Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Trojan?

Started by FrankUK , May 31 2009 02:09 PM

  • Please log in to reply

#1
FrankUK
Posted 31 May 2009 - 02:09 PM

FrankUK

    New Member

  • Member
  • Pip
  • 1 posts
Hi

I have had problems since this morning accessing certain websites which were home pages on IE7. All I get now for my msn.com and my btyahoo home pages is ‘Internet Explorer cannot display the webpage’
I know of other favourite websites that give the same message.
I have run Norton antivirus that did not detect anything, followed by malwarebytes (quick scan) that detected 6 problems that it fixed. After a restart with no improvement, I ram spybot S&D. It picked up 6 different problems.

These are:

DoubleClick
Microsoft.Windows.Security.InternetExplorer
Smitfraud-c
Smitfraud-c.gp
Tibs.vq

These were all selected to be fixed.
After a restart the problem still existed. I then ran malwarebytes full scan which detected no problems.
I have since ran Rooter scan and OTListIT and have posted the logs below:

Malwarebytes log:

Malwarebytes' Anti-Malware 1.37
Database version: 2199
Windows 5.1.2600 Service Pack 3

31/05/2009 12:26:26
mbam-log-2009-05-31 (12-26-26).txt

Scan type: Quick Scan
Objects scanned: 160795
Time elapsed: 29 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Rooter log:

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:114400 Mo/Free:1320 Mo)
D:\ [Removable] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

31/05/2009|20:30

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
---------- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
---------- C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
---------- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
---------- C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
---------- C:\WINDOWS\BCMSMMSG.exe
---------- C:\PROGRA~1\Yahoo!\browser\ycommon.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
---------- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
---------- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
---------- C:\Program Files\Microsoft IntelliType Pro\itype.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
---------- C:\WINDOWS\SYSTEM32\tbctray.exe
---------- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
---------- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
---------- C:\WINDOWS\System32\DSentry.exe
---------- C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
---------- C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Exif Launcher\QuickDCF.exe
---------- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
---------- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
---------- C:\WINDOWS\system32\NOTEPAD.EXE
---------- C:\WINDOWS\system32\SearchProtocolHost.exe
---------- C:\WINDOWS\system32\SearchFilterHost.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 31/05/2009|20:31

----------------------\\ Scan completed at 20:31


OTListIT log:

OTListIt logfile created on: 31/05/2009 20:35:52 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Frank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

766.98 Mb Total Physical Memory | 342.29 Mb Available Physical Memory | 44.63% Memory free
1.46 Gb Paging File | 1.06 Gb Available in Paging File | 73.11% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 53.29 Gb Free Space | 47.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Frank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe ()
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation)
PRC - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (C-Dilla Ltd)
PRC - C:\Program Files\Iomega\System32\ActivityDisk.exe (Iomega Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Iomega\DriveIcons\ImgIcon.exe (Iomega)
PRC - C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\SYSTEM32\tbctray.exe (Voyetra Turtle Beach, Inc.)
PRC - C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Exif Launcher\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Documents and Settings\Frank\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (Autodata Limited License Service [Auto | Running]) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe ()
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation)
SRV - (C-DillaSrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (C-Dilla Ltd)
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Iomega Activity Disk2 [Auto | Running]) -- C:\Program Files\Iomega\System32\ActivityDisk.exe (Iomega Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NMSSvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\NMSSvc.exe (Intel Corporation)
SRV - (Norton AntiVirus [Auto | Running]) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (BCMModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (BHDrvx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\BHDrvx86.sys (Symantec Corporation)
DRV - (Bonifay [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Bonifay.sys (Freecom)
DRV - (btaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation)
DRV - (BTDriver [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation)
DRV - (BTKRNL [Boot | Running]) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation)
DRV - (C-Dilla [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\CDANT.SYS (Macrovision)
DRV - (ccHP [System | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\ccHPx86.sys (Symantec Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (GcKernel [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\GcKernel.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (HIDSwvd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys (Microsoft Corporation)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (IDSxpx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090528.001\IDSxpx86.sys (Symantec Corporation)
DRV - (iomdisk [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (LCcFltr [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LCcFltr.Sys (Logitech, Inc.)
DRV - (LHidFlt2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LHidUsb.Sys (Logitech, Inc.)
DRV - (LKbdFlt2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys (Logitech, Inc.)
DRV - (LMouFlt2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys (Logitech, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (msgame [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msgame.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090531.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090531.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NMSCFG [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\NMSCFG.SYS (Intel Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (nmwcdcj [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdcm [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (NuidFltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSPX.SYS (Symantec Corporation)
DRV - (sscdbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdbus.sys (MCCI)
DRV - (sscdmdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys (MCCI)
DRV - (sscdmdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdmdm.sys (MCCI)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tbcspud [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tbcspud.sys (Voyetra Turtle Beach)
DRV - (tbcwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tbcwdm.sys (Voyetra Turtle Beach)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (V0260VID [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\V0260Vid.sys (Creative Technology Ltd.)
DRV - (vtdg46xx [On_Demand | Stopped]) -- C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/14 08:33:07 | 00,000,000 | ---D | M]


O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [BCMSMMSG] BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe (Iomega)
O4 - HKLM..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe (Iomega Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup (Nokia)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS\SYSTEM32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKLM..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://bltvpn.bltne...wnloadCitrixCab (Citrix ICA Client)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} http://dm.screensave.../sinstaller.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yaho...mail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} https://a248.e.akama...ol/SymDlBrg.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo....plorer1_9us.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://bltvpn.bltne...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} http://www.gamespot.com/KDX/kdx.cab (Secure Delivery)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15102/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O16 - DPF: RaptisoftGameLoader http://www.miniclip....tgameloader.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll (Broadcom Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 14:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/31 20:33:25 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/31 20:33:11 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Frank\Desktop\OTListIt2.exe
[2009/05/31 20:30:12 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/31 20:30:03 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Frank\Desktop\Rooter.exe
[2009/05/31 20:10:12 | 00,019,574 | ---- | C] () -- C:\DOCUME~1\Frank\My Documents\IE7Hijackthis log.docx
[2009/05/31 16:05:45 | 00,001,323 | ---- | C] () -- C:\DOCUME~1\Frank\Desktop\HijackThis.lnk
[2009/05/31 16:02:54 | 00,000,000 | ---D | C] -- C:\HJT
[2009/05/31 16:02:15 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\DOCUME~1\Frank\Desktop\HJTInstall.exe
[2009/05/31 11:54:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\Malwarebytes
[2009/05/31 11:54:00 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/31 11:53:57 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/31 11:53:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/31 11:53:54 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/31 11:53:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/31 11:53:26 | 00,000,933 | ---- | C] () -- C:\DOCUME~1\Frank\Desktop\Spybot - Search & Destroy.lnk
[2009/05/31 11:47:55 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\DOCUME~1\Frank\Desktop\setup-spybotsd162.exe
[2009/05/31 11:44:40 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Frank\Desktop\mbam-setup.exe
[2009/05/25 15:39:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\MindMapper 2008
[2009/05/24 21:51:25 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Frank\Desktop\Sally's Car Radio
[2009/05/24 19:16:30 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Frank\My Documents\Mind Maps
[2009/05/24 10:01:50 | 00,282,624 | ---- | C] (TODO: <?? ??>) -- C:\WINDOWS\System32\TwdFilt.dll
[2009/05/24 10:01:29 | 00,001,319 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\MindMapper 2008.lnk
[2009/05/24 10:01:29 | 00,000,000 | ---D | C] -- C:\Program Files\MindMapper2008
[2009/05/24 09:59:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\InstallShield
[2009/05/24 09:33:27 | 00,000,630 | ---- | C] () -- C:\DOCUME~1\Frank\Desktop\µTorrent.lnk
[2009/05/20 00:29:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/05/19 23:38:36 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\Frank\Application Data\JuniperSetup.exe
[2009/05/19 20:31:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/19 20:24:53 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/05/19 20:21:32 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/04 15:08:39 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Frank\Desktop\CAPA Work
[2008/12/26 12:46:39 | 00,096,768 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2008/03/18 23:26:49 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/17 09:07:49 | 00,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/06/09 05:52:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/06/09 05:51:17 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/06/09 05:49:30 | 00,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/06/05 12:11:30 | 00,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/05/17 14:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/04/25 23:35:19 | 00,000,310 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2006/04/25 23:22:11 | 00,000,302 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2006/04/25 23:22:11 | 00,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2006/04/25 23:22:06 | 00,004,995 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2006/04/25 23:22:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2006/04/24 19:22:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/12/07 13:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/08/08 20:27:42 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2005/07/31 09:03:51 | 00,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2005/07/31 09:03:51 | 00,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2005/06/15 16:20:00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/04/20 18:53:03 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/03/28 13:19:06 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2004/12/12 18:59:12 | 00,000,030 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/10/22 20:13:38 | 00,000,387 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/10/02 16:06:57 | 00,000,519 | ---- | C] () -- C:\WINDOWS\blueFlag.ini
[2004/10/01 15:01:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/09/09 05:42:35 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/29 21:11:38 | 00,007,133 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/07/29 18:37:34 | 00,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.A424.dll
[2004/06/22 16:12:56 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004/04/20 20:23:39 | 00,007,776 | ---- | C] () -- C:\WINDOWS\Sealey.INI
[2004/04/18 13:03:11 | 00,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2004/03/22 17:30:26 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2003/12/23 08:41:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2003/11/21 18:43:06 | 00,000,160 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2003/10/12 14:30:27 | 00,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2003/08/27 12:40:53 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2003/08/27 12:40:53 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2003/07/02 08:31:12 | 00,000,604 | ---- | C] () -- C:\WINDOWS\Vtw.INI
[2003/06/19 21:48:11 | 00,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2003/06/19 21:48:11 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\animation2.dll
[2003/05/02 08:40:28 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/05/02 08:28:44 | 00,000,177 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2003/05/02 08:28:38 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/03/10 22:53:56 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003/01/22 23:56:09 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2003/01/17 18:22:05 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/17 18:15:28 | 00,000,897 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/01/17 18:13:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/17 18:07:17 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/17 17:46:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/03 14:36:02 | 00,000,842 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 14:26:32 | 00,000,259 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/05/15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/02/06 10:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 16:17:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/11/23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/26 11:59:26 | 00,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2001/07/26 11:59:24 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll
[2001/07/26 11:59:22 | 00,307,200 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll
[2001/07/26 11:59:20 | 00,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[1997/06/14 01:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1996/04/03 20:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[44 C:\WINDOWS\System32\*.tmp files]
[2009/05/31 20:33:30 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Frank\Desktop\OTListIt2.exe
[2009/05/31 20:30:11 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Frank\Desktop\Rooter.exe
[2009/05/31 20:17:43 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/31 20:17:30 | 00,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/05/31 20:17:15 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/31 20:16:51 | 00,026,682 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/05/31 20:16:37 | 00,000,062 | -HS- | M] () -- C:\DOCUME~1\Frank\Local Settings\DESKTOP.INI
[2009/05/31 20:16:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/31 20:16:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/31 20:16:21 | 80,430,6944 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/31 20:15:00 | 00,000,842 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/05/31 20:15:00 | 00,000,259 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/05/31 20:15:00 | 00,000,211 | -HS- | M] () -- C:\BOOT.INI
[2009/05/31 20:10:13 | 00,019,574 | ---- | M] () -- C:\DOCUME~1\Frank\My Documents\IE7Hijackthis log.docx
[2009/05/31 16:05:46 | 00,001,323 | ---- | M] () -- C:\DOCUME~1\Frank\Desktop\HijackThis.lnk
[2009/05/31 16:02:40 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\DOCUME~1\Frank\Desktop\HJTInstall.exe
[2009/05/31 11:54:00 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/31 11:53:26 | 00,000,933 | ---- | M] () -- C:\DOCUME~1\Frank\Desktop\Spybot - Search & Destroy.lnk
[2009/05/31 11:50:57 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\DOCUME~1\Frank\Desktop\setup-spybotsd162.exe
[2009/05/31 11:44:40 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Frank\Desktop\mbam-setup.exe
[2009/05/31 10:05:09 | 00,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/05/31 09:35:19 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/05/31 07:04:34 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/30 08:22:21 | 00,708,608 | ---- | M] () -- C:\DOCUME~1\Frank\My Documents\pwd.mdb
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/24 10:01:29 | 00,001,319 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\MindMapper 2008.lnk
[2009/05/24 09:33:27 | 00,000,630 | ---- | M] () -- C:\DOCUME~1\Frank\Desktop\µTorrent.lnk
[2009/05/20 00:37:09 | 00,000,076 | -HS- | M] () -- C:\DOCUME~1\Frank\My Documents\DESKTOP.INI
[2009/05/20 00:32:31 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/19 23:38:44 | 00,061,440 | ---- | M] () -- C:\Documents and Settings\Frank\Application Data\JuniperSetup.exe
[2009/05/07 08:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 25214 bytes -> C:\DOCUME~1\Frank\Desktop\O2 e-mail.url:favicon
@Alternate Data Stream - 1406 bytes -> C:\DOCUME~1\Frank\Desktop\NHS email.url:favicon
@Alternate Data Stream - 1150 bytes -> C:\DOCUME~1\Frank\Desktop\Egg.url:favicon
< End of report >


OT-Extras log:

OTListIt Extras logfile created on: 31/05/2009 20:35:52 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Frank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

766.98 Mb Total Physical Memory | 342.29 Mb Available Physical Memory | 44.63% Memory free
1.46 Gb Paging File | 1.06 Gb Available in Paging File | 73.11% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 53.29 Gb Free Space | 47.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Frank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger File not found
C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Microsoft Games\Age of Empires III\Age3.exe:*:Enabled:Age of Empires 3 (Ensemble Studios)
C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh File not found
C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player (RealNetworks, Inc.)
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Azureus Inc)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs (Ensemble Studios)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver (www.sopcast.com)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe:*:Enabled:Symantec Service Framework File not found
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe:*:Enabled:Symantec Service Framework File not found
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Documents and Settings\Frank\Application Data\Juniper Networks\Juniper Citrix Services Client\dsCitrixProxy.exe:*:Enabled:Juniper Citrix Services Client (Juniper Networks)
C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application (www.sopcast.com)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1EDBB5DD-3AB0-49D8-99CC-235A93865D03}" = Tiscali 10.0
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{232E984E-F02D-4DAE-80F4-97884EC52F16}" = MindMapper 2008
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{49D4FCCF-45D6-11D4-8F73-0050DA0F6297}" = The Sims Livin' it up
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}" =
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.71
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5FCDE341-328B-434B-9F21-AF5BADB57852}" = Symantec Technical Support Web Controls
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Belkin Bluetooth Software
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Turtle Beach Santa Cruz Driver
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}" =
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F96CC255-9AFE-47B2-B8D5-504DD8BC9E0B}" = Zoom Ethernet ADSL Modem
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Active Disk" = Active Disk
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Azureus" = Azureus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BT Openworld Plug & Go" = BT Openworld Plug & Go
"BT Yahoo! Applications" = BT Yahoo! Applications
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"Cossacks : The Art Of War" = Cossacks - The Art Of War
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Vista IM User's Guide English" = Creative Live! Cam Vista IM User's Guide (English)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)
"Creative WebCam Center" = Creative WebCam Center
"Defraggler" = Defraggler (remove only)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR300 Reference Guide" = ESPR300 Reference Guide
"ESPR300 Software Guide" = ESPR300 Software Guide
"ESPR300 Standalone Guide" = ESPR300 Standalone Guide
"EW : Cossacks" = EW : Cossacks
"Exif Launcher 1.0" = Exif Launcher Ver.1.1
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"FinePixViewer 1.0" = FinePixViewer Ver.1.1
"Freecom Personal Media Suite_is1" = Freecom Personal Media Suite 2.18
"getPlus®_ocx" = getPlus®_ocx
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"Iomega App Services" = Iomega App Services
"Iomega Backup" = Iomega Backup 4.4
"IomegaWare" = IomegaWare
"kdx" = Secure Delivery
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"LMS" = C-Dilla Licence Management System
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft ARX EUR 2000" = Microsoft AutoRoute Express Europe 2000
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"Money2007b" = Microsoft Money 2007
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NAV" = Norton AntiVirus
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Punch! Super Home Design" = Punch! Super Home Design
"RealPlayer 6.0" = RealOne Player
"Registry Booster_is1" = Uniblue Registry Booster
"SopCast" = SopCast 3.0.0
"SopCore" = SopCore 1.1.2
"SpeedFan" = SpeedFan (remove only)
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC
"SysInfo" = Creative System Information
"TVAnts 1.0" = TVAnts 1.0
"UT2004" = Unreal Tournament 2004
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp (remove only)
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2kSetup" = Microsoft Works 2000 Setup Launcher
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/05/2009 15:07:19 | Computer Name = DELL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 31/05/2009 15:07:19 | Computer Name = DELL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 31/05/2009 15:12:24 | Computer Name = DELL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 31/05/2009 15:12:24 | Computer Name = DELL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 31/05/2009 15:12:37 | Computer Name = DELL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 31/05/2009 15:12:37 | Computer Name = DELL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 31/05/2009 15:16:37 | Computer Name = DELL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 31/05/2009 15:16:37 | Computer Name = DELL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 31/05/2009 15:16:38 | Computer Name = DELL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 31/05/2009 15:16:38 | Computer Name = DELL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 31/05/2009 04:12:10 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 31/05/2009 07:28:49 | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0007E9DA94E1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 31/05/2009 07:29:15 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 31/05/2009 08:22:29 | Computer Name = DELL | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer PageManager PDF Writer share
name Printer2.

Error - 31/05/2009 08:22:42 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 31/05/2009 14:33:34 | Computer Name = DELL | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ACER-8C1E498EF8 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{1BC370CB-BFA. The master browser is stopping or an election is being
forced.

Error - 31/05/2009 15:13:24 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2

Error - 31/05/2009 15:13:24 | Computer Name = DELL | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Norton AntiVirus service.

Error - 31/05/2009 15:13:35 | Computer Name = DELL | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Norton AntiVirus service.

Error - 31/05/2009 15:16:51 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The Polaroid Digital Cam Video service failed to start due to the
following error: %%2


< End of report >




Thanks
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP