Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
      
 
 Closed TopicStart new topic
Unknown Infection [CLOSED]
dellcomp2
post Sep 20 2008, 03:21 PM
Post #1


Member
**
Posts: 14
OS: xp
I used HijackThis and it found a few strange files that I found no information on. Here's the log:

Thanks in advance:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:16, on 2008-09-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: (no name) - {3FFE90FB-0431-4ED5-AF76-8BF8AE7E0B35} - C:\WINDOWS\system32\nnnkjJbX.dll (file missing)
O2 - BHO: {e5b519d8-ea24-cbb8-70c4-18f1f5c5a724} - {427a5c5f-1f81-4c07-8bbc-42ae8d915b5e} - C:\WINDOWS\system32\vubjle.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AAD654DF-D022-4830-B78D-2CFA13F63591} - C:\WINDOWS\system32\wvUkJDwv.dll (file missing)
O4 - HKLM\..\Run: [BM77df87ff] Rundll32.exe "C:\WINDOWS\system32\vokvmcgl.dll",s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: nnnkjJbX - nnnkjJbX.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

--
End of file - 4730 bytes
Go to the top of the page
 
+Quote Post
SpySentinel
post Sep 20 2008, 04:49 PM
Post #2


Trusted Helper
Group Icon
Posts: 1,643
From: The United States
OS: Windows XP SP2
Hey dellcomp2,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, so I ask for your patience. Please stick with me until we get your computer cleaned up.

I'm currently analyzing your log now, and I'll post back with a fix ASAP. Thanks for your patience.
Go to the top of the page
 
+Quote Post
SpySentinel
post Sep 21 2008, 02:18 PM
Post #3


Trusted Helper
Group Icon
Posts: 1,643
From: The United States
OS: Windows XP SP2
Sorry for the delay.


Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum
Go to the top of the page
 
+Quote Post
Rorschach112
post Sep 24 2008, 03:31 PM
Post #4


GeekU Teacher
Group Icon
Posts: 19,886
From: Dublin
OS: XP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Go to the top of the page
 
+Quote Post
SpySentinel
post Sep 28 2008, 01:48 PM
Post #5


Trusted Helper
Group Icon
Posts: 1,643
From: The United States
OS: Windows XP SP2
Please follow my instructions above if you have not already.
Go to the top of the page
 
+Quote Post
dellcomp2
post Sep 28 2008, 06:07 PM
Post #6


Member
**
Posts: 14
OS: xp
OTViewIt logfile created on: 2008-09-28 06:44:22 PM - Run 1
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

246.07 Mb Total Physical Memory | 84.86 Mb Available Physical Memory | 34.49% Memory free
973.71 Mb Paging File | 665.11 Mb Available in Paging File | 68.31% Paging File free
Paging file location(s): C:\pagefile.sys 744 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.04 Gb Total Space | 22.89 Gb Free Space | 67.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 488.48 Mb Total Space | 456.39 Mb Free Space | 93.43% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABBAS
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006-03-07 13:03:02 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[2006-03-07 13:02:34 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[2006-02-06 12:50:24 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[2008-08-09 11:57:22 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2004-08-04 00:56:56 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\rundll32.exe
[2004-08-04 00:56:56 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\rundll32.exe
[2001-11-22 20:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\BRSVC01A.EXE
[2001-12-12 20:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\BRSS01A.EXE
[2006-12-22 12:33:10 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
[2006-03-17 06:34:12 | 00,030,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2006-05-26 07:46:30 | 00,071,168 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LxrJD31s.exe
[2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007-03-01 22:42:50 | 00,895,088 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\Spyware Doctor\sdhelp.exe
[2004-05-12 20:32:38 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\slserv.exe
[2004-09-15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wdfmgr.exe
[2008-07-18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wuauclt.exe
[2008-07-18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wuauclt.exe
[2008-09-27 17:59:38 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Admin\Desktop\VundoFix.exe
[2008-09-27 18:00:00 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008-08-09 11:57:22 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2004-07-15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2001-11-22 20:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\BRSVC01A.EXE -- (Brother XP spl Service [Auto | Running])
[2005-04-16 13:35:56 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE -- (C-DillaCdaC11BA [Disabled | Stopped])
[2006-05-21 21:54:43 | 00,259,184 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\Yahoo!\Antivirus\iSafe.exe -- (CAISafe [Disabled | Stopped])
[2006-03-07 13:02:34 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
[2006-03-07 13:03:02 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
[2004-08-04 00:56:48 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2006-03-17 06:34:12 | 00,030,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2004-08-04 00:56:50 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\fxssvc.exe -- (Fax [Auto | Stopped])
[2006-02-23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [Disabled | Stopped])
[2006-12-22 12:33:10 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2006-12-22 12:34:52 | 00,105,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Disabled | Stopped])
[2006-05-26 07:46:30 | 00,071,168 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LxrJD31s.exe -- (LxrJD31s [Auto | Running])
[2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2003-12-17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006-03-17 06:34:24 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2007-03-01 22:42:50 | 00,895,088 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\Spyware Doctor\sdhelp.exe -- (SDhelper [Auto | Running])
[2004-05-12 20:32:38 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\slserv.exe -- (SLService [Auto | Running])
[2006-01-24 20:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2006-02-06 12:50:24 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
[2006-03-17 06:34:20 | 01,799,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Disabled | Stopped])
[2004-09-15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007-01-19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006-05-21 21:54:43 | 00,201,840 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\Yahoo!\Antivirus\VetMsg.exe -- (VETMSGNT [Auto | Stopped])
File not found -- -- (YPCService [On_Demand | Stopped])

========== Driver Services ==========

[2001-08-17 14:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ABP480N5.SYS -- (abp480n5 [Boot | Running])
[2001-08-17 15:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ADPU160M.SYS -- (adpu160m [Boot | Running])
[2002-04-01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2004-08-04 00:07:44 | 00,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AGPCPQ.SYS -- (agpCPQ [Boot | Running])
[2001-08-17 14:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AHA154X.SYS -- (Aha154x [Boot | Running])
[2001-08-17 15:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78U2.SYS -- (aic78u2 [Boot | Running])
[2001-08-17 15:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78XX.SYS -- (aic78xx [Boot | Running])
[2001-08-17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Boot | Running])
[2004-08-04 00:07:42 | 00,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIM1541.SYS -- (alim1541 [Boot | Running])
[2004-08-04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\AMDAGP.SYS -- (amdagp [Boot | Running])
[2001-08-17 14:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\AMSINT.SYS -- (amsint [Boot | Running])
[2001-08-17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Boot | Running])
[2001-08-17 14:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3350P.SYS -- (asc3350p [Boot | Running])
[2001-08-17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Boot | Running])
[2005-04-12 14:28:09 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
File not found -- C:\CBSnack\catchme.sys -- (catchme [On_Demand | Stopped])
[2004-08-03 23:10:18 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.sys -- (CCDECODE [On_Demand | Stopped])
[2001-08-17 14:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CD20XRNT.SYS -- (cd20xrnt [Boot | Running])
[2005-04-16 13:35:57 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS -- (CdaC15BA [Auto | Running])
[2001-08-17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Boot | Running])
[2006-03-14 18:30:00 | 00,809,536 | ---- | M] (C-Media Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\cmudau.sys -- (cmudau [On_Demand | Stopped])
[2001-08-17 14:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\CPQARRAY.SYS -- (Cpqarray [Boot | Running])
[2001-08-17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Boot | Running])
[2001-08-17 14:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC960NT.SYS -- (dac960nt [Boot | Running])
[2001-08-17 15:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DPTI2O.SYS -- (dpti2o [Boot | Running])
[2004-12-01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004-11-23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm [Auto | Running])
[2004-02-10 16:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
[2008-01-18 05:00:00 | 00,385,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008-01-18 05:00:00 | 00,109,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2001-08-17 15:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\HPN.SYS -- (hpn [Boot | Running])
[2004-11-02 16:31:02 | 00,219,520 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Stopped])
[2004-11-02 16:29:28 | 01,036,544 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
[2004-08-04 00:00:52 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\I2OMGMT.SYS -- (i2omgmt [System | Running])
[2004-08-04 00:00:52 | 00,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\I2OMP.SYS -- (i2omp [Boot | Running])
[2005-10-14 15:15:18 | 01,302,812 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
[2007-03-01 22:42:37 | 00,030,592 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ikhfile.sys -- (ikhfile [System | Running])
[2007-03-01 22:42:38 | 00,051,072 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ikhlayer.sys -- (ikhlayer [System | Running])
[2001-08-17 14:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\INI910U.SYS -- (ini910u [Boot | Running])
[2004-08-04 06:00:00 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS -- (intelppm [System | Running])
[2006-12-22 12:30:42 | 01,683,232 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (LVcKap [On_Demand | Running])
[2006-12-22 12:32:24 | 01,963,680 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -- (LVMVDrv [On_Demand | Running])
[2006-12-22 12:32:48 | 00,025,632 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2006-12-15 01:41:55 | 00,041,248 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2006-05-26 07:46:30 | 00,069,824 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\LxrJD31d.sys -- (LxrJD31d [Auto | Running])
[2004-04-13 20:20:08 | 00,015,781 | R--- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2004-03-17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001-08-17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2001-08-17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Boot | Running])
[2004-08-03 22:58:40 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.sys -- (MSTEE [On_Demand | Stopped])
[2004-05-12 19:35:08 | 00,231,224 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\DRIVERS\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
[2004-05-12 19:28:06 | 01,395,296 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\DRIVERS\mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
[2004-08-03 23:10:30 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.sys -- (NABTSFEC [On_Demand | Stopped])
[2008-06-13 04:00:00 | 00,089,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080613.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008-06-13 04:00:00 | 00,856,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080613.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2004-08-03 23:10:14 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NdisIP.sys -- (NdisIP [On_Demand | Stopped])
[2004-08-03 23:41:40 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\SYSTEM32\DRIVERS\ntmtlfax.sys -- (NtMtlFax [On_Demand | Stopped])
[2004-08-03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv [On_Demand | Stopped])
[2002-11-08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2001-08-17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\pciide.sys -- (PCIIde [Boot | Running])
[2006-12-15 01:36:25 | 00,014,240 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Running])
[2001-08-17 15:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2.SYS -- (perc2 [Boot | Running])
[2001-08-17 15:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2HIB.SYS -- (perc2hib [Boot | Running])
[2006-12-15 01:36:36 | 00,936,864 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
[2004-03-09 05:45:49 | 00,077,184 | ---- | M] (Protection Technology) -- C:\WINDOWS\SYSTEM32\DRIVERS\prodrv06.sys -- (prodrv06 [System | Running])
[2004-03-09 06:18:09 | 00,065,504 | ---- | M] (Protection Technology) -- C:\WINDOWS\SYSTEM32\DRIVERS\prohlp02.sys -- (prohlp02 [Boot | Running])
[2003-09-06 08:22:08 | 00,006,944 | ---- | M] (Protection Technology) -- C:\WINDOWS\SYSTEM32\DRIVERS\prosync1.sys -- (prosync1 [Boot | Running])
[2004-08-04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2007-01-30 01:03:34 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001-08-17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Boot | Running])
[2001-08-17 14:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL10WNT.SYS -- (Ql10wnt [Boot | Running])
[2001-08-17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Boot | Running])
[2001-08-17 14:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1240.SYS -- (ql1240 [Boot | Running])
[2001-08-17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Boot | Running])
[2004-05-12 19:38:02 | 00,014,408 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\DRIVERS\RecAgent.sys -- (RecAgent [Boot | Running])
[2005-12-19 20:41:56 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
[2005-12-19 20:41:58 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
[2003-07-22 13:36:12 | 00,018,088 | R--- | M] (HaSoInTech) -- C:\WINDOWS\SYSTEM32\DRIVERS\SDVC05.sys -- (SDVC05 [On_Demand | Stopped])
[2007-11-13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
[2003-12-01 11:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\SYSTEM32\DRIVERS\sfhlp01.sys -- (sfhlp01 [Boot | Running])
[2004-08-04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SISAGP.SYS -- (sisagp [Boot | Running])
[2004-08-03 23:10:18 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.sys -- (SLIP [On_Demand | Stopped])
[2004-05-12 19:41:32 | 00,652,360 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\DRIVERS\slntamr.sys -- (Slntamr [On_Demand | Running])
[2004-05-12 19:29:50 | 00,100,384 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\DRIVERS\slnthal.sys -- (SlNtHal [On_Demand | Stopped])
[2004-05-12 19:21:18 | 00,013,232 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\DRIVERS\slwdmsup.sys -- (SlWdmSup [On_Demand | Running])
[2004-04-09 13:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm [On_Demand | Running])
[2001-08-17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Boot | Running])
[2006-02-06 12:50:22 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2006-01-26 13:21:04 | 00,034,686 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])
[2004-07-14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004-07-14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln [System | Running])
[2004-08-03 23:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\StreamIP.sys -- (streamip [On_Demand | Stopped])
[2001-08-17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Boot | Running])
[2001-08-17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Boot | Running])
[2006-01-31 13:29:20 | 00,107,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2006-01-24 20:06:32 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys -- (SYMREDRV [On_Demand | Stopped])
[2006-01-24 20:06:36 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys -- (SYMTDI [System | Running])
[2001-08-17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Boot | Running])
[2001-08-17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Boot | Running])
[2004-12-06 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004-12-06 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004-12-06 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004-12-06 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004-12-06 02:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004-12-06 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004-12-06 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004-12-06 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004-12-06 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[1999-08-30 15:51:42 | 00,009,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\Ticalc.sys -- (TICalc [Auto | Running])
[2004-02-04 10:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\SYSTEM32\DRIVERS\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped])
[2001-08-17 14:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\TOSIDE.SYS -- (TosIde [Boot | Running])
[2001-08-17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Boot | Running])
[2004-08-03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2004-08-04 06:00:00 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS -- (usbehci [On_Demand | Running])
[2006-05-21 21:54:41 | 00,021,031 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\Vet-Filt.sys -- (VET-FILT [System | Running])
[2006-05-21 21:54:41 | 00,015,478 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\Vet-Rec.sys -- (VET-REC [System | Running])
[2006-10-02 14:52:51 | 00,108,592 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\VetEBoot.sys -- (VETEBOOT [On_Demand | Running])
[2006-10-02 14:52:51 | 00,629,264 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\VetEFile.sys -- (VETEFILE [System | Running])
[2006-05-21 21:54:41 | 00,015,735 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\VetFDDNT.sys -- (VETFDDNT [System | Running])
[2006-07-31 20:03:27 | 00,026,787 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT [System | Running])
[2004-08-04 00:07:44 | 00,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\VIAAGP.SYS -- (viaagp [Boot | Running])
[2004-08-03 23:59:44 | 00,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\VIAIDE.SYS -- (ViaIde [Boot | Running])
[2004-11-02 16:30:02 | 00,702,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
[2004-08-04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [Disabled | Stopped])
[2004-08-03 23:10:22 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS -- (WSTCODEC [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"@"=http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM77df87ff"=Rundll32.exe "C:\WINDOWS\system32\vokvmcgl.dll",s ()
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto (Microsoft Corporation)

========== (O4) Startup Folders ==========


========== (O6 & O7) Internet Explorer Policies ==========
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Restrictions] - present
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel] - present

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1
"NoCDBurning"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"NoDrives"=0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\common\yinsthelper.dll -- YInstStarter Class
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{415666EC-868D-429E-9DB1-B8848B6D8EB5} (Servers: | Description: )
{D5C1546E-2BED-4CF3-B050-4E8F8A7C72C8} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\SYSTEM32\NavLogon.dll (Symantec Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3FFE90FB-0431-4ED5-AF76-8BF8AE7E0B35}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\wvUkJDwv,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004-08-10 14:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT [@ECHO OFF | PATH=A:\DOS;A:\DFT;A:\; | KEYB US,,A:\DOS\KEYBOARD.SYS | MOUSE /Z | | ECHO Loading DFT ... | cd DFT | LOADDFT.EXE DFT-V300.EXE DFT.EXE /!BLOB /PSR >NUL | | ]
[2006-08-03 06:39:24 | 00,000,162 | ---- | M] () -- E:\AUTOEXEC.BAT -- [ FAT ]

autorun.inf []
[2008-09-27 22:03:46 | 00,000,000 | RHSD | M] -- E:\autorun.inf -- [ FAT ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14954c82-27ab-11db-9ab4-0013201600ef}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14954c82-27ab-11db-9ab4-0013201600ef}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14954c82-27ab-11db-9ab4-0013201600ef}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008-09-28 18:43:27 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008-09-28 18:43:05 | 11,418,936 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Admin\Desktop\drweb-cureit.exe
[2008-09-28 18:43:01 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTViewIt.exe
[2008-09-24 15:41:32 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008-09-24 15:41:32 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008-09-20 17:01:45 | 01,168,691 | -HS- | C] () -- C:\WINDOWS\System32\hwnvwbvy.ini
[2008-09-20 17:01:31 | 00,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008-09-20 17:01:28 | 00,111,558 | ---- | C] () -- C:\WINDOWS\BM77df87ff.xml
[2008-09-20 16:52:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008-09-20 16:33:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2008-09-20 16:32:07 | 00,000,000 | ---D | C] -- C:\QooBox
[2008-09-20 16:31:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[2008-09-20 16:31:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2008-09-20 16:31:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008-09-20 16:31:50 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008-09-20 16:31:50 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008-09-20 16:31:50 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008-09-20 16:31:50 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008-09-20 16:31:50 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008-09-20 16:31:50 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\Nircmd.exe
[2008-09-20 16:31:20 | 00,000,000 | ---D | C] -- C:\CBSnack
[2008-09-20 16:31:14 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF27401.exe
[2008-09-20 16:21:24 | 00,001,372 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008-09-20 16:15:50 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2008-09-20 16:15:50 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2008-09-20 16:15:50 | 00,086,528 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008-09-20 16:15:50 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2008-09-20 16:15:50 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008-09-20 16:15:50 | 00,081,920 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2008-09-20 16:15:50 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008-09-20 16:15:50 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008-09-20 16:15:49 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2008-09-20 16:14:27 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\vubjle.dll
[2008-09-20 16:14:27 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\ciqytqht.dll
[2008-09-20 16:13:21 | 00,000,106 | ---- | C] () -- C:\delete.bat
[2008-09-20 16:11:54 | 00,082,944 | ---- | C] () -- C:\WINDOWS\System32\yvbwvnwh.dll
[2008-09-20 16:11:40 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\vokvmcgl.dll
[2008-09-20 16:11:03 | 00,004,128 | ---- | C] () -- C:\INFCACHE.1
[2008-09-18 22:10:57 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\zmydki.dll
[2008-09-18 22:10:56 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\ocwidith.dll
[2008-09-18 22:07:55 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\fxmojvek.dll
[2008-09-17 22:09:32 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\cayfzh.dll
[2008-09-17 22:09:31 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\eniebaoy.dll
[2008-09-17 22:03:41 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\cybmtgbf.dll
[2008-09-14 13:38:28 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\inoifm.dll
[2008-09-14 13:38:27 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\jkndlits.dll
[2008-09-14 13:34:53 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\gwacjnpm.dll
[2008-09-13 10:21:28 | 00,000,000 | ---D | C] -- C:\Program Files\Twain
[2008-09-13 10:18:12 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\pysgzz.dll
[2008-09-13 10:18:10 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\xvkbjnxf.dll
[2008-09-13 10:16:26 | 00,000,000 | ---D | C] -- C:\Program Files\Webtools
[2008-09-13 10:15:12 | 00,082,944 | ---- | C] () -- C:\WINDOWS\System32\qmeahbga.dll
[2008-09-13 10:12:11 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\uncvswwx.dll
[2008-09-13 10:11:31 | 00,000,000 | ---D | C] -- C:\Program Files\Mjcore
[2008-09-12 10:13:29 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\azrlyz.dll
[2008-09-12 10:13:27 | 00,119,808 | ---- | C] () -- C:\WINDOWS\System32\ivuwhwog.dll
[2008-09-12 10:10:16 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\mlbxggfe.dll
[2008-09-12 10:05:22 | 00,099,328 | ---- | C] () -- C:\WINDOWS\stfMeane572.exe
[2008-09-12 10:01:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mC19
[2008-09-04 15:58:18 | 00,058,450 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\u.s.gif
[2008-09-02 14:53:36 | 00,001,545 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Recuva.lnk
[2008-09-02 14:53:36 | 00,000,000 | ---D | C] -- C:\Program Files\Recuva
[2008-09-02 14:48:14 | 02,304,392 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Admin\Desktop\rcsetup118.exe
[2008-09-02 14:11:52 | 00,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2008-09-02 14:11:46 | 00,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2008-09-01 13:56:40 | 01,895,547 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\IMG_0309[1]

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008-09-28 18:45:38 | 00,111,558 | ---- | M] () -- C:\WINDOWS\BM77df87ff.xml
[2008-09-28 18:40:34 | 00,000,743 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2008-09-28 18:40:34 | 00,000,211 | -HS- | M] () -- C:\BOOT.INI
[2008-09-28 18:40:33 | 00,000,252 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2008-09-28 18:36:24 | 01,168,691 | -HS- | M] () -- C:\WINDOWS\System32\hwnvwbvy.ini
[2008-09-28 18:36:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008-09-28 18:36:11 | 00,000,022 | ---- | M] () -- C:\WINDOWS\pskt.ini
[2008-09-28 18:35:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008-09-28 18:35:28 | 25,810,1248 | -HS- | M] () -- C:\hiberfil.sys
[2008-09-28 03:30:00 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Scheduled Scan.job
[2008-09-27 18:28:00 | 11,418,936 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Admin\Desktop\drweb-cureit.exe
[2008-09-27 18:00:00 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTViewIt.exe
[2008-09-24 15:41:32 | 00,063,488 | ---- | M] () -- C:\WINDOWS\xobglu16.dll
[2008-09-24 15:41:32 | 00,023,552 | ---- | M] () -- C:\WINDOWS\xobglu32.dll
[2008-09-21 12:51:48 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008-09-20 16:31:14 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF27401.exe
[2008-09-20 16:21:25 | 00,001,372 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008-09-20 16:14:27 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\vubjle.dll
[2008-09-20 16:14:27 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\ciqytqht.dll
[2008-09-20 16:13:21 | 00,000,106 | ---- | M] () -- C:\delete.bat
[2008-09-20 16:11:54 | 00,082,944 | ---- | M] () -- C:\WINDOWS\System32\yvbwvnwh.dll
[2008-09-20 16:11:40 | 00,090,112 | ---- | M] () -- C:\WINDOWS\System32\vokvmcgl.dll
[2008-09-20 16:11:03 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008-09-20 16:08:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008-09-18 23:17:20 | 01,574,226 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db
[2008-09-18 22:10:57 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\zmydki.dll
[2008-09-18 22:10:57 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\ocwidith.dll
[2008-09-18 22:07:56 | 00,090,112 | ---- | M] () -- C:\WINDOWS\System32\fxmojvek.dll
[2008-09-17 22:09:32 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\eniebaoy.dll
[2008-09-17 22:09:32 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\cayfzh.dll
[2008-09-17 22:03:41 | 00,090,112 | ---- | M] () -- C:\WINDOWS\System32\cybmtgbf.dll
[2008-09-14 13:38:28 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\jkndlits.dll
[2008-09-14 13:38:28 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\inoifm.dll
[2008-09-14 13:34:53 | 00,090,112 | ---- | M] () -- C:\WINDOWS\System32\gwacjnpm.dll
[2008-09-13 10:18:11 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\xvkbjnxf.dll
[2008-09-13 10:18:11 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\pysgzz.dll
[2008-09-13 10:15:12 | 00,082,944 | ---- | M] () -- C:\WINDOWS\System32\qmeahbga.dll
[2008-09-13 10:12:12 | 00,090,112 | ---- | M] () -- C:\WINDOWS\System32\uncvswwx.dll
[2008-09-12 10:13:28 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\ivuwhwog.dll
[2008-09-12 10:13:28 | 00,119,808 | ---- | M] () -- C:\WINDOWS\System32\azrlyz.dll
[2008-09-12 10:10:16 | 00,090,112 | ---- | M] () -- C:\WINDOWS\System32\mlbxggfe.dll
[2008-09-12 10:05:29 | 00,099,328 | ---- | M] () -- C:\WINDOWS\stfMeane572.exe
[2008-09-04 15:58:19 | 00,058,450 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\u.s.gif
[2008-09-02 14:53:37 | 00,001,545 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Recuva.lnk
[2008-09-02 14:48:28 | 02,304,392 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Admin\Desktop\rcsetup118.exe
[2008-09-01 13:56:56 | 01,895,547 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\IMG_0309[1]
< End of report >
Go to the top of the page
 
+Quote Post
dellcomp2
post Sep 28 2008, 06:09 PM
Post #7


Member
**
Posts: 14
OS: xp
EXTRA.TXT

OTViewIt Extras logfile created on: 2008-09-28 06:44:22 PM - Run Admin
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

246.07 Mb Total Physical Memory | 84.86 Mb Available Physical Memory | 34.49% Memory free
973.71 Mb Paging File | 665.11 Mb Available in Paging File | 68.31% Paging File free
Paging file location(s): C:\pagefile.sys 744 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.04 Gb Total Space | 22.89 Gb Free Space | 67.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 488.48 Mb Total Space | 456.39 Mb Free Space | 93.43% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABBAS
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004-08-04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[2007-01-19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007-01-04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\huotuftx.exe"=C:\WINDOWS\system32\huo
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader
File not found -- C:\Documents and Settings\Admin\Desktop\incredimail_install.exe:*:Disabled:IncrediMail Installer
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
File not found -- C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer
[2004-08-04 00:56:50 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test
File not found -- C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Disabled:P2P Networking
[2005-04-12 14:28:04 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
[2004-08-04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2007-01-19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1
[2007-01-04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)
[2004-10-13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
[2007-06-07 14:08:18 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger
[2007-06-07 14:08:16 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\SYSTEM32\VetRedir.dll (Computer Associates International, Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005-09-20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007-01-19 13:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2005-09-20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005-09-20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000-04-19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007-01-19 13:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007-03-14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2007-05-10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007-04-19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001AB29C-5468-4972-8D24-2EBDB2B12133}"=Camera Window DVC
"{001EB665-D9EC-415E-9E13-AD2125B2B992}"=RAW Image Task 2.1
"{061F7D1F-A74E-4262-A835-AF4DF0F91F02}"=Rosetta Stone 2.1.5.3A
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}"=Sonic Update Manager
"{0DCCE3F4-E888-40E8-8AE5-CF8058F25631}"=DVC5.1 Driver
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}"=PC Inspector File Recovery
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}"=Microsoft Plus! Photo Story 2 LE
"{117CD9C0-0F15-4633-93D7-F957B50535A5}"=Popup Blocker (Windows Live Toolbar)
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{158BC6C5-5950-4FDD-BE33-0294668923F2}"=Samsung DVC Media 5.1
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}"=Intel® PROSet for Wired Connections
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}"=PhotoStitch
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}"=Macromedia Flash 8
"{31C50740-FC5A-4C6C-B91B-E3B5DFADC824}"=Logitech QuickCam
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}"=Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}"=Jasc Paint Shop Photo Album 5
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}"=Banctec Service Agreement
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}"=Macromedia Extension Manager
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5783F2D7-0201-0409-0002-0060B0CE6BBA}"=AutoCAD 2004
"{5783F2D7-0211-0409-0000-0060B0CE6BBA}"=AutoCAD Exp