Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pesky trojan dagnam it!


  • Please log in to reply
6 replies to this topic

#1 not_again!

not_again!

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 07 September 2010 - 09:38 PM

Hi there,

I managed to get myself a trojan, the kind that pops up with a fake virus scanner protector and i couldn't do ANYTHING without it blocking the program. i managed to run RKill, Defogger and MBAM as directed and that got rid of the fake virus scanner protector but i still couldn't get online. I then ran Spybot which found some more nasties and got rid of them and then ran a second scan, but when windows finally powered up it jammed up with .dll errors (the only one i could see was this one C:\windows\i32gl3ds.dll) and the computer freezes itself and i can't do anything from there at all unless i'm in safe mode.

I've run Hijack this can anyone tell me which files i should fix from this log please?

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:08, on 08/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~3\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [emswrxnoca.tmp] "C:\DOCUME~1\Cec\LOCALS~1\Temp\emswrxnoca.tmp"
O4 - HKLM\..\Run: [Smipil] rundll32.exe "C:\WINDOWS\umicavalegacu.dll",Startup
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kpabocifalut] rundll32.exe "C:\WINDOWS\i32gl3ds.dll",Startup
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: WKCALREM.LNK = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Cec\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Cec\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~3\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~3\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19E68718-1409-4D83-9916-1C3E242E445B}: NameServer = 210.15.254.240,210.15.254.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E68718-1409-4D83-9916-1C3E242E445B}: NameServer = 210.15.254.240,210.15.254.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{19E68718-1409-4D83-9916-1C3E242E445B}: NameServer = 210.15.254.240,210.15.254.241
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: IJRNQEMJT - Unknown owner - C:\DOCUME~1\Cec\LOCALS~1\Temp\IJRNQEMJT.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10840 bytes

Edited by Blade Zephon, 07 September 2010 - 11:31 PM.
Moved to Logs forum. ~BZ


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:04 PM

Posted 13 September 2010 - 01:16 PM

Hello not_again!

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please download Rootkit Unhooker and save it to your desktop.
  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 not_again!

not_again!
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 16 September 2010 - 07:16 AM

OTL ran without any problems

but RKUnhookerLE refused to open it kept coming up with Error loading/opening driver. i tried saving it to my desktop as a different name but it still wouldn't run.

below are the scans from OTL

Thanks heaps

OTL logfile created on: 16/09/2010 21:43:30 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Cec\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 755.00 Mb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.99 Gb Total Space | 10.80 Gb Free Space | 13.50% Space Free | Partition Type: NTFS
Drive D: | 61.20 Gb Total Space | 39.55 Gb Free Space | 64.63% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CECILIA
Current User Name: Cec
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Cec\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Cec\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (XSC) -- C:\DOCUME~1\Cec\LOCALS~1\Temp\XSC.exe File not found
SRV - (TJG) -- C:\DOCUME~1\Cec\LOCALS~1\Temp\TJG.exe File not found
SRV - (OJXRJBSHADC) -- C:\DOCUME~1\Cec\LOCALS~1\Temp\OJXRJBSHADC.exe File not found
SRV - (IJRNQEMJT) -- C:\DOCUME~1\Cec\LOCALS~1\Temp\IJRNQEMJT.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\WINDOWS\system32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018mdm) -- C:\WINDOWS\system32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\WINDOWS\system32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\WINDOWS\system32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (Ktp) -- C:\WINDOWS\system32\drivers\ETD.sys (ELANTECH Devices Corp.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 8D 56 39 06 A6 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {A225EB10-75CB-47D1-B08D-0F75842E39BC}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..keyword.URL: "http://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/12 20:36:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 10:30:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 10:56:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/02 13:53:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{A225EB10-75CB-47D1-B08D-0F75842E39BC}: C:\Documents and Settings\Cec\Local Settings\Application Data\{A225EB10-75CB-47D1-B08D-0F75842E39BC} [2010/09/07 15:04:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/04 00:35:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 11:52:59 | 000,000,000 | ---D | M]

[2009/05/12 17:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Mozilla\Extensions
[2009/05/12 17:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cec\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/07 15:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Mozilla\Firefox\Profiles\0pyd7utz.default\extensions
[2010/05/11 14:19:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cec\Application Data\Mozilla\Firefox\Profiles\0pyd7utz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/11 15:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cec\Application Data\Mozilla\Firefox\Profiles\0pyd7utz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009/05/20 20:40:22 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\Mozilla\Firefox\Profiles\0pyd7utz.default\searchplugins\ask.xml
[2010/03/16 21:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 11:52:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/07/28 11:52:53 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/28 11:52:53 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/09/04 10:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/05/12 20:36:06 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 21:44:12 | 000,024,576 | ---- | M] (My Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMySrch.dll
[2010/07/28 11:52:55 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2008/10/14 21:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/05/12 20:45:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/05/12 20:45:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/05/12 20:45:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/05/12 20:45:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/05/12 20:45:23 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/05/12 20:45:24 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/05/12 20:45:24 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/14 08:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/16 10:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 10:55:13 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/08/19 11:39:48 | 000,001,345 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/01/16 10:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 10:55:13 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/16 10:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 10:55:13 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/16 10:55:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/16 10:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/01/04 20:43:06 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy3\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe File not found
O4 - HKLM..\Run: [emswrxnoca.tmp] C:\DOCUME~1\Cec\LOCALS~1\Temp\emswrxnoca.tmp File not found
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Smipil] C:\WINDOWS\umicavalegacu.DLL File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Kpabocifalut] C:\WINDOWS\i32gl3ds.DLL (ArcSoft Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\Cec\Start Menu\Programs\Startup\WKCALREM.LNK = C:\Program Files\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Cec\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Cec\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy3\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/10 00:50:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/16 21:31:48 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cec\Desktop\OTL.exe
[2010/09/07 18:29:37 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cec\Desktop\mbam-setup.exe
[2010/09/07 16:30:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cec\Recent
[2010/09/07 15:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cec\Local Settings\Application Data\{A225EB10-75CB-47D1-B08D-0F75842E39BC}
[2010/09/07 15:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cec\Local Settings\Application Data\hwmoaebur
[2010/09/07 15:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cec\Application Data\CA71E6B33E358EEBE3B3D37AB75DE3D0
[2010/08/27 17:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cec\My Documents\New Folder
[2010/08/27 16:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cec\My Documents\section 32
[2010/02/21 21:13:31 | 015,640,551 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeVideoToDVDConverter.exe
[2008/08/30 11:27:26 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Install AiGuruU1 Skype Phone.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/16 21:34:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/16 21:33:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/16 21:32:26 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Cec\Desktop\RKUnhookerLE.EXE
[2010/09/16 21:31:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cec\Desktop\OTL.exe
[2010/09/12 10:29:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Cec\ntuser.ini
[2010/09/12 10:29:25 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Cec\NTUSER.DAT
[2010/09/08 11:15:55 | 000,000,337 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/09/08 11:14:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 08:28:39 | 064,398,484 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/07 22:59:34 | 000,000,164 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/09/07 18:31:20 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cec\Desktop\mbam-setup.exe
[2010/09/07 18:27:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cec\defogger_reenable
[2010/09/07 18:25:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cec\Desktop\Defogger.exe
[2010/09/07 18:07:14 | 000,002,843 | ---- | M] () -- C:\WINDOWS\ufexuquxojapon.dll
[2010/09/07 18:06:44 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (3).lnk
[2010/09/07 17:46:54 | 000,002,843 | ---- | M] () -- C:\WINDOWS\osepawuqewidumu.dll
[2010/09/07 17:46:21 | 000,002,843 | ---- | M] () -- C:\WINDOWS\Mkunuwamoheyev.dat
[2010/09/07 15:04:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Cyikah.bin
[2010/08/30 01:46:26 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Cec\My Documents\~$ya Banks - Blame The Rain.doc
[2010/08/19 16:28:28 | 001,687,383 | ---- | M] () -- C:\Documents and Settings\Cec\My Documents\berrys rd.JPG
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/16 21:32:26 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Cec\Desktop\RKUnhookerLE.EXE
[2010/09/07 18:27:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cec\defogger_reenable
[2010/09/07 18:25:34 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Cec\Desktop\Defogger.exe
[2010/09/07 18:07:14 | 000,002,843 | ---- | C] () -- C:\WINDOWS\ufexuquxojapon.dll
[2010/09/07 17:46:54 | 000,002,843 | ---- | C] () -- C:\WINDOWS\osepawuqewidumu.dll
[2010/09/07 15:04:28 | 000,002,843 | ---- | C] () -- C:\WINDOWS\Mkunuwamoheyev.dat
[2010/09/07 15:04:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cyikah.bin
[2010/08/30 01:46:26 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Cec\My Documents\~$ya Banks - Blame The Rain.doc
[2010/08/19 16:28:25 | 001,687,383 | ---- | C] () -- C:\Documents and Settings\Cec\My Documents\berrys rd.JPG
[2010/03/19 22:07:48 | 000,939,956 | ---- | C] () -- C:\Program Files\7z465.exe
[2009/12/28 13:12:31 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\housecall.guid.cache
[2009/12/27 18:25:08 | 000,005,146 | ---- | C] () -- C:\WINDOWS\DNAPrinters.ini
[2009/10/23 17:50:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cec\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2009/10/23 17:50:02 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\Cec\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2009/10/23 17:50:02 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/10/23 17:47:21 | 000,002,812 | ---- | C] () -- C:\Documents and Settings\Cec\Application Data\PatchUpdate_InstantShareJPG.log
[2009/10/23 17:47:21 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/10/23 17:46:24 | 000,003,587 | ---- | C] () -- C:\Documents and Settings\Cec\Application Data\PatchUpdate_IZClosingDiscError.log
[2009/10/23 17:46:24 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/10/23 17:45:04 | 000,046,268 | ---- | C] () -- C:\Documents and Settings\Cec\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2009/10/23 17:45:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/10/23 17:43:23 | 000,003,903 | ---- | C] () -- C:\Documents and Settings\Cec\Application Data\HPSU_48BitScanUpdate.log
[2009/10/23 17:43:23 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/10/23 10:13:04 | 000,044,143 | ---- | C] () -- C:\Documents and Settings\Cec\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/10/23 10:13:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/08/22 16:06:59 | 000,000,167 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/08/22 16:06:30 | 000,000,686 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/08/22 15:55:55 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/08/06 20:34:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/19 11:54:49 | 000,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/18 21:06:34 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Cec\Application Data\wklnhst.dat
[2009/05/13 15:43:30 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2009/05/13 12:21:07 | 000,004,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/05/12 21:50:59 | 000,207,741 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/12 21:33:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/12 21:33:41 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/12 20:01:29 | 000,000,337 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/05/12 17:16:05 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\fusioncache.dat
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/02 21:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/08/30 13:30:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/30 11:30:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/08/30 11:30:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/08/30 11:30:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/08/30 11:30:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/08/30 11:30:05 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/08/30 11:30:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/08/30 10:43:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/08/10 00:32:28 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/31 12:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2008/03/18 08:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2005/02/18 02:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/18 02:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/15 03:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/02/04 16:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/02 13:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/05/12 20:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/02/02 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/05/12 21:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/05/12 22:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/05/14 22:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/01/22 23:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/15 13:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/09/07 15:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\BitTorrent
[2010/09/07 15:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\CA71E6B33E358EEBE3B3D37AB75DE3D0
[2010/02/02 11:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\CallingID
[2009/12/31 10:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\DNA
[2010/06/01 23:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\DVDVideoSoftIEHelpers
[2010/06/12 22:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Facebook
[2009/05/23 23:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\InterVideo
[2010/01/22 23:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Sony
[2009/11/29 18:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\StarOffice8
[2009/06/18 21:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Template
[2010/05/15 13:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Worldwinner

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/30 10:55:03 | 000,000,157 | ---- | M] () -- C:\AsusUpdate.log
[2008/08/10 00:50:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/08 18:13:14 | 030,909,992 | ---- | M] () -- C:\avira_antivir_personal_en.exe
[2009/05/12 17:14:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/12/28 11:36:29 | 000,052,129 | ---- | M] () -- C:\caavsetupLog.txt
[2010/02/02 11:06:05 | 000,000,264 | ---- | M] () -- C:\caEntitlementLog.txt
[2010/02/02 11:56:44 | 003,725,700 | ---- | M] () -- C:\caisslog.txt
[2008/08/10 00:50:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/31 11:22:42 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/01/04 19:49:04 | 001,839,496 | ---- | M] (Trend Micro) -- C:\HousecallLauncher.exe
[2009/12/31 11:35:26 | 002,174,656 | ---- | M] () -- C:\IceSword120_en.zip
[2008/08/10 00:50:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/10 00:50:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 22:00:00 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010/09/16 21:33:48 | 1595,932,672 | -HS- | M] () -- C:\pagefile.sys
[2008/08/30 10:42:03 | 000,000,675 | ---- | M] () -- C:\RHDSetup.log
[2010/09/07 18:25:01 | 000,000,373 | ---- | M] () -- C:\rkill.log
[2009/12/29 21:08:01 | 000,231,390 | ---- | M] () -- C:\RootkitRevealer.zip
[2009/04/02 17:02:58 | 000,185,833 | ---- | M] () -- C:\shldr
[2008/08/30 11:54:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/08/30 11:54:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/01/11 11:42:38 | 003,654,395 | ---- | M] (Spacejock Software ) -- C:\ybkfull.exe

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/09 17:39:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/09 17:39:45 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/09 17:39:45 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/17 11:38:46 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/07/17 11:40:45 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/06/22 01:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 22:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/05 08:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< End of report >
[2010/09/16 21:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Desktop
[2010/09/16 21:40:11 | 000,335,872 | -H-- | M] () -- C:\Documents and Settings\Cec\ntuser.dat.LOG
[2010/09/16 21:40:11 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Cec\Recent
[2010/09/16 21:34:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/16 21:33:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/16 21:32:26 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Cec\Desktop\RKUnhookerLE.EXE
[2010/09/16 21:31:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cec\Desktop\OTL.exe
[2010/09/12 10:29:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Cec\ntuser.ini
[2010/09/12 10:29:25 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Cec\NTUSER.DAT
[2010/09/08 11:40:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/09/08 11:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Local Settings\Application Data\ApplicationHistory
[2010/09/08 11:15:55 | 000,000,337 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/09/08 11:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\lg_fwupdate
[2010/09/08 11:14:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 08:28:39 | 064,398,484 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/07 23:03:01 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/09/07 22:59:34 | 000,000,164 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/09/07 21:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/07 20:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Local Settings\Application Data\hwmoaebur
[2010/09/07 18:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 18:31:20 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cec\Desktop\mbam-setup.exe
[2010/09/07 18:27:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cec\defogger_reenable
[2010/09/07 18:25:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cec\Desktop\Defogger.exe
[2010/09/07 18:07:14 | 000,002,843 | ---- | M] () -- C:\WINDOWS\ufexuquxojapon.dll
[2010/09/07 18:06:44 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (3).lnk
[2010/09/07 17:46:54 | 000,002,843 | ---- | M] () -- C:\WINDOWS\osepawuqewidumu.dll
[2010/09/07 17:46:21 | 000,002,843 | ---- | M] () -- C:\WINDOWS\Mkunuwamoheyev.dat
[2010/09/07 17:45:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Cec\Cookies
[2010/09/07 15:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\BitTorrent
[2010/09/07 15:04:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Cyikah.bin
[2010/09/07 15:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Local Settings\Application Data\{A225EB10-75CB-47D1-B08D-0F75842E39BC}
[2010/09/07 15:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\CA71E6B33E358EEBE3B3D37AB75DE3D0
[2010/09/07 15:00:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Cec\Templates
[2010/09/07 15:00:04 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Cec\Application Data
[2010/09/06 15:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Tracing
[2010/09/04 21:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Skype
[2010/09/04 21:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\skypePM
[2010/09/03 19:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Local Settings\Application Data\yBook
[2010/08/30 01:47:06 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Cec\My Documents
[2010/08/30 01:46:26 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Cec\My Documents\~$ya Banks - Blame The Rain.doc
[2010/08/19 16:28:28 | 001,687,383 | ---- | M] () -- C:\Documents and Settings\Cec\My Documents\berrys rd.JPG
[2010/08/12 19:24:16 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/06 11:08:58 | 000,004,012 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/19 22:07:58 | 000,939,956 | ---- | M] () -- C:\Program Files\7z465.exe
[2010/02/21 21:19:12 | 015,640,551 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeVideoToDVDConverter.exe
[2010/02/11 10:47:32 | 000,063,416 | ---- | M] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/28 21:11:51 | 003,506,320 | -H-- | M] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\IconCache.db
[2009/12/28 13:12:31 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\housecall.guid.cache
[2009/11/22 10:58:31 | 000,003,903 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\HPSU_48BitScanUpdate.log
[2009/10/23 17:50:07 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2009/10/23 17:50:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2009/10/23 17:49:59 | 000,002,812 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\PatchUpdate_InstantShareJPG.log
[2009/10/23 17:47:17 | 000,003,587 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\PatchUpdate_IZClosingDiscError.log
[2009/10/23 17:45:31 | 000,046,268 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2009/10/23 10:22:19 | 000,044,143 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/06/22 12:36:00 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\wklnhst.dat
[2009/05/12 17:16:25 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\fusioncache.dat
[2008/08/09 17:40:51 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Cec\Application Data\desktop.ini
[2008/08/09 17:40:51 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/05/08 09:34:00 | 015,523,560 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Install AiGuruU1 Skype Phone.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/16 21:47:33 | 000,035,332 | ---- | M] () -- C:\WINDOWS\System32\rundll32.exe
[2010/09/16 21:34:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/16 21:33:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/16 21:32:26 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Cec\Desktop\RKUnhookerLE.EXE
[2010/09/16 21:31:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cec\Desktop\OTL.exe
[2010/09/12 10:29:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Cec\ntuser.ini
[2010/09/12 10:29:25 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Cec\NTUSER.DAT
[2010/09/08 11:15:55 | 000,000,337 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/09/08 11:14:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 08:28:39 | 064,398,484 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/07 22:59:34 | 000,000,164 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/09/07 18:31:20 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cec\Desktop\mbam-setup.exe
[2010/09/07 18:27:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cec\defogger_reenable
[2010/09/07 18:25:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cec\Desktop\Defogger.exe
[2010/09/07 18:07:14 | 000,002,843 | ---- | M] () -- C:\WINDOWS\ufexuquxojapon.dll
[2010/09/07 18:06:44 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (3).lnk
[2010/09/07 17:46:54 | 000,002,843 | ---- | M] () -- C:\WINDOWS\osepawuqewidumu.dll
[2010/09/07 17:46:21 | 000,002,843 | ---- | M] () -- C:\WINDOWS\Mkunuwamoheyev.dat
[2010/09/07 15:04:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Cyikah.bin
[2010/08/30 01:46:26 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Cec\My Documents\~$ya Banks - Blame The Rain.doc
[2010/08/19 16:28:28 | 001,687,383 | ---- | M] () -- C:\Documents and Settings\Cec\My Documents\berrys rd.JPG
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== LOP Check ==========

[2010/02/04 16:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/02 13:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/05/12 20:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/02/02 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/05/12 21:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/05/12 22:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/05/14 22:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/01/22 23:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/15 13:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/09/07 15:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\BitTorrent
[2010/09/07 15:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\CA71E6B33E358EEBE3B3D37AB75DE3D0
[2010/02/02 11:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\CallingID
[2009/12/31 10:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\DNA
[2010/06/01 23:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\DVDVideoSoftIEHelpers
[2010/06/12 22:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Facebook
[2009/05/23 23:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\InterVideo
[2010/01/22 23:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Sony
[2009/11/29 18:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\StarOffice8
[2009/06/18 21:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Template
[2010/05/15 13:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Worldwinner

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/30 10:55:03 | 000,000,157 | ---- | M] () -- C:\AsusUpdate.log
[2008/08/10 00:50:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/08 18:13:14 | 030,909,992 | ---- | M] () -- C:\avira_antivir_personal_en.exe
[2009/05/12 17:14:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/12/28 11:36:29 | 000,052,129 | ---- | M] () -- C:\caavsetupLog.txt
[2010/02/02 11:06:05 | 000,000,264 | ---- | M] () -- C:\caEntitlementLog.txt
[2010/02/02 11:56:44 | 003,725,700 | ---- | M] () -- C:\caisslog.txt
[2008/08/10 00:50:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/31 11:22:42 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/01/04 19:49:04 | 001,839,496 | ---- | M] (Trend Micro) -- C:\HousecallLauncher.exe
[2009/12/31 11:35:26 | 002,174,656 | ---- | M] () -- C:\IceSword120_en.zip
[2008/08/10 00:50:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/10 00:50:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 22:00:00 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010/09/16 21:33:48 | 1595,932,672 | -HS- | M] () -- C:\pagefile.sys
[2008/08/30 10:42:03 | 000,000,675 | ---- | M] () -- C:\RHDSetup.log
[2010/09/07 18:25:01 | 000,000,373 | ---- | M] () -- C:\rkill.log
[2009/12/29 21:08:01 | 000,231,390 | ---- | M] () -- C:\RootkitRevealer.zip
[2009/04/02 17:02:58 | 000,185,833 | ---- | M] () -- C:\shldr
[2008/08/30 11:54:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/08/30 11:54:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/01/11 11:42:38 | 003,654,395 | ---- | M] (Spacejock Software ) -- C:\ybkfull.exe

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/06/24 22:21:58 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/09 17:39:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/09 17:39:45 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/09 17:39:45 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/17 11:38:46 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/07/17 11:40:45 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/06/22 01:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 22:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/05 08:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< End of report >
[2010/09/16 21:47:33 | 000,035,332 | ---- | M] () -- C:\WINDOWS\System32\rundll32.exe
[2010/09/16 21:47:33 | 000,000,000 | ---D | M] -- C:\Program Files\lg_fwupdate
[2010/09/16 21:47:33 | 000,000,000 | ---D | M] -- C:\Program Files\Elantech
[2010/09/16 21:47:23 | 001,085,440 | -H-- | M] () -- C:\Documents and Settings\Cec\ntuser.dat.LOG
[2010/09/16 21:47:22 | 000,035,328 | ---- | M] () -- C:\WINDOWS\Fonts\47iWm4.com
[2010/09/16 21:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Desktop
[2010/09/16 21:40:11 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Cec\Recent
[2010/09/16 21:34:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/16 21:33:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/16 21:32:26 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Cec\Desktop\RKUnhookerLE.EXE
[2010/09/16 21:31:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cec\Desktop\OTL.exe
[2010/09/12 10:29:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Cec\ntuser.ini
[2010/09/12 10:29:25 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Cec\NTUSER.DAT
[2010/09/08 11:40:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/09/08 11:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Local Settings\Application Data\ApplicationHistory
[2010/09/08 11:15:55 | 000,000,337 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/09/08 11:14:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/07 23:03:01 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/09/07 22:59:34 | 000,000,164 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/09/07 21:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/09/07 20:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Local Settings\Application Data\hwmoaebur
[2010/09/07 18:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 18:31:20 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cec\Desktop\mbam-setup.exe
[2010/09/07 18:27:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cec\defogger_reenable
[2010/09/07 18:25:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cec\Desktop\Defogger.exe
[2010/09/07 18:07:14 | 000,002,843 | ---- | M] () -- C:\WINDOWS\ufexuquxojapon.dll
[2010/09/07 18:06:44 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (3).lnk
[2010/09/07 17:46:54 | 000,002,843 | ---- | M] () -- C:\WINDOWS\osepawuqewidumu.dll
[2010/09/07 17:46:21 | 000,002,843 | ---- | M] () -- C:\WINDOWS\Mkunuwamoheyev.dat
[2010/09/07 17:45:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Cec\Cookies
[2010/09/07 15:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\BitTorrent
[2010/09/07 15:04:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Cyikah.bin
[2010/09/07 15:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Local Settings\Application Data\{A225EB10-75CB-47D1-B08D-0F75842E39BC}
[2010/09/07 15:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\CA71E6B33E358EEBE3B3D37AB75DE3D0
[2010/09/07 15:00:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Cec\Templates
[2010/09/07 15:00:04 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Cec\Application Data
[2010/09/06 15:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Tracing
[2010/09/04 21:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Skype
[2010/09/04 21:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\skypePM
[2010/09/03 19:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Local Settings\Application Data\yBook
[2010/08/30 01:47:06 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Cec\My Documents
[2010/08/30 01:46:26 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Cec\My Documents\~$ya Banks - Blame The Rain.doc
[2010/08/19 16:28:28 | 001,687,383 | ---- | M] () -- C:\Documents and Settings\Cec\My Documents\berrys rd.JPG
[2010/08/12 19:24:16 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/06 11:08:58 | 000,004,012 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/19 22:07:58 | 000,939,956 | ---- | M] () -- C:\Program Files\7z465.exe
[2010/02/21 21:19:12 | 015,640,551 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeVideoToDVDConverter.exe
[2010/02/11 10:47:32 | 000,063,416 | ---- | M] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/28 21:11:51 | 003,506,320 | -H-- | M] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\IconCache.db
[2009/12/28 13:12:31 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\housecall.guid.cache
[2009/11/22 10:58:31 | 000,003,903 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\HPSU_48BitScanUpdate.log
[2009/10/23 17:50:07 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2009/10/23 17:50:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2009/10/23 17:49:59 | 000,002,812 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\PatchUpdate_InstantShareJPG.log
[2009/10/23 17:47:17 | 000,003,587 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\PatchUpdate_IZClosingDiscError.log
[2009/10/23 17:45:31 | 000,046,268 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2009/10/23 10:22:19 | 000,044,143 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/06/22 12:36:00 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\wklnhst.dat
[2009/05/12 17:16:25 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\Cec\Local Settings\Application Data\fusioncache.dat
[2008/08/09 17:40:51 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Cec\Application Data\desktop.ini
[2008/08/09 17:40:51 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/05/08 09:34:00 | 015,523,560 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Install AiGuruU1 Skype Phone.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/16 21:47:33 | 000,035,332 | ---- | M] () -- C:\WINDOWS\System32\rundll32.exe
[2010/09/16 21:34:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/16 21:33:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/16 21:32:26 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Cec\Desktop\RKUnhookerLE.EXE
[2010/09/16 21:31:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cec\Desktop\OTL.exe
[2010/09/12 10:29:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Cec\ntuser.ini
[2010/09/12 10:29:25 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\Cec\NTUSER.DAT
[2010/09/08 11:15:55 | 000,000,337 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2010/09/08 11:14:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 08:28:39 | 064,398,484 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/07 22:59:34 | 000,000,164 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/09/07 18:31:20 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cec\Desktop\mbam-setup.exe
[2010/09/07 18:27:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cec\defogger_reenable
[2010/09/07 18:25:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Cec\Desktop\Defogger.exe
[2010/09/07 18:07:14 | 000,002,843 | ---- | M] () -- C:\WINDOWS\ufexuquxojapon.dll
[2010/09/07 18:06:44 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Cec\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (3).lnk
[2010/09/07 17:46:54 | 000,002,843 | ---- | M] () -- C:\WINDOWS\osepawuqewidumu.dll
[2010/09/07 17:46:21 | 000,002,843 | ---- | M] () -- C:\WINDOWS\Mkunuwamoheyev.dat
[2010/09/07 15:04:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Cyikah.bin
[2010/08/30 01:46:26 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Cec\My Documents\~$ya Banks - Blame The Rain.doc
[2010/08/19 16:28:28 | 001,687,383 | ---- | M] () -- C:\Documents and Settings\Cec\My Documents\berrys rd.JPG
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== LOP Check ==========

[2010/02/04 16:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/02 13:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/05/12 20:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/02/02 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/05/12 21:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/05/12 22:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/05/14 22:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/01/22 23:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/15 13:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/09/07 15:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\BitTorrent
[2010/09/07 15:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\CA71E6B33E358EEBE3B3D37AB75DE3D0
[2010/02/02 11:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\CallingID
[2009/12/31 10:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\DNA
[2010/06/01 23:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\DVDVideoSoftIEHelpers
[2010/06/12 22:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Facebook
[2009/05/23 23:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\InterVideo
[2010/01/22 23:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Sony
[2009/11/29 18:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\StarOffice8
[2009/06/18 21:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Template
[2010/05/15 13:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cec\Application Data\Worldwinner

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/08/30 10:55:03 | 000,000,157 | ---- | M] () -- C:\AsusUpdate.log
[2008/08/10 00:50:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/08 18:13:14 | 030,909,992 | ---- | M] () -- C:\avira_antivir_personal_en.exe
[2009/05/12 17:14:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/12/28 11:36:29 | 000,052,129 | ---- | M] () -- C:\caavsetupLog.txt
[2010/02/02 11:06:05 | 000,000,264 | ---- | M] () -- C:\caEntitlementLog.txt
[2010/02/02 11:56:44 | 003,725,700 | ---- | M] () -- C:\caisslog.txt
[2008/08/10 00:50:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/31 11:22:42 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/01/04 19:49:04 | 001,839,496 | ---- | M] (Trend Micro) -- C:\HousecallLauncher.exe
[2009/12/31 11:35:26 | 002,174,656 | ---- | M] () -- C:\IceSword120_en.zip
[2008/08/10 00:50:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/10 00:50:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 22:00:00 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010/09/16 21:33:48 | 1595,932,672 | -HS- | M] () -- C:\pagefile.sys
[2008/08/30 10:42:03 | 000,000,675 | ---- | M] () -- C:\RHDSetup.log
[2010/09/07 18:25:01 | 000,000,373 | ---- | M] () -- C:\rkill.log
[2009/12/29 21:08:01 | 000,231,390 | ---- | M] () -- C:\RootkitRevealer.zip
[2009/04/02 17:02:58 | 000,185,833 | ---- | M] () -- C:\shldr
[2008/08/30 11:54:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/08/30 11:54:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/01/11 11:42:38 | 003,654,395 | ---- | M] (Spacejock Software ) -- C:\ybkfull.exe

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/06/24 22:21:58 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/09 17:39:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/09 17:39:45 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/09 17:39:45 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/17 11:38:46 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/07/17 11:40:45 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/06/22 01:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 22:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/05 08:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< End of report >

OTL Extras logfile created on: 16/09/2010 21:43:30 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Cec\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 755.00 Mb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 79.99 Gb Total Space | 10.80 Gb Free Space | 13.50% Space Free | Partition Type: NTFS
Drive D: | 61.20 Gb Total Space | 39.55 Gb Free Space | 64.63% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CECILIA
Current User Name: Cec
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\CDS\Nero\Installation\SetupX.exe" = E:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:HP CUE Status -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe:*:Enabled:HP Instant Share Setup -- (Hewlett-Packard Co.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{1596098A-FCEC-48F0-B7C7-08A31B771033}" = Nero 7 Essentials
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230B9098-A165-491F-B499-8F41AA7139F6}" = WorldWinner Games
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4ED47439-5232-4BBC-93F2-7BC895B56246}" = 3300
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CD0B297-122D-4718-9CE1-B72E796F7B21}" = Sony Ericsson Media Manager 1.2
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9510AB97-A36C-4352-8725-E72E5528FA1B}" = StarOffice 8 ASUS Edition
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE90CE58-41DE-4708-9291-A9D1D49B1033}" = SecurDisc Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"AVG9Uninstall" = AVG Free 9.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bejeweled Blitz" = Bejeweled Blitz
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"DVD Shrink_is1" = DVD Shrink 3.2
"Eee Storage" = Eee Storage 1.1.15.197
"Elantech" = ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3
"Free Studio_is1" = Free Studio version 4.4
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"yBook_is1" = yBook
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2010 03:46:28 | Computer Name = CECILIA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/09/2010 03:46:28 | Computer Name = CECILIA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/09/2010 03:46:28 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/09/2010 03:46:30 | Computer Name = CECILIA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/09/2010 03:46:30 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 07/09/2010 12:08:56 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/09/2010 12:08:57 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 07/09/2010 16:19:55 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/09/2010 20:30:41 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 16/09/2010 07:37:12 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

[ System Events ]
Error - 11/09/2010 20:28:43 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/09/2010 20:29:25 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/09/2010 07:34:12 | Computer Name = CECILIA | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 16/09/2010 07:34:18 | Computer Name = CECILIA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 16/09/2010 07:34:18 | Computer Name = CECILIA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 16/09/2010 07:34:36 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/09/2010 07:35:34 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 16/09/2010 07:35:39 | Computer Name = CECILIA | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 16/09/2010 07:35:39 | Computer Name = CECILIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio AvgLdx86 AvgMfx86 avipbb Fips intelppm ssmdrv

Error - 16/09/2010 07:40:06 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\CDS\Nero\Installation\SetupX.exe" = E:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:HP CUE Status -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe:*:Enabled:HP Instant Share Setup -- (Hewlett-Packard Co.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{1596098A-FCEC-48F0-B7C7-08A31B771033}" = Nero 7 Essentials
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230B9098-A165-491F-B499-8F41AA7139F6}" = WorldWinner Games
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4ED47439-5232-4BBC-93F2-7BC895B56246}" = 3300
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CD0B297-122D-4718-9CE1-B72E796F7B21}" = Sony Ericsson Media Manager 1.2
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9510AB97-A36C-4352-8725-E72E5528FA1B}" = StarOffice 8 ASUS Edition
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE90CE58-41DE-4708-9291-A9D1D49B1033}" = SecurDisc Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"AVG9Uninstall" = AVG Free 9.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bejeweled Blitz" = Bejeweled Blitz
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"DVD Shrink_is1" = DVD Shrink 3.2
"Eee Storage" = Eee Storage 1.1.15.197
"Elantech" = ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3
"Free Studio_is1" = Free Studio version 4.4
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"yBook_is1" = yBook
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2010 03:46:28 | Computer Name = CECILIA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/09/2010 03:46:28 | Computer Name = CECILIA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/09/2010 03:46:28 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/09/2010 03:46:30 | Computer Name = CECILIA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/09/2010 03:46:30 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 07/09/2010 12:08:56 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/09/2010 12:08:57 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 07/09/2010 16:19:55 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/09/2010 20:30:41 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 16/09/2010 07:37:12 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

[ System Events ]
Error - 11/09/2010 20:28:43 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/09/2010 20:29:25 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/09/2010 07:34:12 | Computer Name = CECILIA | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 16/09/2010 07:34:18 | Computer Name = CECILIA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 16/09/2010 07:34:18 | Computer Name = CECILIA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 16/09/2010 07:34:36 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/09/2010 07:35:34 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 16/09/2010 07:35:39 | Computer Name = CECILIA | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 16/09/2010 07:35:39 | Computer Name = CECILIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio AvgLdx86 AvgMfx86 avipbb Fips intelppm ssmdrv

Error - 16/09/2010 07:40:06 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\CDS\Nero\Installation\SetupX.exe" = E:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:HP CUE Status -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqiscfg.exe:*:Enabled:HP Instant Share Setup -- (Hewlett-Packard Co.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{1596098A-FCEC-48F0-B7C7-08A31B771033}" = Nero 7 Essentials
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230B9098-A165-491F-B499-8F41AA7139F6}" = WorldWinner Games
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4ED47439-5232-4BBC-93F2-7BC895B56246}" = 3300
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CD0B297-122D-4718-9CE1-B72E796F7B21}" = Sony Ericsson Media Manager 1.2
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9510AB97-A36C-4352-8725-E72E5528FA1B}" = StarOffice 8 ASUS Edition
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE90CE58-41DE-4708-9291-A9D1D49B1033}" = SecurDisc Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"AVG9Uninstall" = AVG Free 9.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bejeweled Blitz" = Bejeweled Blitz
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"DVD Shrink_is1" = DVD Shrink 3.2
"Eee Storage" = Eee Storage 1.1.15.197
"Elantech" = ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3
"Free Studio_is1" = Free Studio version 4.4
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"yBook_is1" = yBook
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2010 03:46:28 | Computer Name = CECILIA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/09/2010 03:46:28 | Computer Name = CECILIA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/09/2010 03:46:28 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/09/2010 03:46:30 | Computer Name = CECILIA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/09/2010 03:46:30 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 07/09/2010 12:08:56 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/09/2010 12:08:57 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 07/09/2010 16:19:55 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/09/2010 20:30:41 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 16/09/2010 07:37:12 | Computer Name = CECILIA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

[ System Events ]
Error - 11/09/2010 20:28:43 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/09/2010 20:29:25 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/09/2010 07:34:12 | Computer Name = CECILIA | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 16/09/2010 07:34:18 | Computer Name = CECILIA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 16/09/2010 07:34:18 | Computer Name = CECILIA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 16/09/2010 07:34:36 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/09/2010 07:35:34 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 16/09/2010 07:35:39 | Computer Name = CECILIA | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 16/09/2010 07:35:39 | Computer Name = CECILIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio AvgLdx86 AvgMfx86 avipbb Fips intelppm ssmdrv

Error - 16/09/2010 07:40:06 | Computer Name = CECILIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:04 PM

Posted 16 September 2010 - 07:32 AM

Ok don't worry with that program for now. (Rootkit unhooker)
===========
One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

========
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by kahdah, 16 September 2010 - 07:32 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 not_again!

not_again!
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 17 September 2010 - 10:21 PM

Thanks i'll reformat.



#6 not_again!

not_again!
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:04 AM

Posted 17 September 2010 - 10:27 PM

oh and should i be worried that the virus may have been passed onto my 'safe' pc from the usb flash drive?

as i couldn't access the internet on the infected netbook i downloaded all the programs you suggested onto the flash drive and it has been going back and forth between the netbooks...

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:04 PM

Posted 18 September 2010 - 06:30 AM

Do you have an up to date active antivirus on the other system if so please scan the flash drive with it.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users