Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Taskbar and Desktop Icons Disappear Upon Startup

Started by coldangel , Mar 16 2009 11:53 PM

  • Please log in to reply

#1
coldangel
Posted 16 March 2009 - 11:53 PM

coldangel

    New Member

  • Member
  • Pip
  • 7 posts
Hi everyone! :)

this is my first post. i have always tried to solve niggling problems with my computer myself by reading up and goggling but this time i have hit a bump.

i use windows xp. have avira and ad-aware in my system. however this problem seems to be above them. my desktop icons and taskbar disappears a little after the system starts up.

i've tried to do clt-alt-del and use regedit to look for

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

however i cannot find either explorer.exe or iexplorer.exe in my system.

following is my hijackthis log. appreciate if anybody can advise or if there's anything else u notice.

thanks and cheers!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49, on 2009-03-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Owner\Local Settings\Temp\Imation\USB_ImationFlashDetect.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kankan.xunlei.com/?id=55
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Mp3 To All Converter\WebThunderBHO_Now.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Mp3 To All Converter\ThunderLoader\ComDlls\TDAtOnce_Now.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Mp3 To All Converter\ThunderLoader\ComDlls\xunleiBHO_Now.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - Startup: Imation_Flash_Detect.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\Imation\USB_ImationFlashDetect.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Mp3 To All Converter\GetUrl.htm
O8 - Extra context menu item: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Mp3 To All Converter\GetAllUrl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Mp3 To All Converter\ThunderLoader\Program\GetUrl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Mp3 To All Converter\ThunderLoader\Program\GetAllUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Mp3 To All Converter\ThunderLoader\Thunder.exe
O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Mp3 To All Converter\ThunderLoader\Thunder.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {260399DF-4C19-4143-8D78-6383EF95753A} - http://sg.samsungmob...to/album_en.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...ploader_v10.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pcc - C:\DOCUME~1\Owner\LOCALS~1\Temp\ccp.dat (file missing)
O20 - Winlogon Notify: wmsav - C:\DOCUME~1\Owner\LOCALS~1\Temp\vasmw.dat (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 13702 bytes
  • 0

Advertisements

#2
coldangel
Posted 17 March 2009 - 12:16 AM

coldangel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTListIt logfile created on: 2009-03-17 14:01:12 - Run 1
OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Program Files\BitComet\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

759.48 Mb Total Physical Memory | 227.18 Mb Available Physical Memory | 29.91% Memory free
1.45 Gb Paging File | 0.94 Gb Available in Paging File | 64.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1138;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 1.05 Gb Free Space | 1.47% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 0.74 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive E: | 4.95 Gb Total Space | 0.80 Gb Free Space | 16.10% Space Free | Partition Type: FAT32
Drive F: | 699.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 345.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-5C6UV8TCVT
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Stardock\SDMCP.exe (Stardock)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Presario PC Help\Presario\XPHWWRP4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
PRC - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
PRC - C:\Documents and Settings\Owner\Local Settings\Temp\Imation\USB_ImationFlashDetect.exe ()
PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - c:\Program Files\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - c:\Program Files\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\BitComet\Downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dsNcService [Auto | Running]) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (navapsvc [Auto | Running]) -- c:\Program Files\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (SAVScan [On_Demand | Running]) -- c:\Program Files\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (StarWindService [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (DCamUSBTP10 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\TP6810.sys (Microsoft Corporation)
DRV - (dsNcAdpt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys (Juniper Networks)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20030924.008\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20030924.008\NAVEX15.SYS (Symantec Corporation)
DRV - (Nokia USB Generic [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (Nokia USB Modem [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Phone Parent [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (NPPTNT [System | Running]) -- C:\WINDOWS\System32\npptNT.sys (INCA Internet Co., Ltd.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (oreans32 [System | Running]) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (SAVRT [On_Demand | Running]) -- c:\Program Files\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SE26bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SE26bus.sys (MCCI)
DRV - (SE26mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys (MCCI)
DRV - (SE26mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SE26mdm.sys (MCCI)
DRV - (SE26mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys (MCCI)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (U3SDR200 [Auto | Running]) -- C:\WINDOWS\System32\Drivers\U3SDR200.SYS ()
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (Vax347b [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys ( )
DRV - (Vax347s [Boot | Running]) -- C:\WINDOWS\System32\Drivers\Vax347s.sys ( )
DRV - (w800bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800bus.sys (MCCI)
DRV - (w800mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800mdfl.sys (MCCI)
DRV - (w800mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800mdm.sys (MCCI)
DRV - (w800mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800mgmt.sys (MCCI)
DRV - (w800obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w800obex.sys (MCCI)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (All) ==========
  • 0

#3
coldangel
Posted 17 March 2009 - 12:18 AM

coldangel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kankan.xunlei.com/?id=55
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.sg/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-03-15 13:47:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-03-15 13:47:35 | 00,000,000 | ---D | M]

[2009-03-13 23:45:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2009-03-13 23:45:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2005-07-22 17:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\folr671t.Default User\extensions
[2005-05-23 02:35:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\folr671t.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005-07-22 17:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\folr671t.Default User\extensions\{e8cba685-830c-1283-6314-a6ae605cc9be}
[2009-03-16 23:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\kcg5kv71.default\extensions
[2007-10-20 05:55:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\kcg5kv71.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009-02-14 03:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\kcg5kv71.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009-02-14 03:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\kcg5kv71.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-03-14 00:04:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\kcg5kv71.default\extensions\[email protected]
[2006-01-31 12:26:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\kcg5kv71.default\extensions\temp
[2007-05-08 21:39:30 | 00,001,088 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\kcg5kv71.default\searchplugins\thottbotplugin.xml
[2009-03-16 23:26:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-03-15 13:47:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007-09-20 22:46:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008-01-15 01:13:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009-03-15 13:47:16 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-03-15 13:47:16 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008-07-01 17:40:22 | 00,036,864 | ---- | M] (????) -- C:\Program Files\mozilla firefox\components\NsThunderLoader.dll
[2009-03-15 13:47:29 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009-03-15 13:47:29 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009-03-15 13:47:29 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009-03-15 13:47:29 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009-03-15 13:47:29 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-03-15 13:47:29 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009-03-15 13:47:29 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebThunder Browser Helper) - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Mp3 To All Converter\WebThunderBHO_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Mp3 To All Converter\ThunderLoader\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll (BitComet)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Thunder Browser Helper) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Mp3 To All Converter\ThunderLoader\ComDlls\xunleiBHO_Now.dll (Thunder Networking Technologies,LTD)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\zh-sg\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe (Openwares)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKCU..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Imation_Flash_Detect.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\Imation\USB_ImationFlashDetect.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Mp3 To All Converter\ThunderLoader\Program\GetUrl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Mp3 To All Converter\ThunderLoader\Program\GetAllUrl.htm
O8 - Extra context menu item: ʹÓÃWEBѸÀ×ÏÂÔØ - C:\Program Files\Mp3 To All Converter\GetUrl.htm
O8 - Extra context menu item: ʹÓÃWEBѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Mp3 To All Converter\GetAllUrl.htm
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Mp3 To All Converter\ThunderLoader\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra 'Tools' menuitem : Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Mp3 To All Converter\ThunderLoader\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - File not found
O9 - Extra 'Tools' menuitem : Æô¶¯WEBѸÀ× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - File not found
O9 - Extra Button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll (Picasa, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {260399DF-4C19-4143-8D78-6383EF95753A} http://sg.samsungmob...to/album_en.cab (Reg Error: Key error.)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} https://www.e-games....GamesPlugin.cab (EGamesPlugin Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...StatsClient.cab (MessengerStatsClient Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab47946.cab (ZoneIntro Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...wn.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: ppctlcab http://www.pestscan....er/ppctlcab.cab (Reg Error: Key error.)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\Stardock\MCPStub.dll (Stardock)
O20 - Winlogon\Notify\pcc: DllName - C:\DOCUME~1\Owner\LOCALS~1\Temp\ccp.dat - C:\DOCUME~1\Owner\LOCALS~1\Temp\ccp.dat File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wmsav: DllName - C:\DOCUME~1\Owner\LOCALS~1\Temp\vasmw.dat - C:\DOCUME~1\Owner\LOCALS~1\Temp\vasmw.dat File not found
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll (Stardock)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - E:\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File - E:\autorun.inf () - [ FAT32 ]
O32 - Autorun File - G:\Autorun.inf () - [ CDFS ]
O33 - MountPoints2\{06af0ecc-6e48-11da-80d9-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{06af0ed0-6e48-11da-80d9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{06af0ed0-6e48-11da-80d9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{06af0ed0-6e48-11da-80d9-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{11c27fc9-63d1-11da-8104-000c769fa02c}\Shell - "" = AutoRun
O33 - MountPoints2\{11c27fc9-63d1-11da-8104-000c769fa02c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{11c27fc9-63d1-11da-8104-000c769fa02c}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{16bed098-7f93-11da-b899-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{16bed09c-7f93-11da-b899-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{16bed09c-7f93-11da-b899-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16bed09c-7f93-11da-b899-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{1bb9e698-7aa0-11da-834e-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{1bb9e69c-7aa0-11da-834e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb9e69c-7aa0-11da-834e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bb9e69c-7aa0-11da-834e-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{291016f2-704e-11da-9f46-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{291016f6-704e-11da-9f46-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{291016f6-704e-11da-9f46-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{291016f6-704e-11da-9f46-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{2bf7b898-85ac-11da-84e1-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{2bf7b89c-85ac-11da-84e1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2bf7b89c-85ac-11da-84e1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2bf7b89c-85ac-11da-84e1-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{2e269b3e-63d8-11da-b7aa-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{3a6122a6-925f-11da-b3dc-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{3a6122aa-925f-11da-b3dc-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3a6122aa-925f-11da-b3dc-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a6122aa-925f-11da-b3dc-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{4a4994c4-0610-11dd-8876-000c769fa02c}\Shell\AutoRun\command - "" = H:\sq.com -- File not found
O33 - MountPoints2\{4a4994c4-0610-11dd-8876-000c769fa02c}\Shell\explore\Command - "" = H:\sq.com -- File not found
O33 - MountPoints2\{4a4994c4-0610-11dd-8876-000c769fa02c}\Shell\open\Command - "" = H:\sq.com -- File not found
O33 - MountPoints2\{4b62054c-689e-11da-9de8-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{4b620550-689e-11da-9de8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4b620550-689e-11da-9de8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b620550-689e-11da-9de8-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{4ffa234c-80c1-11da-98af-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{4ffa2350-80c1-11da-98af-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4ffa2350-80c1-11da-98af-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4ffa2350-80c1-11da-98af-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{59f17ff2-67f4-11da-b191-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{59f17ff6-67f4-11da-b191-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{59f17ff6-67f4-11da-b191-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{59f17ff6-67f4-11da-b191-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{5f74be26-755a-11da-88d6-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{5f74be2a-755a-11da-88d6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{5f74be2a-755a-11da-88d6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f74be2a-755a-11da-88d6-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{5fe9424c-5f32-11db-8686-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{6560d1cc-7b44-11da-9112-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{6560d1d0-7b44-11da-9112-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6560d1d0-7b44-11da-9112-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6560d1d0-7b44-11da-9112-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{660b744c-2f2b-11db-9c50-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{660b7450-2f2b-11db-9c50-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{660b7450-2f2b-11db-9c50-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{660b7450-2f2b-11db-9c50-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{687c0312-4811-11d8-bad0-806d6172696f}\Shell\AutoRun\command - "" = D:\Info.exe -- File not found
O33 - MountPoints2\{69323c18-647f-11da-87d7-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{69323c1c-647f-11da-87d7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{69323c1c-647f-11da-87d7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{69323c1c-647f-11da-87d7-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{6e0214e4-6406-11da-9d0e-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{6e0214ec-6406-11da-9d0e-000c769fa02c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e0214ec-6406-11da-9d0e-000c769fa02c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e0214ec-6406-11da-9d0e-000c769fa02c}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{7154334c-6cfe-11da-ba82-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{71543350-6cfe-11da-ba82-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{71543350-6cfe-11da-ba82-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71543350-6cfe-11da-ba82-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{7385cba6-7f1b-11da-ba78-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{7385cbaa-7f1b-11da-ba78-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7385cbaa-7f1b-11da-ba78-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7385cbaa-7f1b-11da-ba78-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{78f3fbcc-7817-11da-a2ed-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{78f3fbd0-7817-11da-a2ed-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{78f3fbd0-7817-11da-a2ed-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78f3fbd0-7817-11da-a2ed-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{8741f74c-8bcc-11da-abca-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{8741f750-8bcc-11da-abca-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8741f750-8bcc-11da-abca-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8741f750-8bcc-11da-abca-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{96a54b18-6993-11da-a40c-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{96a54b1c-6993-11da-a40c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{96a54b1c-6993-11da-a40c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{96a54b1c-6993-11da-a40c-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{9cf36372-6a3f-11da-a4d0-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{9cf36376-6a3f-11da-a4d0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{9cf36376-6a3f-11da-a4d0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9cf36376-6a3f-11da-a4d0-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{a4434126-6bb9-11da-8a53-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{a443412a-6bb9-11da-8a53-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a443412a-6bb9-11da-8a53-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a443412a-6bb9-11da-8a53-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{ab46cfa6-6579-11da-a822-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{ab46cfaa-6579-11da-a822-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ab46cfaa-6579-11da-a822-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ab46cfaa-6579-11da-a822-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{b3e726f2-907a-11da-b99f-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{b3e726f6-907a-11da-b99f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b3e726f6-907a-11da-b99f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3e726f6-907a-11da-b99f-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{ba3d4698-6fce-11da-9b11-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{ba3d469c-6fce-11da-9b11-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ba3d469c-6fce-11da-9b11-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba3d469c-6fce-11da-9b11-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{bc52ec26-6466-11da-b51e-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{bc52ec2a-6466-11da-b51e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bc52ec2a-6466-11da-b51e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bc52ec2a-6466-11da-b51e-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{befdbcf2-7e16-11da-9914-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{befdbcf6-7e16-11da-9914-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{befdbcf6-7e16-11da-9914-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{befdbcf6-7e16-11da-9914-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{cfcba4f2-640a-11da-afc6-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{d421eb98-8a9c-11da-ab54-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{d421eb9c-8a9c-11da-ab54-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d421eb9c-8a9c-11da-ab54-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d421eb9c-8a9c-11da-ab54-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{d67ac9a2-6d67-11da-a77a-806d6172696f}\Shell\AutoRun\command - "" = D:\Info.exe -- File not found
O33 - MountPoints2\{d67ac9a5-6d67-11da-a77a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d67ac9a5-6d67-11da-a77a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d67ac9a5-6d67-11da-a77a-806d6172696f}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{d6b1e54c-6aae-11da-a864-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{d6b1e550-6aae-11da-a864-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d6b1e550-6aae-11da-a864-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6b1e550-6aae-11da-a864-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{daf049f2-7cc2-11da-b3b3-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{daf049f6-7cc2-11da-b3b3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{daf049f6-7cc2-11da-b3b3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{daf049f6-7cc2-11da-b3b3-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{dca2e150-0980-11db-9f37-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{dca2e150-0980-11db-9f37-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dca2e150-0980-11db-9f37-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{e2e2c9cc-831c-11da-a333-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{e2e2c9d0-831c-11da-a333-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e2c9d0-831c-11da-a333-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2e2c9d0-831c-11da-a333-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{fc95bda6-7c10-11da-b64e-806d6172696f}\Shell\AutoRun\command - "" = E:\Info.exe -- [2002-09-10 06:54:58 | 00,040,960 | -HS- | M] (XSS)
O33 - MountPoints2\{fc95bdaa-7c10-11da-b64e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{fc95bdaa-7c10-11da-b64e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc95bdaa-7c10-11da-b64e-806d6172696f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
  • 0

#4
coldangel
Posted 17 March 2009 - 12:18 AM

coldangel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
========== Files/Folders - Created Within 30 Days ==========

[2009-03-17 13:15:51 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009-03-17 13:15:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-03-17 01:46:14 | 04,533,983 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\inadequateorgan.wmv
[2009-03-17 01:39:29 | 00,003,198 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\asianpatient.jpg
[2009-03-17 01:38:11 | 00,002,614 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\patientbed.jpg
[2009-03-17 00:58:49 | 02,108,522 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\video.flv
[2009-03-16 23:13:14 | 01,362,221 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSCF5164.JPG
[2009-03-16 00:09:26 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Essay marking scheme.doc
[2009-03-15 03:34:39 | 00,055,296 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\newspaper article 3202.doc
[2009-03-15 03:00:04 | 00,550,787 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lab_migra-ILO beijing.pdf
[2009-03-14 21:42:50 | 00,000,662 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Winamp (2).lnk
[2009-03-14 12:25:19 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\School truancy-interview.doc
[2009-03-13 23:33:42 | 00,001,078 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Disk Heal.lnk
[2009-03-13 19:25:09 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009-03-13 18:34:54 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-03-13 18:34:47 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009-03-13 18:27:04 | 00,001,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2009-03-13 18:26:56 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-03-13 18:26:56 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-03-13 18:26:53 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-03-13 18:26:50 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009-03-13 18:26:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009-03-13 18:15:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009-03-13 18:15:36 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009-03-13 18:15:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009-03-13 10:53:51 | 00,088,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BGS ppt.ppt
[2009-03-13 10:51:54 | 00,094,720 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009-03-13 10:51:17 | 00,094,720 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009-03-12 19:40:12 | 00,006,201 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\top1_award_jan_mar_2007_white.gif
[2009-03-11 22:54:59 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\exercise%207%201.doc
[2009-03-11 01:58:08 | 01,172,355 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FinAidApp_AcknowledgeSlip.pdf
[2009-03-08 19:30:22 | 00,056,174 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\n638055411_2621879_8183.jpg
[2009-03-03 01:09:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\CT pics
[2009-02-28 04:09:08 | 00,165,493 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\facepalm-1.jpg
[2009-02-27 16:51:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Camfrog
[2009-02-27 16:51:30 | 00,001,951 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Camfrog Video Chat 5.2.lnk
[2009-02-23 18:24:04 | 00,017,047 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2j4exdx.jpg
[2009-02-23 12:03:11 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009-02-23 12:03:11 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009-02-17 01:24:41 | 00,044,544 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Exercise%205%201.doc
[2009-02-17 01:24:35 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Venn%20Diagrams%20for%20Six%20Forms%20of%20Cat%20Syllogism.doc
[2009-02-17 01:24:21 | 00,077,312 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Lesson%20Six.doc
[2009-02-17 01:21:24 | 08,388,683 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Style Guide Ver2.pdf
[2009-02-15 23:21:36 | 00,108,758 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bias.JPG

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009-03-17 14:00:00 | 00,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\B6BD3813930AD6E7.job
[2009-03-17 14:00:00 | 00,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\AA30690191841E15.job
[2009-03-17 13:15:51 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009-03-17 13:01:34 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
[2009-03-17 13:00:11 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-03-17 12:57:55 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009-03-17 12:57:49 | 00,001,404 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009-03-17 12:57:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-03-17 12:57:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-03-17 12:57:41 | 79,644,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009-03-17 01:59:32 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1556361800-3786245204-1565286441-1003.job
[2009-03-17 01:49:16 | 00,101,888 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-17 01:47:04 | 04,533,983 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\inadequateorgan.wmv
[2009-03-17 01:39:31 | 00,003,198 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\asianpatient.jpg
[2009-03-17 01:38:13 | 00,002,614 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\patientbed.jpg
[2009-03-17 01:05:57 | 00,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009-03-17 00:58:59 | 02,108,522 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\video.flv
[2009-03-16 23:21:44 | 01,362,221 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSCF5164.JPG
[2009-03-16 18:40:35 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-03-16 14:13:35 | 00,030,354 | ---- | M] () -- C:\WINDOWS\System32\cid_store.dat
[2009-03-16 14:13:25 | 00,000,079 | ---- | M] () -- C:\WINDOWS\System32\xlhcc.dat
[2009-03-16 00:09:29 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Essay marking scheme.doc
[2009-03-15 03:34:40 | 00,055,296 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\newspaper article 3202.doc
[2009-03-15 03:00:04 | 00,550,787 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lab_migra-ILO beijing.pdf
[2009-03-14 21:42:50 | 00,000,662 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Winamp (2).lnk
[2009-03-14 12:57:26 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\School truancy-interview.doc
[2009-03-13 23:33:42 | 00,001,078 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Disk Heal.lnk
[2009-03-13 22:54:23 | 00,094,720 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll
[2009-03-13 20:01:58 | 00,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2009-03-13 18:34:31 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009-03-13 18:33:15 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009-03-13 18:27:04 | 00,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2009-03-13 18:15:36 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009-03-13 10:53:52 | 00,088,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BGS ppt.ppt
[2009-03-13 10:51:54 | 00,094,720 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds1.dll
[2009-03-12 19:40:15 | 00,006,201 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\top1_award_jan_mar_2007_white.gif
[2009-03-11 22:55:03 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\exercise%207%201.doc
[2009-03-11 13:19:12 | 00,304,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-03-11 01:34:09 | 01,172,355 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FinAidApp_AcknowledgeSlip.pdf
[2009-03-08 19:30:22 | 00,056,174 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\n638055411_2621879_8183.jpg
[2009-03-03 00:31:55 | 01,091,072 | -HS- | M] () -- C:\Documents and Settings\Owner\Desktop\Thumbs.db
[2009-02-28 04:09:11 | 00,165,493 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\facepalm-1.jpg
[2009-02-27 16:51:31 | 00,001,951 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Camfrog Video Chat 5.2.lnk
[2009-02-23 18:24:04 | 00,017,047 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2j4exdx.jpg
[2009-02-23 12:03:11 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009-02-17 01:24:37 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Exercise%205%201.doc
[2009-02-17 01:24:31 | 00,069,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Venn%20Diagrams%20for%20Six%20Forms%20of%20Cat%20Syllogism.doc
[2009-02-17 01:24:10 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Lesson%20Six.doc
[2009-02-17 01:23:29 | 08,388,683 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Style Guide Ver2.pdf
[2009-02-15 23:21:36 | 00,108,758 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bias.JPG

========== LOP Check ==========

[2009-03-13 18:49:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009-03-13 18:15:40 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2006-11-21 03:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006-11-21 03:24:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2007-07-18 23:49:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008-01-12 12:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007-01-10 19:42:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009-03-13 18:08:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2009-03-13 18:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009-03-13 18:34:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2004-11-04 17:48:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2008-08-30 10:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006-07-17 20:29:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2006-04-29 19:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2008-11-01 19:55:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005-07-16 17:32:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2003-10-29 08:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2004-01-16 19:16:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008-02-08 18:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007-11-11 03:40:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mvcache
[2008-11-16 01:26:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2004-04-29 01:02:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2008-11-26 18:57:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2004-01-20 17:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2006-02-28 21:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2003-10-29 08:51:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007-09-20 22:46:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2006-02-03 22:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2005-05-24 18:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2003-10-29 08:51:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007-11-11 03:35:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2008-01-18 15:34:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\thunder_dctemp
[2009-03-16 15:10:44 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
[2008-10-30 04:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2008-01-18 15:34:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vucache
[2006-08-15 22:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009-02-27 16:51:47 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2005-04-02 03:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3M
[2008-06-29 22:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2006-02-10 11:57:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2006-04-19 01:55:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2008-01-15 01:46:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2007-01-10 19:46:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ashampoo
[2005-09-10 16:25:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\axis readme 16
[2009-02-27 16:51:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Camfrog
[2004-11-22 19:00:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Datalayer
[2007-03-17 11:42:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2005-09-20 23:46:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2004-02-22 11:19:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2004-01-16 20:20:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ
[2003-10-29 08:51:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2007-08-26 21:32:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004-03-14 23:36:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007-08-02 00:51:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Juniper Networks
[2004-01-17 02:30:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kazaa Lite
[2006-03-15 23:05:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lavasoft
[2004-01-21 01:59:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2004-09-04 13:39:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2008-08-30 10:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2005-06-11 19:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Media Player Classic
[2008-06-09 21:54:09 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2004-02-07 17:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motive
[2009-03-13 23:45:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2004-01-16 19:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2008-02-08 19:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\muvee Technologies
[2006-04-20 19:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nero
[2006-08-11 18:36:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2004-11-27 10:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2004-11-22 18:15:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2005-12-27 19:18:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2006-11-23 00:44:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PPLive
[2005-07-16 17:26:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Protexis
[2006-08-11 18:36:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2006-06-05 02:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PVC
[2008-04-13 03:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Real
[2006-02-28 19:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\River Past G4
[2003-10-29 08:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007-03-23 22:50:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Screenshot Sender
[2007-04-11 16:30:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife
[2008-09-04 13:57:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data\SecuROM
[2008-12-16 01:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skype
[2004-01-21 01:59:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sonic
[2006-08-11 18:35:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2008-09-04 14:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sports Interactive
[2006-04-20 19:01:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\STOIK
[2003-10-29 08:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2003-10-29 08:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Symantec
[2008-07-03 01:00:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2005-07-22 17:20:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Talkback
[2008-01-08 20:36:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Temp
[2004-01-16 19:24:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008-08-29 23:27:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
[2005-05-11 19:14:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\vlc
[2008-08-21 20:45:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VoipCheapCom
[2004-10-22 18:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yahoo! Messenger
[2009-03-17 14:00:00 | 00,000,262 | -H-- | M] () -- C:\WINDOWS\Tasks\AA30690191841E15.job
[2009-03-16 18:40:35 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009-03-17 14:00:00 | 00,000,262 | -H-- | M] () -- C:\WINDOWS\Tasks\B6BD3813930AD6E7.job
[2003-08-17 07:14:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-03-17 01:59:32 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1556361800-3786245204-1565286441-1003.job
[2009-03-13 20:01:58 | 00,000,530 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
[2009-03-17 12:57:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2005-10-30 22:26:25 | 00,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job

========== Purity Check ==========

< End of report >
  • 0

#5
coldangel
Posted 17 March 2009 - 12:20 AM

coldangel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTListIt Extras logfile created on: 2009-03-17 14:01:12 - Run 1
OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Program Files\BitComet\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

759.48 Mb Total Physical Memory | 227.18 Mb Available Physical Memory | 29.91% Memory free
1.45 Gb Paging File | 0.94 Gb Available in Paging File | 64.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1138;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 1.05 Gb Free Space | 1.47% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 0.74 Gb Free Space | 0.99% Space Free | Partition Type: NTFS
Drive E: | 4.95 Gb Total Space | 0.80 Gb Free Space | 16.10% Space Free | Partition Type: FAT32
Drive F: | 699.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 345.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-5C6UV8TCVT
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe (Macromedia, Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10770:TCP" = 10770:TCP:*:Enabled:BitComet 10770 TCP
"10770:UDP" = 10770:UDP:*:Enabled:BitComet 10770 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe File not found
C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576 File not found
C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client (www.BitComet.com)
C:\Program Files\Ares\Ares.exe:*:Enabled:Ares (Ares Development Group)
C:\Program Files\Kazaa Lite K++\Kazaa.kpp:*:Enabled:Kazaa File not found
C:\Documents and Settings\Owner\Desktop\DC++[MultiSource]\DCPlusPlus.exe:*:Enabled:DC++ File not found
C:\Program Files\Hello\Hello.exe:*:Enabled:Hello! (Picasa, Inc.)
C:\Program Files\Sports Interactive\Football Manager 2005\fm2005.exe:*:Enabled:Football Manager 2005 File not found
C:\Program Files\CoolStreaming\cool.exe:*:Enabled:cool File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing (Microsoft Corporation)
C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® (Microsoft Corporation)
C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ (ICQ Inc.)
C:\Program Files\BitComet\eMule\emule.exe:*:Enabled:eMule File not found
C:\Program Files\softnyx\GunBound\GunBound.exe:*:Enabled:GunBound Startup Application File not found
C:\Program Files\softnyx\GunBound\GunBound.gme:*:Enabled:GunBound File not found
C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox (Mozilla Corporation)
C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice (Microsoft Corporation)
C:\unzipped\lancraft101b\lancraft.exe:*:Enabled:lancraft File not found
C:\Program Files\Warcraft III\lancraft101b\lancraft.exe:*:Enabled:lancraft ()
C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III (Blizzard Entertainment)
C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC (mIRC Co. Ltd.)
C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher (Valve)
C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader File not found
C:\Program Files\Mp3 To All Converter\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\Sports Interactive\Football Manager 2007\fm.exe:*:Enabled:Football Manager 2007 File not found
C:\Program Files\Mp3 To All Converter\PPLive\PPLive.exe:*:Enabled:PPLive File not found
C:\Program Files\Lonely Cat Games\BMO\BomberMan.exe:*:Enabled:BomberMan File not found
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Mp3 To All Converter\Veoh\VeohClient.exe:*:Enabled:Veoh Client (Veoh Networks)
C:\Program Files\Mp3 To All Converter\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom File not found
C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008 (Sports Interactive)
C:\Program Files\Mp3 To All Converter\WebThunder.exe:*:Enabled:WebThunder (?????????????)
C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager (Nexon)
C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe File not found
C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe File not found
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath (Skype Technologies S.A.)
C:\Program Files\Mp3 To All Converter\ThunderLoader\Program\Thunder5.exe:*:Enabled:Thunder (Thunder Networking Technologies,LTD)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{045A0044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard - WE 2004
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}" = Sony ACID XPress 5.0a
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{1D643CD2-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money
"{27FA6CA3-00D3-4931-8086-EED9EDBADEF3}" = KSPlayer
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35917680-C0DA-4618-B878-54B74694A2FB}" = Yahoo! Widget Engine
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}" = Nokia Connectivity Cable Driver
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{65e607ee-73a5-4ea1-83f5-89a10077f614}" = 1000Tour
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{774C9799-1FD5-4BB2-925D-54B97AE6A908}" = AVOne 3GP Video Converter
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7a272051-05a3-4388-8691-ec33dedf8e2a}" = 1200Trb
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89256ffd-d367-403f-a484-dcd79a02fb21}" = 1200
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money System Pack
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6871F03-E140-4559-8940-AD1CC3D58CEE}" = Sony Ericsson PC Suite
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver UltraDev 4
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.5
"{AE86AE81-CD7F-496F-A39F-0210C985E71B}" = FM Modifier 2.25
"{B3B77C66-1553-4FFE-B044-53B179FBE0B6}" = SPSS 12.0 for Windows
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B702FCEF-5875-491C-B50C-A4B457617EC6}" = MindManager X5 Pro
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8410225-2F65-4BD6-A771-416CC1EAD58D}" = Qmax Webcam Driver
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E0FA36A0-DFB1-4D4D-8F27-D177C112852A}" = Microsoft Global IME for Office XP (Simplified Chinese)
"{e4077e90-5a9f-495f-8a64-4a48ad376057}" = 1200_Help
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = SymNet
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"Ã÷ÐÇÈýȱһ" = Ã÷ÐÇÈýȱһ
"Ad-Aware" = Ad-Aware
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe After Effects 7.0" = Adobe After Effects 7.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Âó¿Í·è_is1" = Âó¿Í·è
"Ares" = Ares 1.8.1
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"Audacity_is1" = Audacity 1.2.6
"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.82
"AviSynth" = AviSynth 2.5
"BackWeb-1940576 Uninstaller" = Compaq Connections
"BitComet" = BitComet 0.81
"Camfrog 5.2" = Camfrog Video Chat 5.2
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"ColorNick" = ColorNick v2 plugin for Messenger Plus!
"DefilerPak" = DefilerPak 1.22 (Remove Only)
"DesktopX" = DesktopX
"Diablo II" = Diablo II
"Digital Clock Screen Saver_is1" = Digital Clock Screen Saver
"Disk Heal" = Disk Heal
"DivX Codec" = Remove DivX Codec
"DivX Player" = DivX Player
"DkZ Studio0.9.0" = DkZ Studio
"FileZilla" = FileZilla (remove only)
"FLIQLO" = FLIQLO Screen Saver
"FLVPlayer" = FLV Player 1.3.3
"Football Manager 2008" = Football Manager 2008
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 1.3
"GoldWave v5.23" = GoldWave v5.23
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{27FA6CA3-00D3-4931-8086-EED9EDBADEF3}" = KSPlayer
"InstallShield_{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}" = Nokia Connectivity Cable Driver
"Juniper Network Connect 5.5.0" = Juniper Networks Network Connect 5.5.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LView Pro Evaluation Version" = LView Pro Evaluation Version
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mIRC" = mIRC
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Mp3 To All Converter_is1" = Mp3 To All Converter V1.37.1
"MPEG4 Direct Maker" = MPEG4 Direct Maker
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsgPlus! Plugin" = Messenger Plus! 3
"MSN Music Assistant" = MSN Music Assistant
"MSN Toolbar" = MSN Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" =
"ObjectDock" = ObjectDock
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PhotoMix_is1" = PhotoMix 5.3
"PicasaNet" = Hello (remove only)
"PopCap Browser Plugin" = PopCap Browser Plugin
"PowerISO" = PowerISO
"PS2" = PS2
"PSP Video 9" = PSP Video 9 1.74
"PSP_Movie_Creator" = PSP Movie Creator(remove only)
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealAlt_is1" = Real Alternative 1.36
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SmartStartup" = SmartStartup
"Sony Ericsson W800" = Sony Ericsson W800 Software
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"STB Project Postcard" = STB Project Postcard Screen Saver
"Super Video Joiner_is1" = Super Video Joiner 4.5
"SWiSHmax" = SWiSHmax
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004 (Symantec Corporation)
"SystemRequirementsLab" = System Requirements Lab
"Templatexpert PhotoStudio_is1" = Templatexpert PhotoStudio
"thunder_is1" = ѸÀ×5
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 1.5.12
"VLC media player" = VideoLAN VLC media player 0.8.1
"VobSub" = VobSub v2.23 (Remove Only)
"WebThunder" = WEBѸÀ×
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Companion
"Yahoo! Widget Engine" = Yahoo! Widget Engine
"ZBOT para Cs1.6_is1" = ZBOT para Cs1.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-02-19 22:28:52 | Computer Name = YOUR-5C6UV8TCVT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20081.21709, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2009-02-20 03:39:38 | Computer Name = YOUR-5C6UV8TCVT | Source = Application Hang | ID = 1002
Description = Hanging application winamp.exe, version 5.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009-02-22 16:03:16 | Computer Name = YOUR-5C6UV8TCVT | Source = Application Hang | ID = 1002
Description = Hanging application winamp.exe, version 5.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009-03-01 16:15:44 | Computer Name = YOUR-5C6UV8TCVT | Source = Application Error | ID = 1000
Description = Faulting application objectdock.exe, version 1.0.0.285, faulting module
objectdock.exe, version 1.0.0.285, fault address 0x0001354b.

Error - 2009-03-13 06:15:50 | Computer Name = YOUR-5C6UV8TCVT | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2009-03-15 12:48:27 | Computer Name = YOUR-5C6UV8TCVT | Source = Application Error | ID = 1000
Description = Faulting application objectdock.exe, version 1.0.0.285, faulting module
objectdock.exe, version 1.0.0.285, fault address 0x0001354b.

[ System Events ]
Error - 2009-03-15 23:36:22 | Computer Name = YOUR-5C6UV8TCVT | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 2009-03-15 23:36:22 | Computer Name = YOUR-5C6UV8TCVT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aspi32

Error - 2009-03-16 19:15:49 | Computer Name = YOUR-5C6UV8TCVT | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 2009-03-16 19:15:49 | Computer Name = YOUR-5C6UV8TCVT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aspi32

Error - 2009-03-17 00:41:06 | Computer Name = YOUR-5C6UV8TCVT | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 2009-03-17 00:41:06 | Computer Name = YOUR-5C6UV8TCVT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aspi32

Error - 2009-03-17 00:49:57 | Computer Name = YOUR-5C6UV8TCVT | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 2009-03-17 00:49:57 | Computer Name = YOUR-5C6UV8TCVT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aspi32

Error - 2009-03-17 00:59:05 | Computer Name = YOUR-5C6UV8TCVT | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 2009-03-17 00:59:05 | Computer Name = YOUR-5C6UV8TCVT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aspi32


< End of report >
  • 0

#6
coldangel
Posted 17 March 2009 - 01:20 AM

coldangel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
just did an adaware scan. here's the log.

Logfile created: 2009-03-17 13:3:9
Lavasoft Ad-Aware version: 8.0.3
Extended engine version: 8.1
User performing scan: Owner

*********************** Definitions database information ***********************
Lavasoft definition file: 146.22
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 110443
Objects detected: 61


Type Detected
==========================
Processes.......: 1
Registry entries: 2
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 58
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
Description: *kontera* Family Name: Cookies Clean status: Success Item ID: 409363 Family ID: 0
Description: *tribalfusion* Family Name: Cookies Clean status: Success Item ID: 408785 Family ID: 0
Description: *fastclick* Family Name: Cookies Clean status: Success Item ID: 408869 Family ID: 0
Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
Description: *statcounter* Family Name: Cookies Clean status: Success Item ID: 409185 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *.zedo* Family Name: Cookies Clean status: Success Item ID: 409030 Family ID: 0
Description: *adopt.euroclick* Family Name: Cookies Clean status: Success Item ID: 409169 Family ID: 0
Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0
Description: *hitbox* Family Name: Cookies Clean status: Success Item ID: 408858 Family ID: 0
Description: *.hitbox* Family Name: Cookies Clean status: Failed Item ID: 409072 Family ID: 0
Description: *adbrite* Family Name: Cookies Clean status: Success Item ID: 409218 Family ID: 0
Description: *adlegend* Family Name: Cookies Clean status: Success Item ID: 409170 Family ID: 0
Description: *trafficmp* Family Name: Cookies Clean status: Success Item ID: 408787 Family ID: 0
Description: *revsci* Family Name: Cookies Clean status: Success Item ID: 409137 Family ID: 0
Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
Description: *pointroll* Family Name: Cookies Clean status: Success Item ID: 408826 Family ID: 0
Description: *ads.pointroll* Family Name: Cookies Clean status: Failed Item ID: 408927 Family ID: 0
Description: *bluestreak* Family Name: Cookies Clean status: Success Item ID: 408904 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *adbureau* Family Name: Cookies Clean status: Success Item ID: 409027 Family ID: 0
Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Clean status: Failed Item ID: 409017 Family ID: 0
Description: *tacoda* Family Name: Cookies Clean status: Success Item ID: 409123 Family ID: 0
Description: *questionmarket* Family Name: Cookies Clean status: Success Item ID: 408819 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *roiservice* Family Name: Cookies Clean status: Success Item ID: 409196 Family ID: 0
Description: *realmedia* Family Name: Cookies Clean status: Failed Item ID: 409139 Family ID: 0
Description: *statse.webtrends* Family Name: Cookies Clean status: Success Item ID: 408803 Family ID: 0
Description: *webtrendslive* Family Name: Cookies Clean status: Failed Item ID: 408954 Family ID: 0
Description: *.webtrendslive* Family Name: Cookies Clean status: Failed Item ID: 409033 Family ID: 0
Description: *statse.webtrendslive* Family Name: Cookies Clean status: Failed Item ID: 409269 Family ID: 0
Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0
Description: *telegraph.co* Family Name: Cookies Clean status: Success Item ID: 409353 Family ID: 0
Description: *ads.telegraph.co* Family Name: Cookies Clean status: Failed Item ID: 409348 Family ID: 0
Description: *casalemedia* Family Name: Cookies Clean status: Success Item ID: 409152 Family ID: 0
Description: *hits.gureport.co* Family Name: Cookies Clean status: Success Item ID: 409364 Family ID: 0
Description: *insightexpressai* Family Name: Cookies Clean status: Success Item ID: 409259 Family ID: 0
Description: *tradedoubler* Family Name: Cookies Clean status: Success Item ID: 408964 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *adrevolver* Family Name: Cookies Clean status: Success Item ID: 408932 Family ID: 0
Description: *media.adrevolver* Family Name: Cookies Clean status: Failed Item ID: 409144 Family ID: 0
Description: *247realmedia* Family Name: Cookies Clean status: Failed Item ID: 408945 Family ID: 0
Description: *etracker* Family Name: Cookies Clean status: Success Item ID: 409002 Family ID: 0
Description: *adultfriendfinder* Family Name: Cookies Clean status: Success Item ID: 409164 Family ID: 0
Description: *overture* Family Name: Cookies Clean status: Success Item ID: 408834 Family ID: 0

Quarantined items:
Description: c:\program files\common files\stardock\mcpcore.dll Family Name: Win32.Trojan.Spy Clean status: Success Item ID: 530041 Family ID: 983
Description: HKLM:HKEY_CLASSES_ROOT\CLSID\{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}: Family Name: Win32.Trojan.Spy Clean status: Success Item ID: 530041 Family ID: 983
Description: HKLM:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad:0aMCPClient Family Name: Win32.Trojan.Spy Clean status: Success Item ID: 530041 Family ID: 983

Scan and cleaning complete: Finished correctly after 7121 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Fri Mar 13 18:34:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Fri Mar 13 18:34:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: true
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: YOUR-5C6UV8TCVT
Processor name: Intel® Pentium® 4 CPU 2.60GHz
Processor identifier: x86 Family 15 Model 2 Stepping 9
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 521, number of processors 1
Physical memory available: 312233984 bytes
Physical memory total: 796377088 bytes
Virtual memory available: 2057461760 bytes
Virtual memory total: 2147352576 bytes
Memory load: 60%
Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Windows startup mode:

Running processes:
PID: 584 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 648 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 672 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 716 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 728 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 880 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 936 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1032 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1064 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1232 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1256 name: C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1424 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1440 name: C:\WINDOWS\Explorer.EXE owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1568 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1644 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1708 name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 408 name: C:\windows\system\hpsysdrv.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 416 name: C:\WINDOWS\system32\hkcmd.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 424 name: C:\WINDOWS\System32\hphmon05.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 432 name: C:\HP\KBD\KBD.EXE owner: Owner domain: YOUR-5C6UV8TCVT
PID: 440 name: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 508 name: C:\Program Files\Common Files\Symantec Shared\ccApp.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 628 name: C:\WINDOWS\ALCXMNTR.EXE owner: Owner domain: YOUR-5C6UV8TCVT
PID: 792 name: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 988 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1008 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1016 name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1024 name: C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1104 name: C:\WINDOWS\system32\ctfmon.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1216 name: C:\Program Files\MSN Messenger\msnmsgr.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1228 name: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1460 name: C:\Program Files\WinZip\WZQKPICK.EXE owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1816 name: C:\Documents and Settings\Owner\Local Settings\Temp\Imation\USB_ImationFlashDetect.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1140 name: C:\Program Files\Stardock\ObjectDock\ObjectDock.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1988 name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2000 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2012 name: c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2040 name: C:\Program Files\Juniper Networks\Common Files\dsNcService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1896 name: c:\Program Files\Norton AntiVirus\navapsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1124 name: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1772 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2056 name: c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2768 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2944 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3032 name: C:\WINDOWS\system32\wscntfy.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 3088 name: c:\Program Files\Norton AntiVirus\SAVScan.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3184 name: C:\WINDOWS\System32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3372 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3496 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3892 name: C:\WINDOWS\system32\wuauclt.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1880 name: C:\Program Files\MSN Messenger\usnsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2888 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 3928 name: C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe owner: Owner domain: YOUR-5C6UV8TCVT
PID: 1752 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe owner: Owner domain: YOUR-5C6UV8TCVT

Startup items:
Name: IMJPMIG8.1
imagepath: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Name: MSPY2002
imagepath: C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
Name: PHIME2002ASync
imagepath: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Name: PHIME2002A
imagepath: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Name: hpsysdrv
imagepath: c:\windows\system\hpsysdrv.exe
Name: HotKeysCmds
imagepath: C:\WINDOWS\system32\hkcmd.exe
Name: HPHUPD05
imagepath: c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
Name: HPHmon05
imagepath: C:\WINDOWS\System32\hphmon05.exe
Name: KBD
imagepath: C:\HP\KBD\KBD.EXE
Name: UpdateManager
imagepath: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Name: Recguard
imagepath: C:\WINDOWS\SMINST\RECGUARD.EXE
Name: ccApp
imagepath: "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Name: PS2
imagepath: C:\WINDOWS\system32\ps2.exe
Name: Openwares LiveUpdate
imagepath: C:\Program Files\LiveUpdate\LiveUpdate.exe
Name: IgfxTray
imagepath: C:\WINDOWS\system32\igfxtray.exe
Name: AlcxMonitor
imagepath: ALCXMNTR.EXE
Name: Symantec NetDriver Monitor
imagepath: C:\PROGRA~1\SYMNET~1\SNDMon.exe
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name: avgnt
imagepath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: 0aMCPClient
imagepath: {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
imagepath: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
imagepath: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
imagepath: C:\Program Files\Microsoft Office\Office10\OSA.EXE
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
imagepath: C:\Program Files\WinZip\WZQKPICK.EXE

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: AntiVirScheduler
displayname: Avira AntiVir Personal - Free Antivirus Scheduler
Name: AntiVirService
displayname: Avira AntiVir Personal - Free Antivirus Guard
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Browser
displayname: Computer Browser
Name: ccEvtMgr
displayname: Symantec Event Manager
Name: ccSetMgr
displayname: Symantec Settings Manager
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: dsNcService
displayname: Juniper Network Connect Service
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: iPod Service
displayname: iPod Service
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: navapsvc
displayname: Norton AntiVirus Auto Protect Service
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: SAVScan
displayname: SAVScan
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: StarWindService
displayname: StarWind iSCSI Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: usnjsvc
displayname: Messenger Sharing Folders USN Journal Reader service
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WudfSvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: WZCSVC
displayname: Wireless Zero Configuration
  • 0

#7
coldangel
Posted 17 March 2009 - 07:13 AM

coldangel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
update. Avira picked up a detection for TR/PCK.Krap.B.144 Trojan

i've denied access for it as recommended. appreciate your advise.

Thanks in advance!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP