Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32:Trogan-gen (Other) infection [RESOLVED]


  • This topic is locked This topic is locked

#1
littlebigman

littlebigman

    Member

  • Member
  • PipPip
  • 46 posts
Hi

I have been having some trouble with my PC, in that programs (especially firefox 3.0) seems to be randomly closing itself down for no reason. When the program closes itself, the "Dr Watson Post-mortem debugger" opens, says it is creating an error log, then that closes aswell most of the time, however sometimes the debugger freezez aswell, and i have to close it through task manager.

I ran a virus scan with avast, and it showed 2 virus', one called Win32:Trojan-gen (Other) and one called Win32:Adware-gen (Other).

The first virus (Trojan-gen) was found in a file within C:\\recycler... and the other file (adware-gen) was found in C:\\System Volume Information\...\A0111257.exe.
Both files were "successfully deleted" by avast.

below are is my HijackThis log, hope you guys can help me get this sorted again!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:01, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\D-Tools\daemon.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEA52C0D-7AD4-4CE7-9B60-786757B2378D}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9650 bytes

Thanks in advance for any help you guys can offer me.

littlebigman
  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello littlebigman,
Sorry about the delay, everyone here has been very busy.

Please post a fresh HijackThis log in your next reply.
  • 0

#3
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi Jimmy.

Thankyou for your reply! Don't worry about the delay, i know you are all really busy, i am VERY grateful for your help with this!

Below is the new HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:38:11, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wltray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEA52C0D-7AD4-4CE7-9B60-786757B2378D}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9393 bytes


Thanks again for your help with this, i will reply back as soon as possible after your next reply. unfortunately, i am at work until 6pm UK time, so will not be able to reply until then.

Thanks,
Dan
  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello littlebigman,

i am at work until 6pm UK time, so will not be able to reply until then.

Thats no problem.

STEP 1
I do not see a Firewall on your computer. A firewall can help protect you from Hackers and some types of Malware. I recommend you download a firewall. Here are a few to chose from(all are free).
Comodo
Zone Alarm
OutPost
Out of these I would recommend Comodo, please only install one firewall at a time. If you need any help installing/using one of these firewalls please let me know.

STEP 2
I see that you have a P2P(Peer to Peer) program on your computer. While the program it self may be safe the files you get can be illegal and can also have malware in them. I recommend you remove the following program. (if you do not want to remove the P2P program please skip this step and go to the next one)

Please click Start>Control Panel>Add or Remove Programs. And remove the following program (if present) Also remove any other P2P programs you may have.
uTorrent

Once you have done that please remove the following folder (if present)
C:\Program Files\uTorrent

STEP 3
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

  • 0

#5
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi Jimmy

Thanks again for your reply!

I have installed the Comodo firewall as recommended :) .

I used the p2p program to download Open Office last week (although i havnt had time to install it yet), that is all it has been used for. Is it safe to keep it installed for further versions of the program? I am also considering installing linux on my PC, is it safe to download linux using a torrent?

Below are the 2 logs from OTViewIt. I will post the first log (OTViewIt.txt) in this post, and then the Extras.txt in another, as you recommended:


OTViewIt.txt

OTViewIt logfile created on: 28/08/2008 18:58:11 - Run 1
OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 74.60% Memory free
2.45 Gb Paging File | 2.05 Gb Available in Paging File | 83.65% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.63 Gb Total Space | 2.73 Gb Free Space | 3.92% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 133.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 399.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANPC
Current User Name: Dan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

===== Processes - Non-Microsoft Only =====

[01/19/2005 12:01 PM | 00,065,536 | ---- | M] () - C:\WINDOWS\system32\wltrysvc.exe
[01/29/2005 03:09 AM | 00,876,649 | ---- | M] (BT Voyager Corporation) - C:\WINDOWS\system32\bcmwltry.exe
[07/19/2008 03:25 PM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[07/19/2008 03:38 PM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[04/06/2005 05:03 PM | 00,110,592 | ---- | M] () - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
[02/23/2006 07:09 PM | 00,266,338 | ---- | M] () - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
[08/28/2008 06:47 PM | 00,519,936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe
[02/23/2006 07:08 PM | 01,073,152 | ---- | M] (Cyberlink) - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
[10/20/2005 01:15 PM | 00,090,112 | ---- | M] () - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
[02/23/2006 07:09 PM | 00,114,784 | ---- | M] () - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
[07/19/2008 03:38 PM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[07/23/2008 03:25 PM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[10/04/2004 08:03 PM | 00,310,272 | ---- | M] () - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe
[09/15/2005 04:05 AM | 00,344,064 | ---- | M] (ATI Technologies, Inc.) - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[01/29/2005 03:09 AM | 00,696,422 | ---- | M] (BT Voyager Corporation) - C:\WINDOWS\system32\wltray.exe
[07/19/2008 03:38 PM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[08/28/2008 06:46 PM | 01,655,552 | ---- | M] () - C:\Program Files\COMODO\Firewall\cfp.exe
[08/29/2003 08:05 PM | 00,360,448 | ---- | M] () - C:\Program Files\SpywareGuard\sgmain.exe
[08/29/2003 12:14 PM | 00,233,472 | ---- | M] () - C:\Program Files\SpywareGuard\sgbhp.exe

===== Win32 Services - Non-Microsoft Only =====

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[01/22/2007 09:13 AM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(aswUpdSv) avast! iAVS4 Control Service [Auto | Running]
[07/19/2008 03:25 PM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

(ATI Smart) ATI Smart [Auto | Stopped]
[09/15/2005 04:05 AM | 00,516,096 | ---- | M] () - C:\WINDOWS\system32\ati2sgag.exe

(avast! Antivirus) avast! Antivirus [Auto | Running]
[07/19/2008 03:38 PM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe

(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running]
[07/19/2008 03:38 PM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

(avast! Web Scanner) avast! Web Scanner [On_Demand | Running]
[07/23/2008 03:25 PM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

(BlueSoleil Hid Service) BlueSoleil Hid Service [Auto | Running]
[04/06/2005 05:03 PM | 00,110,592 | ---- | M] () - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

(CLCapSvc) CyberLink Background Capture Service (CBCS) [Auto | Running]
[02/23/2006 07:09 PM | 00,266,338 | ---- | M] () - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

(CLSched) CyberLink Task Scheduler (CTS) [Auto | Running]
[02/23/2006 07:09 PM | 00,114,784 | ---- | M] () - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

(cmdAgent) COMODO Firewall Pro Helper Service [Auto | Running]
[08/28/2008 06:47 PM | 00,519,936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe

(CyberLink Media Library Service) CyberLink Media Library Service [Auto | Running]
[02/23/2006 07:08 PM | 01,073,152 | ---- | M] (Cyberlink) - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

(USBDeviceService) USBDeviceService [Auto | Running]
[10/20/2005 01:15 PM | 00,090,112 | ---- | M] () - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

(wltrysvc) Broadcom Wireless LAN Tray Service [Auto | Running]
[01/19/2005 12:01 PM | 00,065,536 | ---- | M] () - C:\WINDOWS\system32\wltrysvc.exe

===== Driver Services - Non-Microsoft Only =====

(Aavmker4) avast! Asynchronous Virus Monitor [System | Running]
[07/19/2008 03:32 PM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys

(ASCTRM) ASCTRM [Auto | Running]
[08/27/2006 09:28 PM | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\System32\drivers\asctrm.sys

(aswFsBlk) aswFsBlk [Auto | Running]
[07/19/2008 03:37 PM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\system32\drivers\aswFsBlk.sys

(aswMon2) avast! Standard Shield Support [Auto | Running]
[07/19/2008 03:37 PM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys

(aswRdr) aswRdr [On_Demand | Running]
[07/19/2008 03:33 PM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys

(aswSP) avast! Self Protection [System | Running]
[07/19/2008 03:35 PM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys

(aswTdi) avast! Network Shield Support [System | Running]
[07/19/2008 03:32 PM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys

(atapi) Standard IDE/ESDI Hard Disk Controller [Boot | Running]
[02/28/2006 01:00 PM | 00,095,360 | ---- | M] () - C:\WINDOWS\system32\drivers\atapi.sys

(BCM43XX) BCM 802.11g Network Adapter Driver [On_Demand | Stopped]
[01/12/2003 01:25 PM | 00,163,712 | R--- | M] (Belkin Corporation) - C:\WINDOWS\system32\drivers\BCMWL5.SYS

(BlueletAudio) Bluetooth Audio Service [On_Demand | Running]
[05/31/2005 04:40 PM | 00,020,480 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\blueletaudio.sys

(BT) Bluetooth PAN Network Adapter [On_Demand | Stopped]
[04/30/2005 03:48 PM | 00,010,804 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\BtNetDrv.sys

(Btcsrusb) Bluetooth USB For Bluetooth Service [On_Demand | Stopped]
[05/31/2005 10:42 AM | 00,023,000 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\btcusb.sys

(BTHidEnum) Bluetooth HID Enumerator [On_Demand | Running]
[04/30/2005 03:50 PM | 00,011,860 | ---- | M] () - C:\WINDOWS\system32\drivers\vbtenum.sys

(BTHidMgr) Bluetooth HID Manager Service [Boot | Running]
[04/30/2005 03:50 PM | 00,028,271 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\BTHidMgr.sys

(catchme) catchme [On_Demand | Stopped]
File not found - C:\DOCUME~1\Dan\LOCALS~1\Temp\catchme.sys

(d346bus) d346bus [Boot | Running]
[03/12/2004 11:41 PM | 00,156,800 | ---- | M] ( ) - C:\WINDOWS\system32\drivers\d346bus.sys

(d346prt) d346prt [Boot | Running]
[03/12/2004 11:41 PM | 00,005,248 | ---- | M] ( ) - C:\WINDOWS\system32\drivers\d346prt.sys

(LHidUsbK) Logitech SetPoint USB Receiver device driver [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\Drivers\LHidUsbK.Sys

(libusb0) LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120 [On_Demand | Running]
[05/11/2007 12:12 AM | 00,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) - C:\WINDOWS\system32\drivers\libusb0.sys

(LMouKE) Logitech SetPoint Mouse Filter Driver [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\Drivers\LMouKE.sys

(MxlW2k) MxlW2k [On_Demand | Running]
[08/23/2007 05:26 PM | 00,028,352 | ---- | M] (MusicMatch, Inc.) - C:\WINDOWS\System32\drivers\MxlW2k.sys

(Pcouffin) Low level access layer for CD devices [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\Drivers\Pcouffin.sys

(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [On_Demand | Running]
[02/27/2006 12:46 PM | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtnicxp.sys

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Stopped]
[08/03/2004 11:31 PM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys

(SE27bus) Sony Ericsson Device 039 Driver driver (WDM) [On_Demand | Stopped]
[09/18/2006 04:58 PM | 00,061,600 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27bus.sys

(SE27mdfl) Sony Ericsson Device 039 USB WMC Modem Filter [On_Demand | Stopped]
[09/18/2006 04:58 PM | 00,009,360 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mdfl.sys

(SE27mdm) Sony Ericsson Device 039 USB WMC Modem Driver [On_Demand | Stopped]
[09/18/2006 04:58 PM | 00,097,184 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mdm.sys

(SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) [On_Demand | Stopped]
[09/18/2006 04:58 PM | 00,088,688 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mgmt.sys

(se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) [On_Demand | Stopped]
[09/18/2006 04:59 PM | 00,018,704 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se27nd5.sys

(SE27obex) Sony Ericsson Device 039 USB WMC OBEX Interface [On_Demand | Stopped]
[09/18/2006 04:59 PM | 00,086,560 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27obex.sys

(se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) [On_Demand | Stopped]
[09/18/2006 04:59 PM | 00,090,800 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se27unic.sys

(SNP325) USB PC Camera (SNPSTD325) [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\snp325.sys

(USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped]
[10/31/2007 03:09 PM | 00,030,464 | ---- | M] (Apple, Inc.) - C:\WINDOWS\system32\drivers\usbaapl.sys

(VComm) Virtual Serial port driver [On_Demand | Running]
[10/19/2004 02:37 PM | 00,061,312 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\VComm.sys

(VcommMgr) Bluetooth VComm Manager Service [On_Demand | Running]
[03/25/2005 06:18 PM | 00,082,148 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\VcommMgr.sys

(VHidMinidrv) Bluetooth HID Device Service [On_Demand | Running]
[04/30/2005 03:50 PM | 00,011,736 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\VHIDMini.sys

(wanatw) WAN Miniport (ATW) [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\wanatw4.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/15/2005 04:05 AM | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 03:38 PM | 00,078,008 | ---- | M] (ALWIL Software)
"bcmwltry" = bcmwltry.exe [01/29/2005 03:09 AM | 00,876,649 | ---- | M] (BT Voyager Corporation)
"COMODO Firewall Pro" = "C:\Program Files\COMODO\Firewall\cfp.exe" -h [08/28/2008 06:46 PM | 01,655,552 | ---- | M] ()
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 11:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 11:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"PCMService" = "c:\APPS\Powercinema\PCMService.exe" [02/23/2006 07:08 PM | 00,147,456 | ---- | M] (CyberLink Corp.)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"removecpl" = RemoveCpl.exe [01/15/2003 09:33 PM | 00,024,576 | ---- | M] ()
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"Vade Retro Outlook Express" = "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [10/04/2004 08:03 PM | 00,310,272 | ---- | M] ()
"wltray.exe" = C:\WINDOWS\system32\wltray.exe [01/29/2005 03:09 AM | 00,696,422 | ---- | M] (BT Voyager Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent" = "C:\Program Files\uTorrent\utorrent.exe" [07/02/2006 05:29 PM | 00,174,163 | ---- | M] ()
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/15/2007 05:14 PM | 00,147,456 | ---- | M] (Nero AG)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[Dan Startup Folder - C:\Documents and Settings\Dan\Start Menu\Programs\Startup]
[03/16/2005 08:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\Dan\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[08/29/2003 08:05 PM | 00,360,448 | ---- | M] () - C:\Documents and Settings\Dan\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [12/14/2004 08:56 AM | 00,063,136 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
HKLM CLSID: (SpywareGuardDLBLOCK.CBrowserHelper) - [08/03/2003 12:24 AM | 00,192,512 | R--- | M] () C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [02/22/2008 04:25 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

===== Toolbars =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
" C:\WINDOWS\system32\guard32.dll" - [08/28/2008 06:47 PM | 00,143,104 | ---- | M] () C:\WINDOWS\system32\guard32.dll

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [02/28/2006 01:00 PM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 01:44 PM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 01:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 05:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [02/28/2006 01:00 PM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"C:\APPS\Powercinema\PowerCinema.exe" = C:\APPS\Powercinema\PowerCinema.exe [02/23/2006 07:08 PM | 00,053,248 | ---- | M] (CyberLink Corp.)
"C:\APPS\Powercinema\PCMService.exe" = C:\APPS\Powercinema\PCMService.exe [02/23/2006 07:08 PM | 00,147,456 | ---- | M] (CyberLink Corp.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe File not found
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [06/06/2005 02:23 PM | 01,183,744 | ---- | M] (IVT Corporation)
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/14/2004 12:24 AM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 01:44 PM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe [07/02/2006 05:29 PM | 00,174,163 | ---- | M] ()
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 01:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 05:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe [07/02/2008 07:35 PM | 07,667,312 | ---- | M] (Mozilla Corporation)
"C:\Program Files\TVersity\Media Server\TVersity.exe" = C:\Program Files\TVersity\Media Server\TVersity.exe File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [10/27/2006 04:16 PM | 12,813,096 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [10/27/2006 04:37 PM | 00,338,216 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [10/27/2006 04:03 PM | 01,018,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\PSPHost\files\usbhostfs.exe" = C:\Program Files\PSPHost\files\usbhostfs.exe File not found
"C:\Documents and Settings\Dan\Desktop\usbhostfs_pc\usbhostfs_pc.exe" = C:\Documents and Settings\Dan\Desktop\usbhostfs_pc\usbhostfs_pc.exe File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe [02/28/2006 01:00 PM | 00,083,456 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe [02/28/2006 01:00 PM | 00,033,280 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [06/02/2008 11:13 AM | 20,638,504 | ---- | M] (Apple Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 11:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [02/28/2006 01:00 PM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [02/28/2006 01:00 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [02/28/2006 01:00 PM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [09/15/2005 05:53 PM | 00,046,080 | ---- | M] (ATI Technologies Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"DllName" = File not found

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"KService" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 11:44 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
"item" = Adobe Reader Speed Launch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk File not found
"backup" = C:\WINDOWS\pss\AOL 9.0 T File not found
"location" = Common Startup
"command" = C:\PROGRA~1\AOL9~1.0\aoltray.exe File not found
"item" = AOL 9.0 Tray Icon

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk File not found
"backup" = C:\WINDOWS\pss\AOL Companion.lnk File not found
"location" = Common Startup
"command" = C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE File not found
"item" = AOL Companion

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk File not found
"backup" = C:\WINDOWS\pss\BlueSoleil.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [06/06/2005 02:23 PM | 01,183,744 | ---- | M] (IVT Corporation)
"item" = BlueSoleil

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk File not found
"backup" = C:\WINDOWS\pss\Logitech SetPoint.lnk File not found
"location" = Common Startup
"command" = C:\PROGRA~1\Logitech\SetPoint\KEM.exe File not found
"item" = Logitech SetPoint

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV On-Demand Monitor.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TV On-Demand Monitor.lnk File not found
"backup" = C:\WINDOWS\pss\TV On-Demand Monitor.lnk File not found
"location" = Common Startup
"command" = C:\WINDOWS\Installer\{DF5F33C5-EC50-47A7-830C-1106DA120248}\_6F7BB4C7A76BE7E52EFDD6.exe File not found
"item" = TV On-Demand Monitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" =
"hkey" = HKLM
"command" =
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\4oD]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = KHost
"hkey" = HKLM
"command" = C:\Program Files\Kontiki\KHost.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = AOLSP Scheduler
"hkey" = HKLM
"command" = C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLDialer]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = AOLDial
"hkey" = HKLM
"command" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools-1033]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\daemon.dll [03/15/2004 08:28 PM | 00,069,120 | ---- | M] ()
"hkey" = HKLM
"command" = C:\Program Files\D-Tools\daemon.exe [03/12/2004 11:43 PM | 00,081,920 | ---- | M] (DAEMON'S HOME)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DetectorApp]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = DetectorApp
"hkey" = HKLM
"command" = C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [10/20/2005 01:15 PM | 00,102,400 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FixCamera]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\FixCamera.exe [02/12/2007 02:50 PM | 00,020,480 | ---- | M] ()
"hkey" = HKLM
"command" = C:\WINDOWS\FixCamera.exe [02/12/2007 02:50 PM | 00,020,480 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = GrooveMonitor
"hkey" = HKLM
"command" = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [10/27/2006 01:47 AM | 00,031,016 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [06/02/2008 11:13 AM | 00,267,048 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kdx]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = KHost
"hkey" = HKCU
"command" = C:\Program Files\Kontiki\KHost.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark 1200 Series]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = lxczbmgr
"hkey" = HKLM
"command" = C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Hardware Abstraction Layer]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = KHALMNPR
"hkey" = HKLM
"command" = KHALMNPR.EXE
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Muchobene]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Muchobene
"hkey" = HKCU
"command" = C:\Program Files\Muchobene\Muchobene.exe [07/30/2008 01:52 AM | 00,651,264 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = NeroCheck
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [01/12/2006 04:40 PM | 00,155,648 | ---- | M] (Nero AG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = QTTask
"hkey" = HKLM
"command" = C:\Program Files\QuickTime\QTTask.exe [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = RealPlay
"hkey" = HKLM
"command" = C:\Program Files\Real\RealPlayer\realplay.exe [08/27/2006 09:28 PM | 00,026,112 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Recguard]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = RECGUARD
"hkey" = HKLM
"command" = C:\WINDOWS\SMINST\Recguard.exe [09/13/2002 09:42 PM | 00,212,992 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Skype
"hkey" = HKCU
"command" = C:\Program Files\Skype\Phone\Skype.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Suite]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Application Launcher
"hkey" = HKLM
"command" = C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [10/26/2005 06:17 PM | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMan]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\soundman.exe [03/01/2006 11:22 PM | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.)
"hkey" = HKLM
"command" = C:\WINDOWS\soundman.exe [03/01/2006 11:22 PM | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 2
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{17A78830-D441-4939-8253-CEB4896A8F20}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{25EA5E44-24E3-41C2-BC05-E1CD43AF22CD}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{263C736D-A5CB-4479-8D8D-EDCF7040A4C0}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{2D4138DC-1B73-4C77-9E79-A210BD088ECB}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{38BC9C0D-4B88-496E-BA18-B5CFF022857F}]
Servers: | Description: Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{4703DF73-4DB2-42D2-A390-CB1BD41B658C}]
Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{62295252-E2A0-4571-8E78-64A127BA1FCE}]
Servers: | Description: BT Voyager 1055 Laptop Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{67161E81-F8DA-45D5-B1C3-4C448A206E24}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8205D248-A8D8-4DBC-946B-2F127C9DFF09}]
Servers: | Description: Belkin 802.11g Network Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AEA52C0D-7AD4-4CE7-9B60-786757B2378D}]
Servers: 192.168.1.1 | Description: BT Voyager 1055 Laptop Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{DAB66FCE-E171-426D-98E8-FE639283EBBE}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FAD8D89F-A18E-4916-BD0D-90C02E5AEEC6}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[08/27/2006 08:32 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

AUTORUN.INF [[autorun] | OPEN=SETUP.EXE /AUTORUN | ICON=SETUP.EXE,1 | | shell\configure=&Configure... | shell\configure\command=SETUP.EXE | | shell\install=&Install... | shell\install\command=SETUP.EXE | ]
[06/20/2003 01:00 PM | 00,000,184 | R--- | M] () E:\AUTORUN.INF [ CDFS ]

AUTORUN.INF [[autorun] | OPEN=SETUP.EXE /AUTORUN | ICON=SETUP.EXE,1 | | shell\configure=&Configure... | shell\configure\command=SETUP.EXE | | shell\install=&Install... | shell\install\command=SETUP.EXE | ]
[06/20/2003 01:00 PM | 00,000,184 | R--- | M] () J:\AUTORUN.INF [ CDFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07d67c82-35ce-11db-ba55-0016ecbde158}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07d67c82-35ce-11db-ba55-0016ecbde158}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07d67c82-35ce-11db-ba55-0016ecbde158}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07d67c83-35ce-11db-ba55-0016ecbde158}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07d67c83-35ce-11db-ba55-0016ecbde158}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07d67c83-35ce-11db-ba55-0016ecbde158}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1945687c-c277-11db-8e8f-0011f5cd4812}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1945687c-c277-11db-8e8f-0011f5cd4812}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1945687c-c277-11db-8e8f-0011f5cd4812}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1945687d-c277-11db-8e8f-0011f5cd4812}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1945687d-c277-11db-8e8f-0011f5cd4812}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1945687d-c277-11db-8e8f-0011f5cd4812}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b07ef0c-2269-11dc-b79c-0016e3c5a9bb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b07ef0c-2269-11dc-b79c-0016e3c5a9bb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b07ef0c-2269-11dc-b79c-0016e3c5a9bb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25b5b3ae-192a-11dd-b98a-0016e3c5a9bb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25b5b3ae-192a-11dd-b98a-0016e3c5a9bb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25b5b3ae-192a-11dd-b98a-0016e3c5a9bb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c829ae4-a2e2-11db-8e45-0011f5cd4812}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c829ae4-a2e2-11db-8e45-0011f5cd4812}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c829ae4-a2e2-11db-8e45-0011f5cd4812}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ba76925-dae4-11db-b722-028037040300}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ba76925-dae4-11db-b722-028037040300}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ba76925-dae4-11db-b722-028037040300}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{829f80f8-e1b5-11dc-b90b-0016e3c5a9bb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{829f80f8-e1b5-11dc-b90b-0016e3c5a9bb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{829f80f8-e1b5-11dc-b90b-0016e3c5a9bb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b7cb176-944f-11db-8e11-000272b00026}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b7cb176-944f-11db-8e11-000272b00026}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b7cb176-944f-11db-8e11-000272b00026}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0a7b3bf-f119-11dc-b929-0016e3c5a9bb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0a7b3bf-f119-11dc-b929-0016e3c5a9bb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0a7b3bf-f119-11dc-b929-0016e3c5a9bb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa1c77ac-4334-11dc-b7d8-0016e3c5a9bb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa1c77ac-4334-11dc-b7d8-0016e3c5a9bb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa1c77ac-4334-11dc-b7d8-0016e3c5a9bb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df42de60-bbd2-11dc-b8b2-0016e3c5a9bb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df42de60-bbd2-11dc-b8b2-0016e3c5a9bb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df42de60-bbd2-11dc-b8b2-0016e3c5a9bb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/16/2008 03:02 PM | 00,000,232 | -H-- | C] () - C:\sqmdata12.sqm
[08/16/2008 03:02 PM | 00,000,244 | -H-- | C] () - C:\sqmnoopt12.sqm
[08/28/2008 06:47 PM | 00,143,104 | ---- | C] () - C:\WINDOWS\System32\guard32.dll
[08/26/2008 11:52 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
[08/28/2008 06:47 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\comodo
[08/28/2008 06:47 PM | ---D | C] - C:\Documents and Settings\Dan\Application Data\Comodo
[08/16/2008 06:23 PM | 00,017,155 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\BA Resit.docx
[08/18/2008 01:18 PM | 00,010,288 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\eval model.xlsx
[08/18/2008 01:28 PM | ---D | C] - C:\Documents and Settings\Dan\My Documents\keyfinder.2.0.1
[08/18/2008 03:26 PM | 00,138,240 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\3.1-3.7.mpp
[08/18/2008 10:23 PM | 00,008,959 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\cashflow.xlsx
[08/18/2008 12:32 AM | ---D | C] - C:\Documents and Settings\Dan\My Documents\send to uni
[08/18/2008 12:53 PM | 00,064,512 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\Management_Decision_Support.doc
[08/19/2008 06:50 PM | 19,882,375 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\Milburn - Channel_M sessions rip.mp3
[08/19/2008 07:32 PM | 19,882,375 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\Copy of Milburn - Channel_M sessions rip.mp3
[08/19/2008 07:35 PM | 00,067,632 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\m sessions split.aup
[08/19/2008 07:35 PM | ---D | C] - C:\Documents and Settings\Dan\My Documents\m sessions split_data
[08/19/2008 07:39 PM | ---D | C] - C:\Documents and Settings\Dan\My Documents\m sessions
[08/19/2008 10:42 AM | 00,010,272 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\Book1.xlsx
[08/19/2008 12:54 AM | 14,324,776 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\Milburn - Rockworld_tv rip.mp3
[08/23/2008 02:12 PM | 00,018,173 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\LMT - NWHCE receipt.docx
[08/24/2008 01:27 AM | ---D | C] - C:\Documents and Settings\Dan\My Documents\Milburn
[08/24/2008 10:44 PM | 04,701,021 | ---- | C] () - C:\Documents and Settings\Dan\My Documents\ps3filer.zip
[08/26/2008 11:51 PM | 00,000,690 | ---- | C] () - C:\Documents and Settings\Dan\Desktop\SpywareBlaster.lnk

[Files/Folders - Modified Within 30 days]
[08/16/2008 03:02 PM | 00,000,232 | -H-- | M] () - C:\sqmdata12.sqm
[08/16/2008 03:02 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt12.sqm
[08/28/2008 06:47 PM | R--D | M] - C:\Program Files
[08/28/2008 06:50 PM | 20,797,72672 | -HS- | M] () - C:\hiberfil.sys
[08/28/2008 06:50 PM | ---D | M] - C:\WINDOWS
[5 C:\WINDOWS\System32\*.tmp files]
[08/01/2008 06:26 PM | 00,002,626 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/14/2008 06:41 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/17/2008 11:07 AM | 00,001,170 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/18/2008 04:54 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/28/2008 06:47 PM | 00,143,104 | ---- | M] () - C:\WINDOWS\System32\guard32.dll
[08/28/2008 06:47 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/28/2008 09:18 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/15/2008 10:55 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/15/2008 10:58 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/15/2008 10:58 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/18/2008 01:42 PM | R-SD | M] - C:\WINDOWS\assembly
[08/18/2008 04:54 PM | ---D | M] - C:\WINDOWS\twain_32
[08/18/2008 04:54 PM | -H-D | M] - C:\WINDOWS\inf
[08/19/2008 08:08 AM | ---D | M] - C:\WINDOWS\system
[08/19/2008 08:10 AM | ---D | M] - C:\WINDOWS\SHELLNEW
[08/19/2008 08:11 AM | 00,000,748 | ---- | M] () - C:\WINDOWS\ODBC.INI
[08/19/2008 08:12 AM | -HSD | M] - C:\WINDOWS\Installer
[08/24/2008 01:31 AM | 00,007,168 | -HS- | M] () - C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[08/24/2008 05:13 PM | 00,001,059 | ---- | M] () - C:\
  • 0

#6
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Looks like all of the OTViewIt.txt didn't post...the rest is below:

OTViewIt.txt cont.


[08/24/2008 01:31 AM | 00,007,168 | -HS- | M] () - C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[08/24/2008 05:13 PM | 00,001,059 | ---- | M] () - C:\WINDOWS\win.ini
[08/24/2008 11:37 AM | 00,000,116 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/26/2008 11:44 PM | 00,003,254 | ---- | M] () - C:\WINDOWS\mozver.dat
[08/28/2008 06:47 PM | ---D | M] - C:\WINDOWS\system32
[08/28/2008 06:48 PM | 00,000,012 | ---- | M] () - C:\WINDOWS\bthservsdp.dat
[08/28/2008 06:50 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/28/2008 06:52 PM | ---D | M] - C:\WINDOWS\Temp
[08/28/2008 06:58 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/18/2008 11:18 AM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/28/2008 06:50 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/26/2008 11:54 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
[08/28/2008 06:51 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\comodo
[08/12/2008 06:20 PM | ---D | M] - C:\Documents and Settings\Dan\Application Data\Muchobene
[08/18/2008 03:38 PM | --SD | M] - C:\Documents and Settings\Dan\Application Data\Microsoft
[08/19/2008 08:28 PM | ---D | M] - C:\Documents and Settings\Dan\Application Data\Audacity
[08/28/2008 06:47 PM | ---D | M] - C:\Documents and Settings\Dan\Application Data\Comodo
[08/28/2008 06:51 PM | ---D | M] - C:\Documents and Settings\Dan\Application Data\uTorrent
[08/18/2008 08:12 PM | 00,160,256 | ---- | M] () - C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/27/2008 07:14 PM | ---D | M] - C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft
[08/09/2008 04:59 PM | ---D | M] - C:\Documents and Settings\Dan\My Documents\tattoo's
[08/16/2008 04:16 PM | ---D | M] - C:\Documents and Settings\Dan\My Documents\My Received Files
[08/16/2008 06:23 PM | 00,017,155 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\BA Resit.docx
[08/18/2008 01:28 PM | ---D | M] - C:\Documents and Settings\Dan\My Documents\keyfinder.2.0.1
[08/18/2008 02:43 PM | 00,010,288 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\eval model.xlsx
[08/18/2008 02:44 PM | 00,064,512 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\Management_Decision_Support.doc
[08/18/2008 03:26 PM | 00,138,240 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\3.1-3.7.mpp
[08/18/2008 04:19 PM | ---D | M] - C:\Documents and Settings\Dan\My Documents\Amy
[08/18/2008 10:23 PM | 00,008,959 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\cashflow.xlsx
[08/18/2008 12:30 AM | -H-D | M] - C:\Documents and Settings\Dan\My Documents\New Folder
[08/19/2008 06:56 PM | 19,882,375 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\Copy of Milburn - Channel_M sessions rip.mp3
[08/19/2008 06:56 PM | 19,882,375 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\Milburn - Channel_M sessions rip.mp3
[08/19/2008 07:35 PM | 00,067,632 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\m sessions split.aup
[08/19/2008 07:35 PM | ---D | M] - C:\Documents and Settings\Dan\My Documents\m sessions split_data
[08/19/2008 09:14 AM | ---D | M] - C:\Documents and Settings\Dan\My Documents\send to uni
[08/19/2008 10:42 AM | 00,010,272 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\Book1.xlsx
[08/19/2008 12:58 AM | 14,324,776 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\Milburn - Rockworld_tv rip.mp3
[08/20/2008 10:32 AM | ---D | M] - C:\Documents and Settings\Dan\My Documents\m sessions
[08/22/2008 10:57 AM | ---D | M] - C:\Documents and Settings\Dan\My Documents\Downloads
[08/23/2008 02:12 PM | 00,018,173 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\LMT - NWHCE receipt.docx
[08/24/2008 01:30 AM | ---D | M] - C:\Documents and Settings\Dan\My Documents\Docs
[08/24/2008 01:30 AM | ---D | M] - C:\Documents and Settings\Dan\My Documents\Milburn
[08/24/2008 10:45 PM | 04,701,021 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\ps3filer.zip
[08/28/2008 06:52 PM | 00,000,572 | ---- | M] () - C:\Documents and Settings\Dan\My Documents\My Sharing Folders.lnk
[08/22/2008 10:02 AM | 00,001,602 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/24/2008 01:32 AM | ---D | M] - C:\Documents and Settings\Dan\Desktop\Security
[08/26/2008 11:51 PM | 00,000,690 | ---- | M] () - C:\Documents and Settings\Dan\Desktop\SpywareBlaster.lnk
[08/19/2008 08:10 AM | ---D | M] - C:\Program Files\Common Files\Microsoft Shared

< End of report >


I will now post the Extras.txt in a nother post, as i dont want it to get split again.
  • 0

#7
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Below is the Extras.txt:

Extras.txt

OTViewIt Extras logfile created on: 28/08/2008 18:58:11 - Run 1
OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 74.60% Memory free
2.45 Gb Paging File | 2.05 Gb Available in Paging File | 83.65% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.63 Gb Total Space | 2.73 Gb Free Space | 3.92% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 133.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 399.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/02/2008 07:35 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== HKEY_LOCAL_MACHINE Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}" = BT Voyager Wireless Utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{39D7BD4A-5BE7-11D4-9D68-0020781864F1}" = CueClub
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{52809086-618D-4F0B-8BF1-B75A5BB817A4}" = Sony Ericsson PC Suite
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}" =
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{88727E6C-87E4-40AA-B9F9-1043D905A9F0}_is1" = Muchobene v0.6.080708
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes
"{A0BBC906-9A33-4C79-A26A-758ED3503769}" = Belkin Wireless Setup utility
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"avast!" = avast! Antivirus
"AVIcodec" = AVIcodec (remove only)
"COMODO Firewall Pro" = COMODO Firewall Pro
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressRip" = Express Rip
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Fruit_Machine_Emulators" = Fruit Machine Emulators
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{A0BBC906-9A33-4C79-A26A-758ED3503769}" = Belkin Wireless Setup utility
"InterActual Player" = InterActual Player
"IsoBuster_is1" = IsoBuster 2.4
"KB867282" = Windows XP Hotfix - KB867282
"KB873333" = Windows XP Hotfix - KB873333
"KB873339" = Windows XP Hotfix - KB873339
"KB883939" = Security Update for Windows XP (KB883939)
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888239" = Windows XP Hotfix - KB888239
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890546" = Windows XP Hotfix - KB890546
"KB890859" = Windows XP Hotfix - KB890859
"KB890923" = Windows XP Hotfix - KB890923
"KB891220" = Windows XP Hotfix - KB891220
"KB891781" = Windows XP Hotfix - KB891781
"KB892627" = Windows XP Hotfix - KB892627
"KB893066" = Security Update for Windows XP (KB893066)
"KB893086" = Windows XP Hotfix - KB893086
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803" = Windows Installer 3.1 (KB893803)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896256" = Hotfix for Windows XP (KB896256)
"KB896344" = Hotfix for Windows XP (KB896344)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896727" = Update for Windows XP (KB896727)
"KB898458" = Security Update for Step By Step Interactive Training (KB898458)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB900930" = Update for Windows XP (KB900930)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB903235" = Security Update for Windows XP (KB903235)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Update for Windows XP (KB908531)
"KB909520" = Microsoft Base Smart Card Cryptographic Service Provider Package
"KB910437" = Update for Windows XP (KB910437)
"KB911164" = Update for Windows XP (KB911164)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925454" = Security Update for Windows XP (KB925454)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936357" = Update for Windows XP (KB936357)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Prism" = Prism
"RealPlayer 6.0" = RealPlayer Basic
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 3.10
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SpywareGuard_is1" = SpywareGuard v2.2
"Switch" = Switch
"TotalScan" = Panda TotalScan
"TVersity Codec Pack" = TVersity Codec Pack 1.1
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack

===== HKEY_CURRENT_USER Uninstall List =====


===== Winsock2 Catalogs =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll

===== HKEY_LOCAL_MACHINE Protocol Defaults =====


===== HKEY_CURRENT_USER Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

===== Protocol Filters =====

< End of report >


Thanks again for all of your help with this Jimmy, it really is appreciated!

Please let me know what further details (if any) you require.

Dan
  • 0

#8
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello littlebigman,

The Open Office program you downloaded from the torrent is illegal and most likely has malware in it.

We will not help anyone any way concerning torrents or cracks as it is against the rules here. And you can not ask about torrents either.

Is that understood?
  • 0

#9
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Jimmy

By Open Office, i mean the open source office application suite developed by Sun microsystems, wikipedia site here:
http://en.wikipedia..../OpenOffice.org

This program is available via torrent from there official website, here:

http://distribution....office.org/p2p/.

This version of the file is by no means illegal, in fact i believe it is bundled with many PC's which are shipped with Linux installed. An example of this is the Asus EEE PC, here:

http://en.wikipedia....Eee_PC#Software

I am sorry for any confusion caused. i was not asking for help "concerning torrents or cracks".

As stated in the links above, the torrent for the files is freely available on the software developers website, and is by no means an "illegal" file.

Does that clear this matter up?

LittleBigMan

EDIT.

My reason for using the p2p option to download the OpenOffice program were as follows:
- The torrents used were created by the developers of the project, and so will be just as likely to be free from malware as a direct download from the site.
- By downloading using this format, i felt i was "giving a little back" to the developers for there work: i was helping to spread their work to other users, just as it was designed for.
- The method was recommended by the open office team, here, for the above reasons:
http://distribution....2p/project.html

For more info on the Open Office project, there main homepage is here:
http://www.openoffice.org/

I really do hope that this clears the matter up :).

I look forward to your reply, and would like to thanks you again for all your help this far!

Edited by littlebigman, 28 August 2008 - 05:53 PM.

  • 0

#10
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello littlebigman,

I really do hope that this clears the matter up

Yes it does, sorry about the misunderstanding of Open Office.

STEP 1
Please download DirLook by jpshortstuff from here.
  • Double-click DirLook.exe to run it.
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    C:\Documents and Settings\Dan\My Documents\send to uni
    C:\Documents and Settings\Dan\My Documents\m sessions split_data
    C:\Documents and Settings\Dan\My Documents\m sessions
  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)
Note: Scanning may take longer for large folders.

STEP 2
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\Documents and Settings\Dan\My Documents\3.1-3.7.mpp
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
And then please do the same for this file as well.
C:\Documents and Settings\Dan\My Documents\m sessions split.aup

STEP 3
Do you know what these files are?

C:\Documents and Settings\Dan\My Documents\BA Resit.docx
C:\Documents and Settings\Dan\My Documents\Management_Decision_Support.doc
C:\Documents and Settings\Dan\My Documents\LMT - NWHCE receipt.docx
C:\Documents and Settings\Dan\My Documents\cashflow.xlsx
C:\Documents and Settings\Dan\My Documents\eval model.xlsx
C:\Documents and Settings\Dan\My Documents\Book1.xlsx
C:\Documents and Settings\Dan\My Documents\ps3filer.zip


Please tell me if you don't know any of those files.

~~~~~~~~~~~~
In your next reply please have these logs.
The DirLook log
And the VirScan logs
  • 0

Advertisements


#11
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
It's ok, no need to apologise about the misunderstanding, i should have explained the file better. i am very grateful for all your help with this!

STEP 1
I have completed this step, the results are below. However, i can confirm that neither of these files are malicious, they were both created by a program called Audacity, which i used to convert a music DVD to an MP3 file.

dl_log.txt
DirLook.exe by jpshortstuff
Log created at 18:39:29 on 29/08/2008

==============================

Contents of "C:\Documents and Settings\Dan\My Documents\send to uni" (inc. hidden/system files/folders)

---FOLDERS---

Final Work (created: 19/08/2008 10:37) d--------

---FILES---

3.1-3.7.mpp (137728 bytes, created: 18/08/2008 15:27) --a------
apits cashflow changed.xls (33280 bytes, created: 18/08/2008 14:41) --a------
apits cashflow.xls (33280 bytes, created: 18/08/2008 14:40) --a------
APITS evaluation.xls (49152 bytes, created: 18/08/2008 20:16) --a------
APITS project part 2.mpp (205312 bytes, created: 18/08/2008 15:36) --a------
APITS project.mpp (207872 bytes, created: 18/08/2008 16:16) --a------
BA Resit.doc (37376 bytes, created: 18/08/2008 00:32) --a------
BA_Resit.doc (62464 bytes, created: 18/08/2008 20:11) --a------
Management Decision Support.doc (32256 bytes, created: 16/08/2008 12:56) --a------
MDS sem 2 07-08 resit part A.doc (165888 bytes, created: 18/08/2008 16:16) --a------
MDS sem 2 07-08 resit part B.doc (86016 bytes, created: 19/08/2008 09:14) --a------
PITS evaluation changed.xls (32256 bytes, created: 18/08/2008 14:44) --a------
PITS evaluation.xls (31744 bytes, created: 18/08/2008 14:02) --a------
SAT project.mpp (128000 bytes, created: 18/08/2008 15:27) --a------

==============================

Contents of "C:\Documents and Settings\Dan\My Documents\m sessions split_data" (inc. hidden/system files/folders)

---FOLDERS---

e00 (created: 19/08/2008 19:35) d--------

---FILES---


==============================

Contents of "C:\Documents and Settings\Dan\My Documents\m sessions" (inc. hidden/system files/folders)

---FOLDERS---


---FILES---

Milburn - M sessions - Being A Rogue.mp3 (2715619 bytes, created: 20/08/2008 10:32) --a------
Milburn - M sessions - Count to 10.mp3 (2995651 bytes, created: 20/08/2008 10:32) --a------
Milburn - M sessions - Cowboys and Indians.mp3 (3043259 bytes, created: 19/08/2008 20:05) --a------
Milburn - M sessions - Lucy Lovemenot.mp3 (1953217 bytes, created: 19/08/2008 19:53) --a------
Milburn - M sessions - Send In The Boys.mp3 (2506597 bytes, created: 19/08/2008 19:57) --a------
Milburn - M sessions - Well Well Well.mp3 (3023192 bytes, created: 19/08/2008 19:50) --a------
Millburn - M sessions - What Will You Do (When the Money Goes).mp3 (3584953 bytes, created: 19/08/2008 19:41) --a------

==============================

=EOF=

I will continue in my next post, to avoid them being cut off...

Edited by littlebigman, 29 August 2008 - 11:58 AM.

  • 0

#12
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
STEP 2

I have completed theses steps, but can again confirm that the files are not malicious. The first (3.1-3.7.mpp) is a Microsoft Project File, which i used as part of a recent university assignment, the second was again created by the Audacity program. The logs are below:

3.1-3.7.mpp
VirSCAN.org Scanned Report :
Scanned time : 2008/08/29 18:41:50 (BST)
Scanner results: All Scanners reported not find malware!
File Name : 3.1-3.7.mpp
File Size : 138240 byte
File Type : Microsoft Office Document
MD5 : b57b4bddbf9082c3be2861d65d817cdb
SHA1 : c5eb6d41e2f491451a2b511bb6f7f56bf17cd19d
Online report : http://virscan.org/r...678b5f07e1.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.08.29 2008-08-29 2.52 -
AhnLab V3 2008.08.30.00 2008.08.30 2008-08-30 1.01 -
AntiVir 7.8.1.23 7.0.6.92 2008-08-29 2.25 -
Arcavir 1.0.5 200808282304 2008-08-28 1.17 -
AVAST! 3.0.1 080829-0 2008-08-29 0.02 -
AVG 7.5.51.442 270.6.13/1641 2008-08-29 1.53 -
BitDefender 7.60825.1672098 7.20725 2008-08-30 2.91 -
CA (VET) 9.0.0.143 31.6.6056 2008-08-29 3.85 -
ClamAV 0.93.3 8117 2008-08-29 0.02 -
Comodo 2.11 2.0.0.631 2008-08-29 0.39 -
CP Secure 1.1.0.715 2008.08.30 2008-08-30 6.56 -
Dr.Web 4.44.0.9170 2008.08.29 2008-08-29 3.10 -
ewido 4.0.0.2 2008.08.29 2008-08-29 2.57 -
F-Prot 4.4.4.56 20080829 2008-08-29 1.05 -
F-Secure 5.51.6100 2008.08.29.12 2008-08-29 0.03 -
Fortinet 2.81-3.11 9.486 2008-08-29 1.78 -
ViRobot 20080829 2008.08.29 2008-08-29 0.41 -
Ikarus T3.1.01.34 2008.08.29.71363 2008-08-29 3.22 -
JiangMin 11.0.706 2008.08.29 2008-08-29 1.91 -
Kaspersky 5.5.10 2008.08.29 2008-08-29 0.02 -
KingSoft 2008.1.14.15 2008.8.29.17 2008-08-29 0.74 -
McAfee 5.3.00 5373 2008-08-29 2.28 -
Microsoft 1.3807 2008.08.29 2008-08-29 4.19 -
mks_vir 2.01 2008.08.25 2008-08-25 2.54 -
Norman 5.93.01 5.93.00 2008-08-28 4.99 -
Panda 9.05.01 2008.08.28 2008-08-28 1.89 -
Trend Micro 8.700-1004 5.508.04 2008-08-29 0.02 -
Quick Heal 9.50 2008.08.29 2008-08-29 1.70 -
Rising 20.0 20.59.41.00 2008-08-29 0.23 -
Sophos 2.78.0 4.33 2008-08-30 1.63 -
Sunbelt 3.1.1582.1 2208 2008-08-28 0.40 -
Symantec 1.3.0.24 20080829.005 2008-08-29 0.05 -
nProtect 2008-08-29.00 1993388 2008-08-29 3.57 -
The Hacker 6.3.0.6 v00067 2008-08-29 0.38 -
VBA32 3.12.8.4 20080828.2054 2008-08-28 1.14 -
VirusBuster 4.5.11.10 10.84.15/623217 2008-08-29 0.80 -

m sessions split.aup
VirSCAN.org Scanned Report :
Scanned time : 2008/08/29 18:44:38 (BST)
Scanner results: All Scanners reported not find malware!
File Name : m sessions split.aup
File Size : 67632 byte
File Type : XML 1.0 document text
MD5 : a1dc3153358289c67a07d2366d2d08fb
SHA1 : e591395091bc53771d6c333fe6ce8d6d27521752
Online report : http://virscan.org/r...1e52731971.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.22 2008.08.29 2008-08-29 2.50 -
AhnLab V3 2008.08.30.00 2008.08.30 2008-08-30 0.89 -
AntiVir 7.8.1.23 7.0.6.92 2008-08-29 2.30 -
Arcavir 1.0.5 200808282304 2008-08-28 1.17 -
AVAST! 3.0.1 080829-0 2008-08-29 0.71 -
AVG 7.5.51.442 270.6.13/1641 2008-08-29 1.54 -
BitDefender 7.60825.1672098 7.20725 2008-08-30 2.93 -
CA (VET) 9.0.0.143 31.6.6056 2008-08-29 5.29 -
ClamAV 0.93.3 8117 2008-08-29 0.01 -
Comodo 2.11 2.0.0.631 2008-08-29 0.40 -
CP Secure 1.1.0.715 2008.08.30 2008-08-30 6.58 -
Dr.Web 4.44.0.9170 2008.08.29 2008-08-29 3.15 -
ewido 4.0.0.2 2008.08.29 2008-08-29 2.58 -
F-Prot 4.4.4.56 20080829 2008-08-29 1.01 -
F-Secure 5.51.6100 2008.08.29.12 2008-08-29 3.19 -
Fortinet 2.81-3.11 9.486 2008-08-29 1.73 -
ViRobot 20080829 2008.08.29 2008-08-29 0.41 -
Ikarus T3.1.01.34 2008.08.29.71363 2008-08-29 3.20 -
JiangMin 11.0.706 2008.08.29 2008-08-29 1.42 -
Kaspersky 5.5.10 2008.08.29 2008-08-29 0.02 -
KingSoft 2008.1.14.15 2008.8.29.17 2008-08-29 0.59 -
McAfee 5.3.00 5373 2008-08-29 2.09 -
Microsoft 1.3807 2008.08.29 2008-08-29 4.30 -
mks_vir 2.01 2008.08.25 2008-08-25 2.52 -
Norman 5.93.01 5.93.00 2008-08-28 5.00 -
Panda 9.05.01 2008.08.28 2008-08-28 2.37 -
Trend Micro 8.700-1004 5.508.04 2008-08-29 0.02 -
Quick Heal 9.50 2008.08.29 2008-08-29 1.68 -
Rising 20.0 20.59.41.00 2008-08-29 0.26 -
Sophos 2.78.0 4.33 2008-08-30 1.65 -
Sunbelt 3.1.1582.1 2208 2008-08-28 0.66 -
Symantec 1.3.0.24 20080829.005 2008-08-29 0.05 -
nProtect 2008-08-29.00 1993388 2008-08-29 6.14 -
The Hacker 6.3.0.6 v00067 2008-08-29 0.38 -
VBA32 3.12.8.4 20080828.2054 2008-08-28 1.15 -
VirusBuster 4.5.11.10 10.84.15/623217 2008-08-29 0.82 -

I will continue step 3 in a separate post, again to avoid it being cut off...
  • 0

#13
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
STEP 3

I know what all of the files mentioed are, and where they came from:

C:\Documents and Settings\Dan\My Documents\BA Resit.docx
C:\Documents and Settings\Dan\My Documents\Management_Decision_Support.doc
C:\Documents and Settings\Dan\My Documents\LMT - NWHCE receipt.docx
C:\Documents and Settings\Dan\My Documents\cashflow.xlsx
C:\Documents and Settings\Dan\My Documents\eval model.xlsx
C:\Documents and Settings\Dan\My Documents\Book1.xlsx


These are all files from Microsoft Office 2007, which were used in the previously mentioned university assignment.

C:\Documents and Settings\Dan\My Documents\LMT - NWHCE receipt.docx


This is another MS Office file

C:\Documents and Settings\Dan\My Documents\ps3filer.zip

This is a program used to transfer DVD's onto a playstation 3.

I hope that i have provided all the info requested.
Please let me know if you require anything else.

Thanks again for all your help!
  • 0

#14
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello littlebigman,

I hope that i have provided all the info requested.

Yes you did, thanks for explaining all of those file/folders.



Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~
In your next reply please have these logs/info.
The Kaspersky log
And please tell me how your computer is running
  • 0

#15
littlebigman

littlebigman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi Jimmy

I have completed the kapersky scan, results are below:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 30, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 30, 2008 10:08:32
Records in database: 1167879
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 87699
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:23:30


File name / Threat name / Threats count
C:\Documents and Settings\Dan\My Documents\Docs\PSP\psx to psp\IceTea\icetea1.3_win\icetea.exe Infected: Hoax.Win32.Agent.fg 1
C:\WINDOWS\system32\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

The selected area was scanned.


My computer seems to be running ok. i have ininstalled firefox 3, and gone back to firefox 2.0.0.16. The program seems to have stopped crashing, however i would prefer to move back to firefox 3 if possible.

Thanks for your help, i look forward to hearing from you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP