOM | ID = 10010
Description = The server {E225E692-4B47-4777-9BED-4FD7FE257F0E} did not register
with DCOM within the required timeout.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:35 PM

Posted 20 February 2010 - 06:04 AM

Hi,

your PC isn't connecting to said porn site. When you installed a hosts file to protect yourself from accessing such sites, it accidentally overwrote the first line saying 127.0.0.1 localhost. So now all the connections that your PC is making to itself (that's how it communicates) look as if they actually are connection to the porn site.

To repair this go to C:\windows\system32\drivers\etc and open the hosts file. As a first line add 127.0.0.1 localhost right before 127.0.0.1 www.3x-galls.com. Then save the file and exit.

Let me know if you get any message about access denied when saving the file.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 madmikee

madmikee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 20 February 2010 - 12:08 PM

Okay. I edited the host file (with no extension).

now it seems okay. However, a day or so ago I no longer saw the internet activity icon displaying, even though this option is checked.

Do I need to do anything else?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:35 PM

Posted 20 February 2010 - 12:56 PM

Hi,

I would just like to check a couple more things for malware, to see if anything is present.

please run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 madmikee

madmikee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 23 February 2010 - 08:57 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-23 05:50:10
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\kfniikoc.sys

.text ...

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6DAC340, 0x121A5F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x25BA81, 0xF8000020]
.text ntoskrnl.exe!_abnormal_termination + 114 804E2780 16 Bytes [4E, B3, B9, F4, C6, CF, B9, ...]
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes [8C, E6, B9, F4, 12, A4, B9, ...]
.text ntoskrnl.exe!_abnormal_termination + 31C 804E2988 4 Bytes JMP A09D1E46
.text ntoskrnl.exe!_abnormal_termination + 34D 804E29B9 15 Bytes [AB, B9, F4, B0, A2, B9, F4, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [F8, F1, B9, F4, 20, F3, B9, ...]
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512939 5 Bytes JMP F4B904DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntoskrnl.exe!IoIsOperationSynchronous 804E876A 5 Bytes JMP F4B908B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F4676820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F4676820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [F46766D0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.ban@ PMWBannerType
Reg HKLM\SOFTWARE\Classes\.biz@ PMWBizcardType
Reg HKLM\SOFTWARE\Classes\.bro@ PMWBrochureType
Reg HKLM\SOFTWARE\Classes\.cal@ PMWCalendarType
Reg HKLM\SOFTWARE\Classes\.car@ PMWCardType
Reg HKLM\SOFTWARE\Classes\.dgr@ Viewer
Reg HKLM\SOFTWARE\Classes\.env@ PMWEnvelopeType
Reg HKLM\SOFTWARE\Classes\.fax@ PMWFaxCoverType
Reg HKLM\SOFTWARE\Classes\.lbl@ PMWLabelType
Reg HKLM\SOFTWARE\Classes\.let@ PMWLetterheadType
Reg HKLM\SOFTWARE\Classes\.not@ PMWNoteCardType
Reg HKLM\SOFTWARE\Classes\.ple@ MsgPlus.Encrypted
Reg HKLM\SOFTWARE\Classes\.plp@ MsgPlus.SoundPack
Reg HKLM\SOFTWARE\Classes\.rpl@ Rhapsody Playlist
Reg HKLM\SOFTWARE\Classes\.sco@ Sibelius.Scorch
Reg HKLM\SOFTWARE\Classes\.sco@Content Type application/x-sibelius-score
Reg HKLM\SOFTWARE\Classes\.sib@ Sibelius.Scorch
Reg HKLM\SOFTWARE\Classes\.sib@Content Type application/x-sibelius-score
Reg HKLM\SOFTWARE\Classes\.sig@ PMWPosterType
Reg HKLM\SOFTWARE\Classes\.t31@ Viewer
Reg HKLM\SOFTWARE\Classes\.zmf@ ZAMailSafe
Reg HKLM\SOFTWARE\Classes\.zmf@Original Extension RAR
Reg HKLM\SOFTWARE\Classes\.zmg@ ZAMailSafe
Reg HKLM\SOFTWARE\Classes\.zmg@Original Extension DLL
Reg HKLM\SOFTWARE\Classes\.zmh@ ZAMailSafe
Reg HKLM\SOFTWARE\Classes\.zmh@Original Extension EML
Reg HKLM\SOFTWARE\Classes\.zmi@ ZAMailSafe
Reg HKLM\SOFTWARE\Classes\.zmi@Original Extension OCX
Reg HKLM\SOFTWARE\Classes\.zmj@ ZAMailSafe
Reg HKLM\SOFTWARE\Classes\.zmj@Original Extension SYS
Reg HKLM\SOFTWARE\Classes\.zmk@ ZAMailSafe
Reg HKLM\SOFTWARE\Classes\.zmk@Original Extension RAR
Reg HKLM\SOFTWARE\Classes\.zml@ ZAMailSafe
Reg HKLM\SOFTWARE\Classes\.zml@Original Extension DLL
Reg HKLM\SOFTWARE\Classes\.zmm@ ZAMailSafe
Reg HKLM\SOFTWARE\Classes\.zmm@Original Extension EML
Reg HKLM\SOFTWARE\Classes\.zmn@ ZAMailSafe
Reg HKLM\SOFTWARE\Classes\.zmn@Original Extension OCX
Reg HKLM\SOFTWARE\Classes\.zmo@ ZAMailSafe
Reg HKLM\SOFTWARE\Classes\.zmo@Original Extension SYS
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\ComProxy.IIDCRLWrapper.1@ IIDCRLWrapper Class
Reg HKLM\SOFTWARE\Classes\ComProxy.IIDCRLWrapper.1\CLSID
Reg HKLM\SOFTWARE\Classes\ComProxy.IIDCRLWrapper.1\CLSID@ {CD79C623-E1B7-47CF-A685-2E8A882BA3F8}
Reg HKLM\SOFTWARE\Classes\ComProxy.IIDCRLWrapper@ IIDCRLWrapper Class
Reg HKLM\SOFTWARE\Classes\ComProxy.IIDCRLWrapper\CLSID
Reg HKLM\SOFTWARE\Classes\ComProxy.IIDCRLWrapper\CLSID@ {CD79C623-E1B7-47CF-A685-2E8A882BA3F8}
Reg HKLM\SOFTWARE\Classes\ComProxy.IIDCRLWrapper\CurVer
Reg HKLM\SOFTWARE\Classes\ComProxy.IIDCRLWrapper\CurVer@ ComProxy.IIDCRLWrapper.1
Reg HKLM\SOFTWARE\Classes\contact_vcard_file@ VCard File
Reg HKLM\SOFTWARE\Classes\contact_vcard_file@FriendlyTypeName @C:\Program Files\Windows Live\Mail\wlmail.exe,-225
Reg HKLM\SOFTWARE\Classes\contact_vcard_file\DefaultIcon
Reg HKLM\SOFTWARE\Classes\contact_vcard_file\DefaultIcon@ C:\Program Files\Windows Live\Mail\wlmail.exe,-6
Reg HKLM\SOFTWARE\Classes\contact_vcard_file\shell
Reg HKLM\SOFTWARE\Classes\contact_vcard_file\shell\edit
Reg HKLM\SOFTWARE\Classes\contact_vcard_file\shell\edit\command
Reg HKLM\SOFTWARE\Classes\contact_vcard_file\shell\edit\command@ "C:\Program Files\Windows Live\Mail\wlmail.exe" /VCard %1
Reg HKLM\SOFTWARE\Classes\contact_vcard_file\shell\open
Reg HKLM\SOFTWARE\Classes\contact_vcard_file\shell\open\command
Reg HKLM\SOFTWARE\Classes\contact_vcard_file\shell\open\command@ "C:\Program Files\Windows Live\Mail\wlmail.exe" /VCard %1
Reg HKLM\SOFTWARE\Classes\DAL.DALObj\CLSID
Reg HKLM\SOFTWARE\Classes\DAL.DALObj\CLSID@ {D1232BBD-55E7-4D36-936C-681137957356}
Reg HKLM\SOFTWARE\Classes\DEKO.DekoCtrl.2@ Deko Control
Reg HKLM\SOFTWARE\Classes\DEKO.DekoCtrl.2\CLSID
Reg HKLM\SOFTWARE\Classes\DEKO.DekoCtrl.2\CLSID@ {F5FBB24A-E4AE-47B2-9B3D-082DF34B5774}
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller.1@ SwInstaller Class
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller.1\CLSID
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller.1\CLSID@ {D21ED08F-6B88-45EC-A71C-6BD453B561D0}
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller@ SwInstaller Class
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller\CLSID
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller\CLSID@ {D21ED08F-6B88-45EC-A71C-6BD453B561D0}
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller\CurVer
Reg HKLM\SOFTWARE\Classes\Download.SwInstaller\CurVer@ Download.SwInstaller.1
Reg HKLM\SOFTWARE\Classes\IDiscSDK2.APIRoot@
Reg HKLM\SOFTWARE\Classes\IDiscSDK2.APIRoot\Clsid
Reg HKLM\SOFTWARE\Classes\IDiscSDK2.APIRoot\Clsid@ {7E509275-B08C-49B2-9422-B0AF845A3EE8}
Reg HKLM\SOFTWARE\Classes\IDiscSDK2.DiscContentAPI@
Reg HKLM\SOFTWARE\Classes\IDiscSDK2.DiscContentAPI\Clsid
Reg HKLM\SOFTWARE\Classes\IDiscSDK2.DiscContentAPI\Clsid@ {2B53FE7F-472A-4610-90FB-A7197FB2A516}
Reg HKLM\SOFTWARE\Classes\IDiscSDK2.SectorModeInfo@
Reg HKLM\SOFTWARE\Classes\IDiscSDK2.SectorModeInfo\Clsid
Reg HKLM\SOFTWARE\Classes\IDiscSDK2.SectorModeInfo\Clsid@ {1CE60B82-AB98-4235-A05E-34D677E3CA37}
Reg HKLM\SOFTWARE\Classes\KNOBCONTROL.KnobCtrl.1@ Knob Control
Reg HKLM\SOFTWARE\Classes\KNOBCONTROL.KnobCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\KNOBCONTROL.KnobCtrl.1\CLSID@ {04F0A7D0-FBC7-4213-AF0C-E51B6A68BEDD}
Reg HKLM\SOFTWARE\Classes\KNOBCONTROL.KnobCtrl.1\Insertable
Reg HKLM\SOFTWARE\Classes\KNOBCONTROL.KnobCtrl.1\Insertable@
Reg HKLM\SOFTWARE\Classes\magnet@ URL:MagNet Protocol
Reg HKLM\SOFTWARE\Classes\magnet@URL Protocol
Reg HKLM\SOFTWARE\Classes\magnet\DefaultIcon
Reg HKLM\SOFTWARE\Classes\magnet\DefaultIcon@ "C:\Program Files\LimeWire\LimeWire.ico",-128
Reg HKLM\SOFTWARE\Classes\magnet\shell
Reg HKLM\SOFTWARE\Classes\magnet\shell@
Reg HKLM\SOFTWARE\Classes\magnet\shell\open
Reg HKLM\SOFTWARE\Classes\magnet\shell\open@
Reg HKLM\SOFTWARE\Classes\magnet\shell\open\command
Reg HKLM\SOFTWARE\Classes\magnet\shell\open\command@ "C:\Program Files\LimeWire\LimeWire.exe" "%L"
Reg HKLM\SOFTWARE\Classes\MessengerStatsClient.MessengerStatsClientLogic.1@ MessengerStatsClient Class
Reg HKLM\SOFTWARE\Classes\MessengerStatsClient.MessengerStatsClientLogic.1\CLSID
Reg HKLM\SOFTWARE\Classes\MessengerStatsClient.MessengerStatsClientLogic.1\CLSID@ {c3f79a2b-b9b4-4a66-b012-3ee46475b072}
Reg HKLM\SOFTWARE\Classes\MessengerStatsClient.MessengerStatsClientLogic@ MessengerStatsClient Class
Reg HKLM\SOFTWARE\Classes\MessengerStatsClient.MessengerStatsClientLogic\CLSID
Reg HKLM\SOFTWARE\Classes\MessengerStatsClient.MessengerStatsClientLogic\CLSID@ {c3f79a2b-b9b4-4a66-b012-3ee46475b072}
Reg HKLM\SOFTWARE\Classes\MessengerStatsClient.MessengerStatsClientLogic\CurVer
Reg HKLM\SOFTWARE\Classes\MessengerStatsClient.MessengerStatsClientLogic\CurVer@ MessengerStatsClient.MessengerStatsClientLogic.1
Reg HKLM\SOFTWARE\Classes\MOV_auto_file@
Reg HKLM\SOFTWARE\Classes\MOV_auto_file\shell
Reg HKLM\SOFTWARE\Classes\MOV_auto_file\shell@ open
Reg HKLM\SOFTWARE\Classes\MOV_auto_file\shell\open
Reg HKLM\SOFTWARE\Classes\MOV_auto_file\shell\open@ &Open
Reg HKLM\SOFTWARE\Classes\MOV_auto_file\shell\open\command
Reg HKLM\SOFTWARE\Classes\MOV_auto_file\shell\open\command@ C:\Program Files\Windows Media Player\wmplayer.exe /Open "%L"
Reg HKLM\SOFTWARE\Classes\MOV_auto_file\shell\play
Reg HKLM\SOFTWARE\Classes\MOV_auto_file\shell\play@ &Play
Reg HKLM\SOFTWARE\Classes\MOV_auto_file\shell\play\command
Reg HKLM\SOFTWARE\Classes\MOV_auto_file\shell\play\command@ C:\Program Files\Windows Media Player\wmplayer.exe /Play "%L"
Reg HKLM\SOFTWARE\Classes\MsgPlus.Encrypted@ Encrypted Log File
Reg HKLM\SOFTWARE\Classes\MsgPlus.Encrypted\shell
Reg HKLM\SOFTWARE\Classes\MsgPlus.Encrypted\shell\open
Reg HKLM\SOFTWARE\Classes\MsgPlus.Encrypted\shell\open\command
Reg HKLM\SOFTWARE\Classes\MsgPlus.Encrypted\shell\open\command@ "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /LOG:%1
Reg HKLM\SOFTWARE\Classes\MsgPlus.SoundPack@ Messenger Plus! Sound Pack
Reg HKLM\SOFTWARE\Classes\MsgPlus.SoundPack\shell
Reg HKLM\SOFTWARE\Classes\MsgPlus.SoundPack\shell\open
Reg HKLM\SOFTWARE\Classes\MsgPlus.SoundPack\shell\open\command
Reg HKLM\SOFTWARE\Classes\MsgPlus.SoundPack\shell\open\command@ "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /SNDPACK:%1
Reg HKLM\SOFTWARE\Classes\myim@URL Protocol
Reg HKLM\SOFTWARE\Classes\myim\shell
Reg HKLM\SOFTWARE\Classes\pcledial.BufferedDisc@
Reg HKLM\SOFTWARE\Classes\pcledial.BufferedDisc\Clsid
Reg HKLM\SOFTWARE\Classes\pcledial.BufferedDisc\Clsid@ {7244EEEC-C949-4D71-9E91-5DCA7CAFE766}
Reg HKLM\SOFTWARE\Classes\pcledial.DiscBuilder@
Reg HKLM\SOFTWARE\Classes\pcledial.DiscBuilder\Clsid
Reg HKLM\SOFTWARE\Classes\pcledial.DiscBuilder\Clsid@ {541A942C-CE11-494B-A577-89265B8AEE2D}
Reg HKLM\SOFTWARE\Classes\pcledial.DiscCopier@
Reg HKLM\SOFTWARE\Classes\pcledial.DiscCopier\Clsid
Reg HKLM\SOFTWARE\Classes\pcledial.DiscCopier\Clsid@ {217A615D-E1AC-4564-B44E-D3009F910BDB}
Reg HKLM\SOFTWARE\Classes\pcledial.SectorModeInfo@
Reg HKLM\SOFTWARE\Classes\pcledial.SectorModeInfo\Clsid
Reg HKLM\SOFTWARE\Classes\pcledial.SectorModeInfo\Clsid@ {1CE60B82-AB98-4235-A05E-34D677E3CA37}
Reg HKLM\SOFTWARE\Classes\PcleDiscBurner.DiscBurner.1@ DiscBurner Class
Reg HKLM\SOFTWARE\Classes\PcleDiscBurner.DiscBurner.1\CLSID
Reg HKLM\SOFTWARE\Classes\PcleDiscBurner.DiscBurner.1\CLSID@ {8D30D22B-2A45-4C99-A54E-0A2832C26B2E}
Reg HKLM\SOFTWARE\Classes\PcleDiscBurner.DiscBurner@ DiscBurner Class
Reg HKLM\SOFTWARE\Classes\PcleDiscBurner.DiscBurner\CLSID
Reg HKLM\SOFTWARE\Classes\PcleDiscBurner.DiscBurner\CLSID@ {8D30D22B-2A45-4C99-A54E-0A2832C26B2E}
Reg HKLM\SOFTWARE\Classes\PcleDiscBurner.DiscBurner\CurVer
Reg HKLM\SOFTWARE\Classes\PcleDiscBurner.DiscBurner\CurVer@ PcleDiscBurner.DiscBurner.1
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMaker.1@ DiscMaker Class
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMaker.1\CLSID
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMaker.1\CLSID@ {A34A1C0F-D23E-4970-AD57-5D4ED009D3C9}
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMaker@ DiscMaker Class
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMaker\CLSID
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMaker\CLSID@ {A34A1C0F-D23E-4970-AD57-5D4ED009D3C9}
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMaker\CurVer
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMaker\CurVer@ PcleDiscMaker.DiscMaker.1
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMakerEvents.1@ DiscMakerEvents Class
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMakerEvents.1\CLSID
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMakerEvents.1\CLSID@ {E65CF92D-4BDC-44BF-BBF0-9CEF14F4663F}
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMakerEvents@ DiscMakerEvents Class
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMakerEvents\CLSID
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMakerEvents\CLSID@ {E65CF92D-4BDC-44BF-BBF0-9CEF14F4663F}
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMakerEvents\CurVer
Reg HKLM\SOFTWARE\Classes\PcleDiscMaker.DiscMakerEvents\CurVer@ PcleDiscMaker.DiscMakerEvents.1
Reg HKLM\SOFTWARE\Classes\PCLEmsl.PCLE AudioCodecs@
Reg HKLM\SOFTWARE\Classes\PCLEmsl.PCLE AudioCodecs\Clsid
Reg HKLM\SOFTWARE\Classes\PCLEmsl.PCLE AudioCodecs\Clsid@ {61A04DD2-C5C8-44A5-8001-14FB85DD994E}
Reg HKLM\SOFTWARE\Classes\picasa2.autoplay@DefaultIcon C:\Program Files\Google\Picasa3\Picasa3.exe,1
Reg HKLM\SOFTWARE\Classes\picasa2.autoplay\shell
Reg HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import
Reg HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command
Reg HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command@ C:\Program Files\Google\Picasa3\Picasa3.exe "%1"
Reg HKLM\SOFTWARE\Classes\PMWBannerType@ PMW Banner Type
Reg HKLM\SOFTWARE\Classes\PMWBannerType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWBannerType\CLSID@ {76F54462-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWBannerType\shell
Reg HKLM\SOFTWARE\Classes\PMWBannerType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWBannerType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWBannerType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWBannerType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWBannerType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWBizcardType@ PMW Business Card Type
Reg HKLM\SOFTWARE\Classes\PMWBizcardType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWBizcardType\CLSID@ {76F54466-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWBizcardType\shell
Reg HKLM\SOFTWARE\Classes\PMWBizcardType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWBizcardType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWBizcardType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWBizcardType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWBizcardType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWBrochureType@ PMW Brochure Type
Reg HKLM\SOFTWARE\Classes\PMWBrochureType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWBrochureType\CLSID@ {76F5446C-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWBrochureType\shell
Reg HKLM\SOFTWARE\Classes\PMWBrochureType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWBrochureType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWBrochureType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWBrochureType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWBrochureType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWCalendarType@ PMW Calendar Type
Reg HKLM\SOFTWARE\Classes\PMWCalendarType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWCalendarType\CLSID@ {76F54463-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWCalendarType\shell
Reg HKLM\SOFTWARE\Classes\PMWCalendarType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWCalendarType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWCalendarType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWCalendarType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWCalendarType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWCardType@ PMW Card Type
Reg HKLM\SOFTWARE\Classes\PMWCardType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWCardType\CLSID@ {76F54461-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWCardType\shell
Reg HKLM\SOFTWARE\Classes\PMWCardType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWCardType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWCardType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWCardType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWCardType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWCertificateType@ PMW Certificate Type
Reg HKLM\SOFTWARE\Classes\PMWCertificateType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWCertificateType\CLSID@ {76F54467-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWCertificateType\shell
Reg HKLM\SOFTWARE\Classes\PMWCertificateType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWCertificateType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWCertificateType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWCertificateType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWCertificateType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWEnvelopeType@ PMW Envelope Type
Reg HKLM\SOFTWARE\Classes\PMWEnvelopeType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWEnvelopeType\CLSID@ {76F54465-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWEnvelopeType\shell
Reg HKLM\SOFTWARE\Classes\PMWEnvelopeType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWEnvelopeType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWEnvelopeType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWEnvelopeType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWEnvelopeType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWFaxCoverType@ PMW Fax Cover Type
Reg HKLM\SOFTWARE\Classes\PMWFaxCoverType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWFaxCoverType\CLSID@ {76F54469-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWFaxCoverType\shell
Reg HKLM\SOFTWARE\Classes\PMWFaxCoverType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWFaxCoverType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWFaxCoverType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWFaxCoverType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWFaxCoverType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWLabelType@ PMW Label Type
Reg HKLM\SOFTWARE\Classes\PMWLabelType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWLabelType\CLSID@ {76F54464-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWLabelType\shell
Reg HKLM\SOFTWARE\Classes\PMWLabelType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWLabelType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWLabelType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWLabelType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWLabelType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWLetterheadType@ PMW Letterhead Type
Reg HKLM\SOFTWARE\Classes\PMWLetterheadType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWLetterheadType\CLSID@ {76F5446A-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWLetterheadType\shell
Reg HKLM\SOFTWARE\Classes\PMWLetterheadType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWLetterheadType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWLetterheadType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWLetterheadType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWLetterheadType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWNewsletterType@ PMW Newsletter Type
Reg HKLM\SOFTWARE\Classes\PMWNewsletterType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWNewsletterType\CLSID@ {76F5446B-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWNewsletterType\shell
Reg HKLM\SOFTWARE\Classes\PMWNewsletterType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWNewsletterType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWNewsletterType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWNewsletterType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWNewsletterType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWNoteCardType@ PMW Note Card Type
Reg HKLM\SOFTWARE\Classes\PMWNoteCardType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWNoteCardType\CLSID@ {76F54468-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWNoteCardType\shell
Reg HKLM\SOFTWARE\Classes\PMWNoteCardType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWNoteCardType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWNoteCardType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWNoteCardType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWNoteCardType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\PMWPosterType@ PMW Poster Type
Reg HKLM\SOFTWARE\Classes\PMWPosterType\CLSID
Reg HKLM\SOFTWARE\Classes\PMWPosterType\CLSID@ {76F54460-046F-11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\command
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\command@ C:\PROGRA~1\MINDSC~1\PRINTM~1\PMW.EXE "%1"
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\ddeexec@ [open("%1")]
Reg HKLM\SOFTWARE\Classes\rhap@ URL: Rhapsody Protocol
Reg HKLM\SOFTWARE\Classes\rhap@URL Protocol
Reg HKLM\SOFTWARE\Classes\rhap\shell
Reg HKLM\SOFTWARE\Classes\rhap\shell\open
Reg HKLM\SOFTWARE\Classes\rhap\shell\open\command
Reg HKLM\SOFTWARE\Classes\Rhapsody Playlist@ Rhapsody 2 Playlist
Reg HKLM\SOFTWARE\Classes\Rhapsody Playlist\shell
Reg HKLM\SOFTWARE\Classes\Rhapsody Playlist\shell\open
Reg HKLM\SOFTWARE\Classes\Rhapsody Playlist\shell\open\command
Reg HKLM\SOFTWARE\Classes\Rhapsody.AudioCD.3@ Rhapsody AutoPlay for Audio CD
Reg HKLM\SOFTWARE\Classes\Rhapsody.AudioCD.3\shell
Reg HKLM\SOFTWARE\Classes\Rhapsody.AudioCD.3\shell\play
Reg HKLM\SOFTWARE\Classes\Rhapsody.AudioCD.3\shell\play\command
Reg HKLM\SOFTWARE\Classes\Rhapsody.CDBurn.3@ Rhapsody AutoPlay for Blank CD
Reg HKLM\SOFTWARE\Classes\Rhapsody.CDBurn.3\shell
Reg HKLM\SOFTWARE\Classes\Rhapsody.CDBurn.3\shell\open
Reg HKLM\SOFTWARE\Classes\Rhapsody.CDBurn.3\shell\open\command
Reg HKLM\SOFTWARE\Classes\Rhapsody.HWEventHandler.1@ Rhapsody Helper
Reg HKLM\SOFTWARE\Classes\Rhapsody.HWEventHandler.1\CLSID
Reg HKLM\SOFTWARE\Classes\Rhapsody.HWEventHandler.1\CLSID@ {5717E2AC-8A5C-47b7-BFE5-50BAD65AB904}
Reg HKLM\SOFTWARE\Classes\Rhapsody.HWEventHandler@ Rhapsody Helper
Reg HKLM\SOFTWARE\Classes\Rhapsody.HWEventHandler\CLSID
Reg HKLM\SOFTWARE\Classes\Rhapsody.HWEventHandler\CLSID@ {5717E2AC-8A5C-47b7-BFE5-50BAD65AB904}
Reg HKLM\SOFTWARE\Classes\Rhapsody.HWEventHandler\CurVer
Reg HKLM\SOFTWARE\Classes\Rhapsody.HWEventHandler\CurVer@ Rhapsody.HWEventHandler.1
Reg HKLM\SOFTWARE\Classes\Rhapsody.MusicDevice.3@ Rhapsody AutoPlay for Music Device
Reg HKLM\SOFTWARE\Classes\Rhapsody.MusicDevice.3\shell
Reg HKLM\SOFTWARE\Classes\Rhapsody.MusicDevice.3\shell\open
Reg HKLM\SOFTWARE\Classes\Rhapsody.MusicDevice.3\shell\open\command
Reg HKLM\SOFTWARE\Classes\Rhapsody.MusicDevice.3\shell\open\command@ "C:\Program Files\Rhapsody\rhapsody.exe" /device: "%1"
Reg HKLM\SOFTWARE\Classes\RhapsodyPlayerEngine.RhapsodyPlayerEngineCtrl.1@ RhapsodyPlayerEngineCtrl Class
Reg HKLM\SOFTWARE\Classes\RhapsodyPlayerEngine.RhapsodyPlayerEngineCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\RhapsodyPlayerEngine.RhapsodyPlayerEngineCtrl.1\CLSID@ {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92}
Reg HKLM\SOFTWARE\Classes\RhapsodyPlayerEngine.RhapsodyPlayerEngineCtrl@ RhapsodyPlayerEngineCtrl Class
Reg HKLM\SOFTWARE\Classes\RhapsodyPlayerEngine.RhapsodyPlayerEngineCtrl\CLSID
Reg HKLM\SOFTWARE\Classes\RhapsodyPlayerEngine.RhapsodyPlayerEngineCtrl\CLSID@ {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92}
Reg HKLM\SOFTWARE\Classes\RhapsodyPlayerEngine.RhapsodyPlayerEngineCtrl\CurVer
Reg HKLM\SOFTWARE\Classes\RhapsodyPlayerEngine.RhapsodyPlayerEngineCtrl\CurVer@ RhapsodyPlayerEngine.RhapsodyPlayerEngineCtrl.1
Reg HKLM\SOFTWARE\Classes\ScorchActiveXPlugin.ScorchPlugin.1@ ScorchPlugin Class
Reg HKLM\SOFTWARE\Classes\ScorchActiveXPlugin.ScorchPlugin.1\CLSID
Reg HKLM\SOFTWARE\Classes\ScorchActiveXPlugin.ScorchPlugin.1\CLSID@ {A8F2B9BD-A6A0-486A-9744-18920D898429}
Reg HKLM\SOFTWARE\Classes\ScorchActiveXPlugin.ScorchPlugin@ ScorchPlugin Class
Reg HKLM\SOFTWARE\Classes\ScorchActiveXPlugin.ScorchPlugin\CLSID
Reg HKLM\SOFTWARE\Classes\ScorchActiveXPlugin.ScorchPlugin\CLSID@ {A8F2B9BD-A6A0-486A-9744-18920D898429}
Reg HKLM\SOFTWARE\Classes\ScorchActiveXPlugin.ScorchPlugin\CurVer
Reg HKLM\SOFTWARE\Classes\ScorchActiveXPlugin.ScorchPlugin\CurVer@ ScorchActiveXPlugin.ScorchPlugin.1
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Alignment.1@ Alignment Class
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Alignment.1\CLSID
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Alignment.1\CLSID@ {67C79012-A022-464a-AA13-3CB1E52AE04C}
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Alignment@ Alignment Class
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Alignment\CLSID
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Alignment\CLSID@ {67C79012-A022-464a-AA13-3CB1E52AE04C}
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Alignment\CurVer
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Alignment\CurVer@ ScorchAxPluginBase.Alignment.1
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Size.1@ Size Class
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Size.1\CLSID
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Size.1\CLSID@ {E425C010-B9B4-43d9-8ECE-5D7D5ADB428B}
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Size@ Size Class
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Size\CLSID
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Size\CLSID@ {E425C010-B9B4-43d9-8ECE-5D7D5ADB428B}
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Size\CurVer
Reg HKLM\SOFTWARE\Classes\ScorchAxPluginBase.Size\CurVer@ ScorchAxPluginBase.Size.1
Reg HKLM\SOFTWARE\Classes\Sibelius.Scorch@ Sibelius Scorch Score
Reg HKLM\SOFTWARE\Classes\Sibelius.Scorch@BrowserFlags 8
Reg HKLM\SOFTWARE\Classes\Sibelius.Scorch@EditFlags 0
Reg HKLM\SOFTWARE\Classes\Sibelius.Scorch\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Sibelius.Scorch\DefaultIcon@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE", 1
Reg HKLM\SOFTWARE\Classes\Sibelius.Scorch\shell
Reg HKLM\SOFTWARE\Classes\Sibelius.Scorch\shell\open
Reg HKLM\SOFTWARE\Classes\Sibelius.Scorch\shell\open\command
Reg HKLM\SOFTWARE\Classes\Sibelius.Scorch\shell\open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "%1"
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1@ SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\CLSID@ {1F3CB77D-D339-49e0-B8E4-FECD6D6F8CB8}
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper@ SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CLSID@ {1F3CB77D-D339-49e0-B8E4-FECD6D6F8CB8}
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CurVer
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CurVer@ SwBroker.SwHelper.1
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaConverter.1@ PCLEMediaConverter Class
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaConverter.1\CLSID
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaConverter.1\CLSID@ {29D1F981-D486-46B4-A338-3899E75350DA}
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaConverter@ PCLEMediaConverter Class
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaConverter\CLSID
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaConverter\CLSID@ {29D1F981-D486-46B4-A338-3899E75350DA}
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaConverter\CurVer
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaConverter\CurVer@ TBone.PCLEMediaConverter.1
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaGraph.1@ PCLEMediaGraph Class
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaGraph.1\CLSID
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaGraph.1\CLSID@ {D8F5CE38-D01C-4521-8FCA-B7CE760D1F4F}
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaGraph@ PCLEMediaGraph Class
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaGraph\CLSID
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaGraph\CLSID@ {D8F5CE38-D01C-4521-8FCA-B7CE760D1F4F}
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaGraph\CurVer
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaGraph\CurVer@ TBone.PCLEMediaGraph.1
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaImporter.1@ PCLEMediaImporter Class
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaImporter.1\CLSID
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaImporter.1\CLSID@ {19FCB230-1BAC-4D31-8C0A-860F997DEE3D}
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaImporter@ PCLEMediaImporter Class
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaImporter\CLSID
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaImporter\CLSID@ {19FCB230-1BAC-4D31-8C0A-860F997DEE3D}
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaImporter\CurVer
Reg HKLM\SOFTWARE\Classes\TBone.PCLEMediaImporter\CurVer@ TBone.PCLEMediaImporter.1
Reg HKLM\SOFTWARE\Classes\WebDeploy\ProxyEnable
Reg HKLM\SOFTWARE\Classes\WebDeploy\ProxyEnable@ 0
Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl@ MessengerCompanionControl Class
Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer
Reg HKLM\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer@ Yahoo.MessengerCompanionControl.5
Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin@ PopupBlocker Class
Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\CurVer
Reg HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\CurVer@ Yahoo.PopupBlockerPlugin.4
Reg HKLM\SOFTWARE\Classes\YBIOCtrl.YBIOCtrl2@ Yahoo! Companion
Reg HKLM\SOFTWARE\Classes\YBIOCtrl.YBIOCtrl@ Yahoo! Companion
Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin@ YMECompPlugin Class
Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin\CurVer
Reg HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin\CurVer@ YMERemote.YMECompPlugin.1
Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl@ YMERemoteCtl Class
Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl\CurVer
Reg HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl\CurVer@ YMERemote.YMERemoteCtl.1
Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2@ Yahoo! Toolbar Helper
Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2\CLSID
Reg HKLM\SOFTWARE\Classes\yt.YTHelper.2\CLSID@ {02478D38-C3F9-4efb-9B51-7695ECA05670}
Reg HKLM\SOFTWARE\Classes\yt.YTHelper@ Yahoo! Toolbar Helper
Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CLSID
Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CLSID@ {02478D38-C3F9-4efb-9B51-7695ECA05670}
Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CurVer
Reg HKLM\SOFTWARE\Classes\yt.YTHelper\CurVer@ yt.YTHelper.2
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1@ Yahoo! Toolbar
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1\CLSID
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand.1\CLSID@ {EF99BD32-C1FB-11D2-892F-0090271D4F88}
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand@ Yahoo! Toolbar
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand\CurVer
Reg HKLM\SOFTWARE\Classes\yt.YToolbarBand\CurVer@ yt.YToolbarBand.1

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF4B9B58C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF4B9BE0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF4B9C922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF4B9CE94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xF4B9C0EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xF4B9A436]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF4B9CD6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF4B9B192]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF4B9CC28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF4B9B34E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF4B9CFC6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF4B9EC08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xF4B9BAAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF4B9CCCA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xF4B9E5FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xF4B9A9FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xF4B9AD88]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF4B9C576]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF4B9F5CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF4B9AECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF4B9AF74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xF4B9C382]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xF4B9E68C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF4B9A412]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF4B9A424]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xF4B9ECBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF4B9B0C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF4B9CF36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xF4B9BE8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xF4B9A5DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF4B9CE04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xF4B9B792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xF4B9EC32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF4B9D068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xF4B9B6B6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF4B9B01E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF4B9AC46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xF4B9EFD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF4B9A896]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xF4B9E922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF4B9AB0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF4B9A2B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF4B9D3F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF4B9D2B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF4B9E39A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF4BA1E2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF4B9F4AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF4B9A248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xF4B9C65C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xF4B9BCC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF4B9DC4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xF4B9E786]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF4B9F114]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xF4B9A71E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF4B9F1F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF4B9F320]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF4B9E526]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xF4B9B90A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF4B9B860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xF4B9EE8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF4B9B9EA]

---- EOF - GMER 1.0.15 ----





#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:35 PM

Posted 26 February 2010 - 04:55 AM

Hi,

the log from gmer is clean. Has the icon for internet connectivity vanished again?

Just to be safe please run a scan with Eset as well:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:35 PM

Posted 06 March 2010 - 04:13 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users