Audio pop ups and Spam windows popping up randomly [RESOLVED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

2 Pages

1 2 >

Audio pop ups and Spam windows popping up randomly [RESOLVED], After your "Must Read' Instructions, the problem persists

Options

jacknsherr View Member Profile	Aug 22 2008, 03:39 PM Post #1
Member Posts: 23 OS: XP	For about the past week, I've been plagued with random popups, which include both IE windows and audio messages telling me I've variously won $1000 Walmart Gift Cards and iPods. I've run several scans (McAfee, Adaware, eWido, Spybot, Avast) and then resorted to the prescribed steps in your "must read before posting" instructions. Please help! I'm at wit's end!!!!! Following is the HiJack This Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:28:09 PM, on 8/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\ba614MPs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\user\LOCALS~1\Temp\2008822162431_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [msci] C:\DOCUME~1\user\LOCALS~1\Temp\2008822162422_mcinfo.exe /insfin O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - S-1-5-18 Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'SYSTEM') O4 - S-1-5-18 Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'Default user') O4 - .DEFAULT Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Default user') O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download with Xilisoft YouTube to iPod Converter - C:\Program Files\Xilisoft\Youtube to iPod Converter\upod_link.HTM O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://www.dioceseaj.org/iNotes.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125037579875 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10871 bytes And following is the "Uninstall List;" 32 Bit HP BiDi Channel Components Installer Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 7.0.9 AIM 6 AoA DVD Ripper AoA MP4 Converter AOL Instant Messenger Apple Mobile Device Support Apple Software Update Avanquest update avast! Antivirus AviSynth 2.5 Bejeweled 2 Deluxe 1.0 BitTorrent 4.24.0 CCleaner (remove only) Cucusoft DVD to iPod + iPod Video Converter Suite 6.1.5.15 Cucusoft DVD to iPod Converter 6.01 Cucusoft iPod Video Converter 3.16 DivX DivX Player DivX Web Player DVD Audio Extractor 4.1.1 Enable S3 for USB Device ERUNT 1.1j ewido security suite Garmin WebUpdater Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) HP Deskjet 3900 series HP Extended Capabilities 5.0 HP Image Zone Express HP Imaging Device Functions 5.0 HP Software Update HP Solution Center & Imaging Support Tools 5.0 Iomega DVD Wizard Iomega HotBurn Pro iPod for Windows 2005-10-12 iTunes J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 4 Java™ 6 Update 7 Logitech QuickCam Logitech QuickCam Driver Package Macromedia Shockwave Player Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 97, Professional Edition Motorola Driver Installation 3.2.0 Motorola Phone Tools Mozilla Firefox (2.0.0.16) MPEG Video Wizard DVD MySpaceIM Nero - Burning Rom NVIDIA Drivers NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers OpenOffice.org Installer 1.0 PowerDVD QuickTime Realtek AC'97 Audio REALTEK Gigabit and Fast Ethernet NIC Driver Safari Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Skype™ 3.6 Snood for Windows version 3.52-W Sonic Express Labeler Sonic Foundry Sound Forge 6.0d Sonic MyDVD Sonic Update Manager Spybot - Search & Destroy 1.4 TrojanHunter 4.2 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Viewpoint Manager (Remove Only) Viewpoint Media Player Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 WinRAR archiver Thanks! Jackson

Egwene View Member Profile	Aug 26 2008, 06:58 AM Post #2
Trusted Helper Posts: 2,049 From: France OS: XP/Vista édition basique familiale	Hello jacknsherr ! Welcome to the site! My name's Egwene and I'll be helping clean up your computer. I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me. Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer: To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here. Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry! When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format \| Uncheck Word Wrap) Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know. NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask! Make sure you reply to this thread using the Add Reply button: Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

jacknsherr View Member Profile	Aug 26 2008, 07:51 AM Post #3
Member Posts: 23 OS: XP	All verified and understood. Thank you for your help! ---- Jackson

Egwene View Member Profile	Aug 26 2008, 08:12 AM Post #4
Trusted Helper Posts: 2,049 From: France OS: XP/Vista édition basique familiale	Hey jacknsherr, You're right, your computer is infected by some malwares, so let's go with the removal --> Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Do not scan now ! --> Please download the OTMoveIt2 by OldTimer. Save it to your desktop. 1) Disable real-time protection : Please disable Avast! real-time protection, more help here : http://www.bleepingcomputer.com/forums/topic114351.html 2) Run OTMoveIT2 : Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): [kill explorer] C:\WINDOWS\system32\ba614MPs.exe purity emptytemp [start explorer] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTMoveIt2 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.[/list] 3) Run MBAM : Launch MBAM, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. 4) Run OTviewIT : Download OTViewIt to your desktop. Close all windows and open it Click Run Scan and let the program run uninterrupted It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here. You may need to use two posts to get it all on the forum Please post in your next answer : - OTmoveIT2 repport - MBAM repport - Two OTviewIT repports. Regards, Egwene.

jacknsherr

Aug 26 2008, 08:55 AM

Post #5

Member

Posts: 23
OS: XP

Hey Egwene!

Thanks for your very clear and concise instructions!!!

Here is the OTMoveIt2 Log:

Explorer killed successfully
C:\WINDOWS\system32\ba614MPs.exe moved successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF3B62.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF4635.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFE075.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\LVCOMSX.LOG scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_648.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08262008_093031

Files moved on Reboot...
C:\DOCUME~1\user\LOCALS~1\Temp\~DF3B62.tmp moved successfully.
C:\DOCUME~1\user\LOCALS~1\Temp\~DF4635.tmp moved successfully.
C:\DOCUME~1\user\LOCALS~1\Temp\~DFE075.tmp moved successfully.
C:\WINDOWS\temp\LVCOMSX.LOG moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_648.dat not found!

And the MBAM Log:

Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 2

9:47:49 AM 8/26/2008
mbam-log-08-26-2008 (09-47-49).txt

Scan type: Quick Scan
Objects scanned: 50531
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ba614MPs.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.

The OT ViewIT report:

OTViewIt logfile created on: 8/26/2008 9:49:44 AM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 210.32 Mb Available Physical Memory | 41.12% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 59.02 Gb Free Space | 79.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 136.44 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-88A1E09A42
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[10/19/2007 02:19 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[11/11/2004 06:53 PM | 00,016,448 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoctrl.exe
[09/24/2003 10:00 AM | 00,073,728 | ---- | M] (Iomega Corporation) - C:\Program Files\Iomega\System32\AppServices.exe
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[05/14/2004 02:47 AM | 00,067,072 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[07/27/2004 05:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[10/25/2007 05:33 PM | 00,563,984 | ---- | M] () - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[10/25/2007 05:37 PM | 02,178,832 | ---- | M] () - C:\Program Files\Logitech\QuickCam\Quickcam.exe
[03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[12/18/2007 08:47 PM | 08,720,384 | ---- | M] () - C:\Program Files\MySpace\IM\MySpaceIM.exe
[09/30/2004 12:35 AM | 00,127,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[11/17/1996 12:00 AM | 00,051,984 | ---- | M] () - C:\Program Files\Microsoft Office\Office\OSA.EXE
[01/04/2007 04:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[10/25/2007 05:32 PM | 00,407,824 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[12/18/2007 08:47 PM | 08,720,384 | ---- | M] () - C:\Program Files\MySpace\IM\MySpaceIM.exe
[01/04/2007 04:38 PM | 00,112,336 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[08/26/2008 09:49 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\user\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(aswUpdSv) avast! iAVS4 Control Service [Auto | Running]
[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

(avast! Antivirus) avast! Antivirus [Auto | Running]
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe

(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Stopped]
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

(avast! Web Scanner) avast! Web Scanner [On_Demand | Stopped]
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 07:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(ewido security suite control) ewido security suite control [Auto | Running]
[11/11/2004 06:53 PM | 00,016,448 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoctrl.exe

(ewido security suite guard) ewido security suite guard [Disabled | Stopped]
[09/25/2005 01:55 PM | 00,163,904 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoguard.exe

(gusvc) Google Updater Service [On_Demand | Stopped]
[08/19/2008 03:01 PM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(HP Port Resolver) HP Port Resolver [On_Demand | Stopped]
[05/20/2005 11:37 AM | 00,081,920 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

(HP Status Server) HP Status Server [On_Demand | Stopped]
[10/16/2004 06:31 AM | 00,073,728 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 01:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(Iomega Activity Disk2) Iomega Activity Disk2 [Disabled | Stopped]
[08/26/2008 09:49 AM | ---D | M] - .

(Iomega App Services) Iomega App Services [Auto | Running]
[09/24/2003 10:00 AM | 00,073,728 | ---- | M] (Iomega Corporation) - C:\Program Files\Iomega\System32\AppServices.exe

(iPod Service) iPod Service [On_Demand | Running]
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LVCOMSer) LVCOMSer [Auto | Running]
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(LVPrcSrv) Process Monitor [Auto | Running]
[10/19/2007 02:19 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(LVSrvLauncher) LVSrvLauncher [Auto | Stopped]
[10/19/2007 02:21 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[09/30/2004 12:35 AM | 00,127,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(PavPrSrv) Panda Process Protection Service [Auto | Stopped]
File not found - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running]
[01/04/2007 04:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe

===== Driver Services - Non-Microsoft Only =====

(Aavmker4) avast! Asynchronous Virus Monitor [System | Running]
[07/19/2008 09:32 AM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys

(ALCXSENS) Service for WDM 3D Audio Driver [On_Demand | Running]
[02/23/2004 10:08 PM | 00,400,384 | ---- | M] (Sensaura) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[05/14/2004 10:24 AM | 00,622,172 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(ASPI32) ASPI32 [System | Running]
[07/17/2002 08:53 AM | 00,016,877 | ---- | M] (Adaptec) - C:\WINDOWS\System32\drivers\Aspi32.sys

(aswFsBlk) aswFsBlk [Auto | Running]
[07/19/2008 09:37 AM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\system32\drivers\aswFsBlk.sys

(aswMon2) avast! Standard Shield Support [Auto | Running]
[07/19/2008 09:37 AM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys

(aswRdr) aswRdr [On_Demand | Running]
[07/19/2008 09:33 AM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys

(aswSP) avast! Self Protection [System | Running]
[07/19/2008 09:35 AM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys

(aswTdi) avast! Network Shield Support [System | Running]
[07/19/2008 09:32 AM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 07:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 07:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/04/2004 07:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DumaNT) NVIDIA Stereo Helper Service [System | Running]
[11/18/2002 04:29 PM | 00,399,700 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\dumant.sys

(ewido security suite driver) ewido security suite driver [System | Running]
[11/22/2004 09:15 AM | 00,003,072 | ---- | M] () - C:\Program Files\ewido\security suite\guard.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(GMSIPCI) GMSIPCI [On_Demand | Stopped]
File not found - D:\INSTALL\GMSIPCI.SYS

(IndiAvIn) TDK INDI AV-IN USB Device [On_Demand | Stopped]
[11/16/2002 07:03 PM | 00,086,016 | ---- | M] (Emuzed, Inc.) - C:\WINDOWS\system32\drivers\IndiAvIn.sys

(Intels51) Intel® 536EP V.92 Modem [On_Demand | Running]
[05/10/2002 08:31 AM | 00,633,220 | R--- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Intels51.sys

(iomdisk) Iomega Devices Disk Filter Services [Boot | Running]
[09/24/2003 10:00 AM | 00,032,658 | ---- | M] (Iomega Corporation) - C:\WINDOWS\system32\drivers\IomDisk.sys

(iteraid) ITERAID_Service_Install [Boot | Running]
[02/25/2004 03:46 AM | 00,024,827 | R--- | M] (Integrated Technology Express, Inc.) - C:\WINDOWS\system32\drivers\iteraid.sys

(LVcKap) Logitech AEC Driver [On_Demand | Running]
[10/19/2007 02:16 PM | 02,109,976 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\Lvckap.sys

(LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Stopped]
[10/11/2007 07:59 PM | 02,142,488 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys

(LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running]
[10/11/2007 07:59 PM | 00,025,624 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running]
[10/11/2007 09:00 PM | 00,041,752 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(motmodem) Motorola USB CDC ACM Driver [On_Demand | Stopped]
[06/18/2007 02:18 PM | 00,023,680 | ---- | M] (Motorola) - C:\WINDOWS\system32\drivers\motmodem.sys

(nv) nv [On_Demand | Running]
[09/30/2004 12:35 AM | 02,743,840 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(nv_agp) NVIDIA nForce AGP Bus Filter [Boot | Running]
[03/19/2003 02:51 AM | 00,018,688 | R--- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv_agp.SYS

(PavProc) Panda Process Protection Driver [Auto | Stopped]
File not found - C:\WINDOWS\system32\DRIVERS\PavProc.sys

(pepifilter) Volume Adapter [On_Demand | Running]
[10/11/2007 08:55 PM | 00,013,848 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lv302af.sys

(PID_PEPI) Logitech QuickCam IM(PID_PEPI) [On_Demand | Running]
[10/11/2007 08:55 PM | 01,279,000 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LV302V32.SYS

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 07:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[11/17/2005 11:19 AM | 00,020,640 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [On_Demand | Running]
[12/30/2003 10:58 PM | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnic51.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(ShldDrv) Panda File Shield Driver [System | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys

(SI3112r) Silicon Image SiI 3512 SATARaid Controller [Boot | Running]
[05/30/2003 03:05 AM | 00,089,610 | R--- | M] (Silicon Image, Inc) - C:\WINDOWS\system32\drivers\SI3112r.sys

(SiFilter) SATALink driver accelerator [Boot | Running]
[02/11/2003 11:37 PM | 00,009,600 | R--- | M] (Silicon Image, Inc.) - C:\WINDOWS\system32\drivers\SiWinAcc.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software)
"Cleanup" = C:\DOCUME~1\user\LOCALS~1\Temp\2008822162431_mcappins.exe /v=3 /cleanup File not found
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 05:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 05:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.)
"LogitechCommunicationsManager" = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM | 00,563,984 | ---- | M] ()
"LogitechQuickCamRibbon" = "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide [10/25/2007 05:37 PM | 02,178,832 | ---- | M] ()
"msci" = C:\DOCUME~1\user\LOCALS~1\Temp\2008822162422_mcinfo.exe /insfin File not found
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [09/30/2004 12:35 AM | 04,603,904 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [09/30/2004 12:35 AM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [09/30/2004 12:35 AM | 00,921,600 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)
"SoundMan" = SOUNDMAN.EXE [05/14/2004 02:47 AM | 00,067,072 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"MySpaceIM" = C:\Program Files\MySpace\IM\MySpaceIM.exe [12/18/2007 08:47 PM | 08,720,384 | ---- | M] ()
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [03/30/2006 04:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[09/23/2005 10:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[user Startup Folder - C:\Documents and Settings\user\Start Menu\Programs\Startup]
[11/17/1996 12:00 AM | 00,111,376 | ---- | M] () - C:\Documents and Settings\user\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
[11/17/1996 12:00 AM | 00,051,984 | ---- | M] () - C:\Documents and Settings\user\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: () - [05/31/2005 01:04 AM | 00,853,672 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (&Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 02:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 07:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 02:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\WINDOWS\system32\urprhaaun.exe" = C:\WINDOWS\system32\urprhaaun.exe File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 11:24 AM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe [10/31/2005 10:56 AM | 00,700,416 | ---- | M] (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 04:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe [09/29/2006 09:00 PM | 00,043,520 | ---- | M] ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 07:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe" = C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe [11/18/2004 04:26 PM | 01,566,721 | ---- | M] (PopCap.com)
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe [01/03/2008 11:15 AM | 00,050,528 | ---- | M] (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe [12/18/2007 08:47 PM | 08,720,384 | ---- | M] ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe [12/07/2007 04:08 PM | 21,686,568 | R--- | M] (Skype Technologies S.A.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 05:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 07:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 07:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 07:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{7A4455E7-1E22-4CAB-B4F0-51FF2DCDE3CD}]
Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9B410874-7B7D-40FE-9EA6-F06094BD1DEC}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C4A502C0-106A-4D1B-ACB1-7F86FE35522F}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[07/15/2005 04:42 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 |