Computer freezes, can't do anything [Solved] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Computer freezes, can't do anything [Solved] Rootkit.Agent is a scary thing :(

#1 epicholic

  • Group: Member
  • Posts: 60
  • Joined: 09-March 09

  Posted 02 June 2009 - 04:07 PM

Hello, today I googled and it kept on redirecting me to a site lo-find.com/[search words] and then it changed my wallpaper and kept telling me I had a virus but I know this is a trick so I didn't download anything it popped up with. I restarted and then the problems became worse. At start up I cannot even open anything. On the taskbar a message comes up saying "Could not reconnect all network drives." The screen just keeps freezing and the mouse is always at an hourglass. So I went to safemode and did an Mbam scan and it found 21 infected files, which I removed. But after I restarted and went to normal, it was still slow and kept freezing. I really need to use my laptop so please someone help me. I have now been reduced to using my laptop only in the safe mode. Whenever I do an Mbam scan, I always get 1 infected file: Rootkit.Agent and the item: C:\\WINDOWS\system32\drivers\str.sys...

HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:13, on 2009-06-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.serv...dOS=&lf=RED
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://www.sc2.org/misc/tvants.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF22296.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10609 bytes


MBAM log:
Scan type: Quick Scan
Objects scanned: 84811
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

OTL Log:
OTL Extras logfile created on: 6/7/2009 11:48:53 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 712.13 Mb Available Physical Memory | 70.23% Memory free
1.63 Gb Paging File | 1.43 Gb Available in Paging File | 87.81% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.33 Gb Total Space | 11.23 Gb Free Space | 17.45% Space Free | Partition Type: NTFS
Drive D: | 10.17 Gb Total Space | 1.10 Gb Free Space | 10.79% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYNAME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe File not found
C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\EA GAMES\Medal of Honor Allied Assault Spearhead Demo\moh_spearhead_demo.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead (Electronic Arts Inc.)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager (Nexon)
C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĩTorrent (BitTorrent, Inc.)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader (AOL LLC)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour (Apple Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Disabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B228DC-4B49-4AF7-B3C6-AA612CD14A83}" = Medal of Honor Allied Assault™ Spearhead Demo
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{552E6DA4-A0F9-41AC-8473-E825D60674EA}" = HP User Guides 0037
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = IntelŪ Graphics Media Accelerator Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{911A0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{AF64F216-D859-43FC-9068-0005A41AEBA3}" = AT&T Communication Manager
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE4A7830-7480-425C-8330-699C30FD8C66}" = PHM Registry Editor
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AIM_6" = AIM 6
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner (remove only)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mp3tag" = Mp3tag v2.41
"Nostale Global_is1" = Nostale Global (Remove)
"npkcxp" = nProtect KeyCrypt
"RealPlayer 6.0" = RealPlayer
"SANAKO Media Assistant Lite" = SANAKO Media Assistant Lite
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"TVAnts ActiveX Control 1.0" = TVAnts ActiveX Control 1.0
"Tweak UI 2.10" = Tweak UI
"UnityWebPlayer" = Unity Web Player
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.5
"WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem
"WIC" = Windows Imaging Component
"WildTangent hplaptop Master Uninstall" = My HP Games
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENcast Organizer" = ZENcast Organizer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2009 8:21:43 PM | Computer Name = MYNAME | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
unknown, version 0.0.0.0, fault address 0xe8000000.

Error - 6/3/2009 8:32:02 PM | Computer Name = MYNAME | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module
xul.dll, version 1.9.0.3399, fault address 0x000aed35.

Error - 6/5/2009 6:22:43 PM | Computer Name = MYNAME | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\47e13.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/5/2009 6:22:49 PM | Computer Name = MYNAME | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\47e13.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/5/2009 6:22:51 PM | Computer Name = MYNAME | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\47e13.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/5/2009 6:23:21 PM | Computer Name = MYNAME | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\47e1e.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 6/6/2009 11:19:08 AM | Computer Name = MYNAME | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.36.0.0, faulting module oleaut32.dll,
version 5.1.2600.5512, fault address 0x000048a4.

Error - 6/6/2009 11:19:44 AM | Computer Name = MYNAME | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.36.0.0, faulting module oleaut32.dll,
version 5.1.2600.5512, fault address 0x000048a4.

Error - 6/6/2009 11:19:54 AM | Computer Name = MYNAME | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.36.0.0, faulting module oleaut32.dll,
version 5.1.2600.5512, fault address 0x000048a4.

Error - 6/6/2009 11:24:38 AM | Computer Name = MYNAME | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.36.0.0, faulting module oleaut32.dll,
version 5.1.2600.5512, fault address 0x000048a4.

[ System Events ]
Error - 6/7/2009 11:38:57 AM | Computer Name = MYNAME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/7/2009 11:39:16 AM | Computer Name = MYNAME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/7/2009 11:40:34 AM | Computer Name = MYNAME | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 6/7/2009 11:40:34 AM | Computer Name = MYNAME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 6/7/2009 11:40:37 AM | Computer Name = MYNAME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde PCIIde Pcmcia ViaIde

Error - 6/7/2009 11:43:23 AM | Computer Name = MYNAME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/7/2009 11:43:54 AM | Computer Name = MYNAME | Source = Service Control Manager | ID = 7001
Description = The Message Queuing service depends on the Distributed Transaction
Coordinator service which failed to start because of the following error: %%1068

Error - 6/7/2009 11:43:54 AM | Computer Name = MYNAME | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%1068

Error - 6/7/2009 11:43:54 AM | Computer Name = MYNAME | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 6/7/2009 11:43:54 AM | Computer Name = MYNAME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm SASDIFSV SASKUTIL


< End of report >



Rooter log:
Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:65875 Mo/Free:2081 Mo)
D:\ [Fixed] - FAT32 - (Total:10412 Mo/Free:1123 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:967 Mo/Free:961 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

2009-06-02|17:52

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
---------- C:\WINDOWS\Explorer.EXE
---------- F:\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 2009-06-02|17:53

----------------------\\ Scan completed at 17:53

#2 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,433
  • Joined: 31-May 06

Posted 07 June 2009 - 10:15 AM

Hi there and sorry for the delay

I would like you to run the following programme in safe mode - it will complain but let it run

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a OTListit log so we can continue cleaning the system.

#3 epicholic

  • Group: Member
  • Posts: 60
  • Joined: 09-March 09

Posted 07 June 2009 - 10:42 AM

Essexboy, thank you for your help. :)

I did as you said, I saved the Combofix under Combo-fix and ran it through successfully in safe mode. In previous times I have never been able to get OTL to work but after I logged in the administrator account, OTL worked without error so does it make a difference when I run these application on my main account or the administrator account and give you the logs?

Combofix Log:
ComboFix 09-06-06.04 - Administrator 06/07/2009 12:19.8 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.664 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\str.sys
.
---- Previous Run -------
.
c:\windows\system32\drivers\itqgwkwh.sys
c:\windows\system32\SYSDLL.exe
c:\windows\system32\sysloc
c:\windows\system32\sysloc\sysloc.dll
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-07 15:34 . 2009-06-07 15:34 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-06 02:02 . 2009-06-06 02:02 -------- dc----w- C:\Rustbfix
2009-06-02 21:02 . 2009-06-07 16:18 -------- dcs---w- C:\ComboFix
2009-06-02 19:40 . 2009-06-02 19:40 63360 ----a-w- c:\windows\system32\drivers\qklgkfezzq.sys
2009-05-23 12:35 . 2009-05-23 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-05-23 05:59 . 2009-05-23 05:59 10134 ----a-r- c:\documents and settings\MYNAME\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-23 05:59 . 2009-05-23 05:59 -------- d-----w- c:\program files\Microsoft WSE
2009-05-23 05:40 . 2009-05-23 05:40 -------- d-----w- c:\program files\Electronic Arts
2009-05-23 02:19 . 2009-05-23 02:19 -------- d-----w- c:\program files\uTorrent
2009-05-23 02:19 . 2009-05-23 12:35 -------- d-----w- c:\documents and settings\MYNAME\Application Data\uTorrent
2009-05-21 14:23 . 2009-05-21 14:23 -------- dc----w- C:\Research In Motion
2009-05-21 14:23 . 2009-05-21 14:23 -------- d-----w- c:\program files\AT&T
2009-05-20 19:18 . 2009-05-20 19:18 390664 ----a-w- c:\documents and settings\MYNAME\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-14 04:09 . 2009-05-14 04:09 207872 ----a-w- c:\documents and settings\MYNAME\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-05-14 04:09 . 2009-05-14 04:09 207872 ----a-w- c:\documents and settings\MYNAME\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-05-14 04:09 . 2009-05-14 04:09 207872 ----a-w- c:\documents and settings\MYNAME\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-05-14 04:09 . 2009-05-14 04:09 207872 ----a-w- c:\documents and settings\MYNAME\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-05-09 23:20 . 2009-05-22 00:25 -------- dc----w- C:\Nostale(Global)
2009-05-09 13:59 . 2009-05-09 13:59 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 15:42 . 2009-03-24 06:33 117760 ----a-w- c:\documents and settings\MYNAME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-07 15:34 . 2009-04-28 20:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-06 21:28 . 2007-05-23 01:49 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-05 22:23 . 2009-03-24 06:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-02 21:00 . 2009-06-02 21:00 184 ----a-w- c:\program files\hkqd.txt
2009-05-26 17:20 . 2009-04-28 20:47 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2009-04-28 20:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-23 15:19 . 2008-10-07 19:42 -------- d-----w- c:\documents and settings\MYNAME\Application Data\Skype
2009-05-23 05:40 . 2006-09-12 03:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-23 02:27 . 2007-06-15 00:19 -------- d-----w- c:\documents and settings\MYNAME\Application Data\BitTorrent
2009-05-21 14:18 . 2009-03-08 15:50 -------- d-----w- c:\program files\AT&T(2)
2009-05-21 14:09 . 2007-11-28 21:28 -------- d-----w- c:\program files\KMP
2009-05-21 14:05 . 2007-11-28 23:13 -------- d-----w- c:\program files\EA GAMES
2009-05-14 04:10 . 2008-05-02 04:18 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-14 04:09 . 2008-05-02 04:18 -------- d-----w- c:\documents and settings\MYNAME\Application Data\SystemRequirementsLab
2009-05-09 15:41 . 2009-05-08 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2009-05-08 04:54 . 2007-04-24 02:23 -------- d--h--w- c:\documents and settings\MYNAME\Application Data\Move Networks
2009-05-08 01:59 . 2006-09-12 04:40 87272 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 01:57 . 2008-02-20 05:40 -------- d-----w- c:\program files\Windows Live
2009-05-08 01:55 . 2007-04-07 13:58 -------- d-----w- c:\program files\MSN Messenger
2009-05-08 01:53 . 2009-05-08 01:53 -------- d-----w- c:\program files\Microsoft
2009-05-08 01:52 . 2009-05-08 01:52 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-08 01:47 . 2009-05-08 01:47 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-06 23:50 . 2006-06-29 18:43 92599 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-28 20:46 . 2009-04-28 20:46 -------- d-----w- c:\program files\ERUNT
2009-04-26 21:06 . 2007-12-08 02:14 -------- d-----w- c:\program files\BitTorrent
2009-04-22 04:34 . 2009-04-22 04:34 -------- d-----w- c:\documents and settings\MYNAME\Application Data\vlc
2009-04-08 20:19 . 2009-04-08 20:19 -------- d-----w- c:\documents and settings\MYNAME\Application Data\Music Recognition
2009-03-24 06:32 . 2009-03-24 06:32 34304 ----a-r- c:\documents and settings\MYNAME\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
2009-03-24 06:07 . 2009-03-24 06:07 4170352 ----a-w- c:\documents and settings\All Users\SPL1CF9.tmp
2007-06-29 00:11 . 2007-06-29 00:12 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-05-06 16:42 . 2009-04-22 04:33 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2007-08-26 22:49 . 2007-08-25 21:52 104 -csh--r- c:\windows\system32\D6DF696C83.sys
2007-08-26 22:50 . 2007-08-25 21:52 6580 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-10 185896]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]

c:\documents and settings\MYNAME\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-11-17 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-28 21:55 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-08 17:24 10520 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Allied Assault Spearhead Demo\\moh_spearhead_demo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

S0 ujgys;ujgys;c:\windows\system32\drivers\fkmcrbsr.sys --> c:\windows\system32\drivers\fkmcrbsr.sys [?]
S0 viwg;viwg;c:\windows\system32\drivers\itqgwkwh.sys --> c:\windows\system32\drivers\itqgwkwh.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [1/16/2009 3:28 PM 266240]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 7:33 PM 24652]
S2 xdfkvrfqbudhy;xdfkvrfqbudhy;c:\windows\system32\drivers\qklgkfezzq.sys [6/2/2009 3:40 PM 63360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AT&T Communication Manager - c:\program files\AT&T\Communication Manager\ATTCM.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://www.sc2.org/misc/tvants.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5jzc8gqm.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 12:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????f??????`?@?????L?@
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\MYNAME\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2009-06-07 12:29
ComboFix-quarantined-files.txt 2009-06-07 16:28
ComboFix2.txt 2009-04-29 19:40

Pre-Run: 12,036,927,488 bytes free
Post-Run: 12,033,949,696 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
213 --- E O F --- 2009-05-09 14:00


OTL Log:
OTL logfile created on: 6/7/2009 12:39:30 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.05 Mb Total Physical Memory | 786.17 Mb Available Physical Memory | 77.53% Memory free
1.64 Gb Paging File | 1.45 Gb Available in Paging File | 88.95% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.33 Gb Total Space | 11.22 Gb Free Space | 17.44% Space Free | Partition Type: NTFS
Drive D: | 10.17 Gb Total Space | 1.10 Gb Free Space | 10.79% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMMI
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Stopped]) -- C:\WINDOWS\system32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (CSHelper [Auto | Stopped]) -- C:\WINDOWS\system32\CSHelper.exe ()
SRV - (dlcx_device [Auto | Stopped]) -- C:\WINDOWS\system32\dlcxcoms.exe ( )
SRV - (ehRecvr [Auto | Stopped]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Stopped]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVCOMSer [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (McrdSvc [Auto | Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MSMQ [Auto | Stopped]) -- C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
SRV - (MSMQTriggers [Auto | Stopped]) -- C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
SRV - (npkcsvc [Disabled | Stopped]) -- File not found
SRV - (PEVSystemStart [Auto | Stopped]) -- C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
SRV - (StarWindServiceAE [Auto | Stopped]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (eabfiltr [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (HBtnKey [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (lvpopflt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (MCSTRM [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (mdmxsdk [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MQAC [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (npkcrypt [Auto | Stopped]) -- C:\WINDOWS\System32\npkcrypt.dll (INCA Internet Co., Ltd.)
DRV - (PCASp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCTINDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\PCTINDIS5.SYS (Smith Micro Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RimVSerPort [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (RMCAST [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\RMCast.sys (Microsoft Corporation)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (swmsflt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symlcbrd [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (USBCM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Sacm2A.sys ( )
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (w39n51 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (IntelŪ Corporation)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (xdfkvrfqbudhy [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\qklgkfezzq.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/08 13:23:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/08 17:16:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 23:10:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/11 18:20:51 | 00,000,000 | ---D | M]

[2009/03/08 14:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/03/08 14:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/08 14:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\5jzc8gqm.default\extensions
[2009/06/07 11:48:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 23:10:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/08 11:58:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2008/10/07 15:40:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/08 17:16:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/29 23:09:57 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 23:09:57 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 15:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 15:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 15:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 15:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 15:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 15:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 15:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a File not found
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 ()
O4 - HKLM..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_12.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f...tualEarth3D.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://www.sc2.org/misc/tvants.cab (TVAnts ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by109w.bay109.mail.live.com/mail/re...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/07 12:30:51 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\kikutepo
[2009/06/07 12:29:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/06/07 12:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\temp
[2009/06/07 12:18:38 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/06/07 12:17:36 | 03,018,938 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
[2009/06/07 11:48:43 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/06/05 22:02:58 | 00,000,000 | ---D | C] -- C:\Rustbfix
[2009/06/02 17:02:44 | 00,154,624 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/06/02 17:02:38 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/06/02 17:01:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/06/02 15:40:21 | 00,063,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\qklgkfezzq.sys
[2009/06/02 15:39:11 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\98902496.ini
[2009/05/23 08:35:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/05/23 01:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2009/05/23 01:58:58 | 00,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2009/05/23 01:40:17 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009/05/22 22:19:23 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/05/21 10:23:36 | 00,000,000 | ---D | C] -- C:\Research In Motion
[2009/05/21 10:23:36 | 00,000,000 | ---D | C] -- C:\Program Files\AT&T
[2009/05/09 19:20:03 | 00,000,000 | ---D | C] -- C:\Nostale(Global)
[2009/05/09 09:59:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/01/09 02:36:40 | 00,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/12/24 20:30:41 | 00,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/07/26 09:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/01/14 22:01:28 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/12/21 00:49:49 | 00,000,032 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/11/06 18:28:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2007/11/06 15:53:49 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2007/08/25 18:08:11 | 00,344,064 | R--- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2007/08/25 17:52:50 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\D6DF696C83.sys
[2007/08/25 17:52:49 | 00,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/08/25 17:38:04 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2007/08/25 17:38:04 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2007/08/25 17:36:02 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2007/08/25 17:36:01 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2007/08/25 17:36:00 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2007/08/25 17:36:00 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2007/08/25 17:35:59 | 00,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2007/08/25 17:35:59 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2007/08/25 17:35:58 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2007/08/25 17:35:57 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2007/08/25 17:35:57 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2007/08/25 17:35:56 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2007/08/25 17:35:56 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2007/08/25 17:35:55 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2007/08/25 17:35:55 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2007/08/25 17:35:55 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2007/08/25 17:35:54 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2007/08/25 17:35:53 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2007/08/25 17:35:52 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2007/08/25 17:35:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2007/08/25 17:35:49 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2007/08/25 17:35:49 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2007/08/25 17:35:48 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2007/08/25 17:35:47 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2007/08/25 17:35:45 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2007/08/18 19:32:13 | 00,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2007/08/18 19:32:13 | 00,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[2007/04/24 19:38:06 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SmartAudio.INI
[2007/04/16 19:24:01 | 00,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2007/03/15 23:56:59 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/12/31 14:51:05 | 00,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/12/26 17:01:03 | 00,000,820 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/22 07:42:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2006/09/12 01:33:52 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/12 01:30:31 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/12 01:13:48 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 01:03:33 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/08 15:58:04 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2006/06/29 15:18:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:46:56 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 00,000,889 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:13:22 | 00,000,687 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/29 07:00:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/04/24 15:09:58 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2006/03/19 20:03:04 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2006/03/04 03:07:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/02/13 09:13:00 | 00,058,038 | ---- | C] () -- C:\WINDOWS\System32\Vrunzip.dll
[2005/12/02 14:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 16:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

========== Files - Modified Within 30 Days ==========

[2009/06/07 12:31:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/07 12:24:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/07 12:17:36 | 03,018,938 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
[2009/06/07 11:48:44 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/06/07 11:40:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/06 17:28:16 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/02 15:40:21 | 00,063,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\qklgkfezzq.sys
[2009/06/02 15:39:11 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\98902496.ini
[2009/05/31 11:08:41 | 00,154,624 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/23 01:58:59 | 00,001,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2009/05/23 01:25:23 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/21 17:26:34 | 00,418,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/21 17:26:34 | 00,067,406 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/21 17:26:33 | 00,493,182 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/21 07:33:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/09 11:38:49 | 01,613,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/09 09:59:48 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wadmaud.drv:SummaryInformation
< End of report >

#4 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,433
  • Joined: 31-May 06

Posted 07 June 2009 - 10:51 AM

Yes they tend to be more effective from the admin account. Try this in normal mode, if that fails then run from safe


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\drivers\fkmcrbsr.sys
c:\windows\system32\drivers\itqgwkwh.sys
c:\windows\system32\drivers\qklgkfezzq.sys

Driver::
ujgys
viwg
xdfkvrfqbudhy


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt .


ON COMPLETION

In normal mode

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer


And for Firefox there are instructions on this page and you want the setting to be no proxy

Could you update me on your current problems when these tasks are complete :)

#5 epicholic

  • Group: Member
  • Posts: 60
  • Joined: 09-March 09

Posted 07 June 2009 - 12:05 PM

Okay so I tried the Combofix the first time, and it went through but at the end after it rebooted and was supposed to give me a log, it didn't. I waited for a pretty long time. So I did the Combofix a second time and this time it came up with an error message saying: "LVPrcInj01.dll was trying to attach to Combofix. Copy for later use: C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll" and then after it rebooted my computer an error message came up with "SED: can't read whitedir.dat: No such file or directory." and no log still. :) :)

The good news is that I can get on normal mode now! Big thanks for that!

Maybe if I tried the Combofix thing on Administrator account, but my main account is also labeled as an administrator so I dont understand why mine doesn't work as well. And on normal mode I can't find the same Administrator account that I could find in safe mode.

#6 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,433
  • Joined: 31-May 06

Posted 07 June 2009 - 12:32 PM

The safe mode administrator account is only visible there :)

OK we are now in normal mode

So I would now like you to run two programmes. The first may take 20 minutes or so and will do some cleaning, the second is fairly fast and will produce an analysis log

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

NEXT

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • File - Lop Check

    • File - Purity Scan

    • Evnt - EvtViewer (last 10)

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

#7 epicholic

  • Group: Member
  • Posts: 60
  • Joined: 09-March 09

Posted 07 June 2009 - 01:01 PM

I could run the Mbam with no problems but I had the same problems with OTS that I had with OTL with the error message "2099/1/1 12:00 is not a valid date and time" My computer time and date is correct. :)

MBAM log:

Malwarebytes' Anti-Malware 1.37
Database version: 2245
Windows 5.1.2600 Service Pack 3

2009-06-07 02:56:56 PM
mbam-log-2009-06-07 (14-56-56).txt

Scan type: Quick Scan
Objects scanned: 92091
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,433
  • Joined: 31-May 06

Posted 07 June 2009 - 02:04 PM

Hmmmm could you try to run OTS in safe mode please

#9 epicholic

  • Group: Member
  • Posts: 60
  • Joined: 09-March 09

Posted 07 June 2009 - 02:39 PM

Ran it through safe mode in Administrator account. Worked fine haha

OTS logfile created on: 6/7/2009 4:32:18 PM - Run 2
OTS by OldTimer - Version 3.0.4.0	 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.05 Mb Total Physical Memory | 733.01 Mb Available Physical Memory | 72.29% Memory free
1.64 Gb Paging File | 1.45 Gb Available in Paging File | 88.56% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.33 Gb Total Space | 12.28 Gb Free Space | 19.09% Space Free | Partition Type: NTFS
Drive D: | 10.17 Gb Total Space | 1.10 Gb Free Space | 10.79% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MYNAME
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/04/29 23:09:57 | 00,307,704 | ---- | M] (Mozilla Corporation)
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/06/07 16:31:56 | 00,505,856 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 00,587,096 | ---- | M] (Lavasoft AB)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\CTsvcCDA.exe -> [1999/12/12 13:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
(CSHelper) CopySafe Helper Service [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\CSHelper.exe -> [2009/01/16 15:28:20 | 00,266,240 | ---- | M] ()
(dlcx_device) dlcx_device [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\dlcxcoms.exe -> [2006/11/03 18:07:04 | 00,537,480 | R--- | M] ( )
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Stopped] -> C:\WINDOWS\eHome\ehRecvr.exe -> [2005/12/15 23:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Stopped] -> C:\WINDOWS\eHome\ehSched.exe -> [2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/08/11 20:08:49 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Stopped] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/08 17:16:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2008/07/26 09:23:42 | 00,186,904 | ---- | M] (Logitech Inc.)
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2008/07/26 09:25:36 | 00,150,040 | ---- | M] (Logitech Inc.)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Stopped] -> C:\WINDOWS\ehome\mcrdsvc.exe -> [2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\mhn.dll -> [2004/08/10 15:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(MSMQ) Message Queuing [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\mqsvc.exe -> [2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation)
(MSMQTriggers) Message Queuing Triggers [Win32_Own | Auto | Stopped] -> C:\WINDOWS\System32\mqtgsvc.exe -> [2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation)
(npkcsvc) npkcsvc [Win32_Own | Disabled | Stopped] ->  -> File not found
(StarWindServiceAE) StarWind AE Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Stopped] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
 
[Driver Services - Safe List]
(AliIde) AliIde [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -> [2006/01/19 05:18:52 | 00,424,320 | ---- | M] (Broadcom Corporation)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(eabfiltr) eabfiltr [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\eabfiltr.sys -> [2005/09/19 17:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(eabusb) eabusb [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\eabusb.sys -> [2005/09/19 17:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(FilterService) UVC Filter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys -> [2008/07/26 11:26:54 | 00,023,832 | ---- | M] (Logitech Inc.)
(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\cpqbttn.sys -> [2005/09/19 17:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.)
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\CHDAud.sys -> [2007/04/30 19:11:54 | 00,630,272 | ---- | M] (Conexant Systems Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -> [2005/08/21 20:06:16 | 00,201,600 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -> [2005/08/21 20:07:00 | 01,035,008 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -> [2006/03/23 08:47:06 | 01,166,972 | ---- | M] (Intel Corporation)
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\iaStor.sys -> [2005/10/13 05:07:12 | 00,874,240 | ---- | M] (Intel Corporation)
(lvpopflt) Logitech POP Suppression Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\lvpopflt.sys -> [2008/07/26 11:24:48 | 00,095,384 | ---- | M] (Logitech Inc.)
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -> [2008/07/26 09:25:02 | 00,025,624 | ---- | M] ()
(LVRS) Logitech RightSound Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\lvrs.sys -> [2008/07/26 11:25:46 | 00,627,864 | ---- | M] (Logitech Inc.)
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\LVUSBSta.sys -> [2008/07/26 11:26:20 | 00,041,752 | ---- | M] (Logitech Inc.)
(LVUVC) QuickCam for Notebooks Deluxe(UVC) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\lvuvc.sys -> [2008/07/26 11:26:42 | 04,658,584 | ---- | M] (Logitech Inc.)
(MCSTRM) MCSTRM [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\drivers\mcstrm.sys -> [2006/12/26 13:52:49 | 00,008,413 | ---- | M] (RealNetworks, Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -> [2006/02/14 15:57:46 | 00,012,672 | ---- | M] (Conexant)
(MQAC) Message Queuing access control [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\mqac.sys -> [2008/04/13 14:39:44 | 00,092,544 | ---- | M] (Microsoft Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(npkcrypt) npkcrypt [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\npkcrypt.dll -> [2005/06/21 09:42:28 | 00,233,555 | ---- | M] (INCA Internet Co., Ltd.)
(PCASp50) PCASp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\PCASp50.sys -> [2008/11/20 22:59:02 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(PCTINDIS5) PCTINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\PCTINDIS5.SYS -> [2008/11/20 22:59:02 | 00,032,408 | ---- | M] (Smith Micro Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2006/03/16 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\RimSerial.sys -> [2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd)
(RMCAST) Reliable Multicast Protocol driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\RMCast.sys -> [2008/05/08 10:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\RootMdm.sys -> [2006/03/16 00:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -> [2006/02/27 01:46:20 | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation						   )
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -> [2004/08/04 02:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2009/04/12 21:09:17 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2009/02/17 11:43:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -> [2009/02/17 11:43:28 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -> [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2008/03/14 16:02:22 | 00,716,272 | ---- | M] ()
(swmsflt) swmsflt [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\swmsflt.sys -> [2008/08/22 11:05:42 | 00,026,760 | R--- | M] ()
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(symlcbrd) symlcbrd [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\drivers\symlcbrd.sys -> [2006/09/12 00:52:05 | 00,010,344 | ---- | M] (Symantec Corporation)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\SynTP.sys -> [2006/06/17 00:40:56 | 00,193,120 | ---- | M] (Synaptics, Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\usbaudio.sys -> [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(usbbus) LGE Mobile Composite USB Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -> [2008/03/26 16:55:00 | 00,012,800 | ---- | M] (LG Electronics Inc.)
(USBCM) Scientific-Atlanta USB Cable Modem Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\Sacm2A.sys -> [2004/06/10 04:42:38 | 00,015,429 | R--- | M] ( )
(UsbDiag) LGE Mobile USB Serial Port [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -> [2008/03/26 16:55:00 | 00,019,840 | ---- | M] (LG Electronics Inc.)
(USBModem) LGE Mobile USB Modem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -> [2008/03/26 16:56:00 | 00,024,832 | ---- | M] (LG Electronics Inc.)
(usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\usb8023x.sys -> [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation)
(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\w39n51.sys -> [2006/04/21 13:06:24 | 01,429,632 | ---- | M] (IntelŪ Corporation)
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -> [2005/08/21 20:06:10 | 00,718,464 | ---- | M] (Conexant Systems, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 1 -> 
HKEY_LOCAL_MACHINE\: "ProxyOverride" -> *.local;<local> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: SearchURL\\"" ->  -> 
HKEY_USERS\.DEFAULT\: SearchURL\\"provider" ->  -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: SearchURL\\"" ->  -> 
HKEY_USERS\S-1-5-18\: SearchURL\\"provider" ->  -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-19\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-19\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-20\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-20\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\] > -> -> 
HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop -> 
HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\: SearchURL\\"provider" ->  -> 
HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found
HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\5jzc8gqm.default\prefs.js -> 
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.0 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/03/08 13:23:54 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/03/08 17:16:24 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/04/29 23:10:11 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/05/11 18:20:51 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions -> [2009/03/08 14:05:07 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/03/08 14:05:07 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\5jzc8gqm.default\extensions -> [2009/06/07 16:31:07 | 00,096,827 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/04/29 23:10:09 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/04/29 23:10:09 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2) -> [2009/04/29 23:10:09 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} -> [2009/04/29 23:10:09 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -> [2009/04/29 23:10:09 | 09,756,664 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/04/29 23:10:11 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/04/29 23:09:57 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/04/29 23:09:57 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/05/11 18:20:51 | 00,000,000 | ---D | M]
libvlc.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\libvlc.dll -> [2006/05/06 12:42:04 | 07,260,160 | ---- | M] ()
np-mswmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
np32dsw.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np32dsw.dll -> [2007/08/07 14:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.)
npArtistScope42.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npArtistScope42.dll -> [2009/01/15 13:53:03 | 00,616,448 | ---- | M] (ArtistScope)
npArtistScopeDRM11.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npArtistScopeDRM11.dll -> [2009/02/02 01:06:56 | 00,211,456 | ---- | M] (ArtistScope)
npbittorrent.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npbittorrent.dll -> [2008/09/03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.)
npCouponPrinter.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npCouponPrinter.dll -> [2008/06/18 03:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.)
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/03/08 17:16:22 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npdnu.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdnu.xpt -> [2008/09/26 12:40:34 | 00,000,170 | ---- | M] ()
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/04/29 23:10:03 | 00,065,528 | ---- | M] (mozilla.org)
nppl3260.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppl3260.dll -> [2008/04/10 09:38:09 | 00,144,984 | ---- | M] (RealNetworks, Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/05/11 18:20:51 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/05/11 18:20:51 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/05/11 18:20:51 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/05/11 18:20:51 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/05/11 18:20:51 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/05/11 18:20:51 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/05/11 18:20:51 | 00,143,360 | ---- | M] (Apple Inc.)
nprjplug.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nprjplug.dll -> [2008/04/10 09:38:21 | 00,008,192 | ---- | M] (RealNetworks, Inc.)
nprpjplug.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nprpjplug.dll -> [2008/04/10 09:38:02 | 00,094,208 | ---- | M] (RealNetworks, Inc.)
npViewpoint.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.dll -> [2007/04/16 13:07:12 | 00,180,293 | ---- | M] ()
npViewpoint.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npViewpoint.xpt -> [2006/10/09 14:26:35 | 00,000,266 | ---- | M] ()
npvlc.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npvlc.dll -> [2006/05/06 12:42:04 | 00,478,720 | ---- | M] (VideoLAN Team)
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/05/11 18:20:50 | 00,004,208 | ---- | M] ()
Setup Log.txt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\Setup Log.txt -> [2009/04/13 14:40:12 | 00,006,680 | ---- | M] ()
ShockwavePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ShockwavePlugin.cla -> [2007/08/07 14:04:52 | 00,001,144 | ---- | M] ()
uninstall.exe -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\uninstall.exe -> [2009/04/13 14:39:20 | 00,473,600 | ---- | M] ()
vlcintf.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\vlcintf.xpt -> [2006/05/06 12:42:02 | 00,000,578 | ---- | M] ()
WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007/03/30 11:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007/03/30 11:43:58 | 00,003,352 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/03/08 18:42:25 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/02/19 15:33:08 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/02/19 15:33:08 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/02/19 15:33:08 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/02/19 15:33:08 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/02/19 15:33:08 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/02/19 15:33:08 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/02/19 15:33:08 | 00,000,792 | ---- | M] ()
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2005/09/23 23:12:08 | 00,063,136 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/03/08 13:24:00 | 01,078,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [SSVHelper Class] -> [2009/03/08 17:16:23 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/08 17:16:22 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/08 17:16:24 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AT&T Communication Manager" -> C:\Program Files\AT&T\Communication Manager\ATTCM.exe ["C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a] -> File not found
"Cpqset" -> C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe] -> [2006/06/19 13:50:40 | 00,040,960 | ---- | M] ()
"CTCheck" -> C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe] -> [2007/11/06 11:08:10 | 00,397,312 | ---- | M] (Creative Technology Ltd)
"DLCXCATS" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16] -> [2006/10/16 01:31:56 | 00,106,496 | ---- | M] ()
"dlcxmon.exe" -> C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ["C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"] -> [2007/01/12 12:57:28 | 00,292,336 | ---- | M] ()
"ehTray" -> C:\WINDOWS\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/08/06 00:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation)
"FaxCenterServer" ->  ["C:\Program Files\Dell PC Fax\fm3032.exe" /s] -> File not found
"High Definition Audio Property Page Shortcut" -> C:\WINDOWS\System32\CHDAudPropShortcut.exe [CHDAudPropShortcut.exe] -> [2006/06/02 11:02:50 | 00,061,952 | ---- | M] (Windows (R) Server 2003 DDK provider)
"HP Software Update" -> C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> [2005/02/17 02:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
"igfxhkcmd" -> C:\WINDOWS\System32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2006/03/23 08:13:40 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> C:\WINDOWS\System32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2006/03/23 08:17:50 | 00,118,784 | ---- | M] (Intel Corporation)
"igfxtray" -> C:\WINDOWS\System32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2006/03/23 08:17:04 | 00,094,208 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/08/11 19:30:30 | 00,249,856 | ---- | M] (Macrovision Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/08/11 19:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation)
"LogitechCommunicationsManager" -> C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ["C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"] -> [2008/08/14 18:11:48 | 00,565,008 | ---- | M] ()
"LogitechQuickCamRibbon" -> C:\Program Files\Logitech\QuickCam\Quickcam.exe ["C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide] -> [2008/08/14 18:15:46 | 02,407,184 | ---- | M] ()
"MsmqIntCert" -> C:\WINDOWS\System32\mqrt.dll [regsvr32 /s mqrt.dll] -> [2008/04/13 20:11:57 | 00,177,152 | ---- | M] (Microsoft Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"RecGuard" -> C:\Windows\SMINST\RecGuard.exe [C:\Windows\SMINST\RecGuard.exe] -> [2005/10/11 13:23:50 | 01,187,840 | ---- | M] ()
"Reminder" -> C:\Windows\CREATOR\Remind_XP.exe [C:\Windows\CREATOR\Remind_XP.exe] -> [2006/02/09 12:52:14 | 00,643,072 | ---- | M] (SoftThinks)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/06/17 01:22:46 | 00,794,713 | ---- | M] (Synaptics, Inc.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2008/04/10 09:37:46 | 00,185,896 | ---- | M] (RealNetworks, Inc.)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"Malwarebytes' Anti-Malware" ->  [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> File not found
< Run [HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\] > -> HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"MSMSGS" -> C:\Program Files\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk -> C:\Program Files\Vongo\Tray.exe -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/24 01:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk -> C:\Program Files\Vongo\Tray.exe -> File not found
< MYNAME Startup Folder > -> C:\Documents and Settings\MYNAME\Start Menu\Programs\Startup -> 
C:\Documents and Settings\MYNAME\Start Menu\Programs\Startup\Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDock\ObjectDock.exe -> [2007/04/30 19:43:54 | 03,450,608 | ---- | M] (Stardock)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500] > -> HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\] > -> HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_12.dll [Menu: Sun Java Console] -> [2009/03/08 17:16:22 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Button: Create Mobile Favorite] -> [2006/06/20 22:35:56 | 00,142,120 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Menu: Create Mobile Favorite...] -> [2006/06/20 22:35:56 | 00,142,120 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_12.dll [Sun Java Console] -> [2009/03/08 17:16:22 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/06/20 22:35:56 | 00,142,120 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/06/20 22:35:56 | 00,142,120 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_12.dll [Sun Java Console] -> [2009/03/08 17:16:22 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/06/20 22:35:56 | 00,142,120 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/06/20 22:35:56 | 00,142,120 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\] > -> HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_12.dll [Sun Java Console] -> [2009/03/08 17:16:22 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite] -> [2006/06/20 22:35:56 | 00,142,120 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Create Mobile Favorite...] -> [2006/06/20 22:35:56 | 00,142,120 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\] > -> HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\] > -> HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2230873245-3016696742-639317436-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000055-9980-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/fhg.CAB [Reg Error: Key error.] -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] -> 
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4} [HKLM] -> http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab [Reg Error: Value error.] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> 
{20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Checkers Class] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> 
{4C833081-D026-4FF8-968F-7EAB660D2FBA} [HKLM] -> http://www.sc2.org/misc/tvants.cab [TVAnts ActiveX Control] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab [MSN Photo Upload Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{A8F2B9BD-A6A0-486A-9744-18920D898429} [HKLM] -> http://www.sibelius.com/download/software/win/ActiveXPlugin.cab [ScorchPlugin Class] -> 
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] -> 
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab [Java Plug-in 1.6.0_12] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{CF1E3C74-3086-4DB1-BBCC-CEC142AA3BA5}\\DhcpNameServer -> 192.168.0.1   (Broadcom 802.11b/g WLAN) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2008/12/22 11:05:34 | 00,356,352 | ---- | M] (SUPERAntiSpyware.com)
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/03/08 13:24:20 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2006/03/23 08:12:42 | 00,139,264 | ---- | M] (Intel Corporation)
WBSrv -> C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll -> [2007/11/28 17:55:54 | 00,229,376 | ---- | M] (Stardock Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" -> C:\Nexon\Combat Arms\CombatArms.exe [C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe] -> File not found
"C:\Nexon\Combat Arms\Engine.exe" -> C:\Nexon\Combat Arms\Engine.exe [C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe] -> File not found
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2008/05/28 21:43:50 | 00,159,744 | ---- | M] (Nexon)
"C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> [2008/10/21 13:09:59 | 00,050,472 | ---- | M] (AOL LLC)
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent] -> [2008/12/16 16:16:10 | 00,637,232 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour] -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader] -> [2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\EA GAMES\Medal of Honor Allied Assault Spearhead Demo\moh_spearhead_demo.exe" -> C:\Program Files\EA GAMES\Medal of Honor Allied Assault Spearhead Demo\moh_spearhead_demo.exe [C:\Program Files\EA GAMES\Medal of Honor Allied Assault Spearhead Demo\moh_spearhead_demo.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead] -> [2009/03/29 11:06:05 | 01,658,965 | ---- | M] (Electronic Arts Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2009/03/08 17:16:22 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager] -> [2006/06/20 22:36:00 | 00,187,176 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Disabled:ActiveSync Application] -> [2006/06/20 22:36:24 | 01,977,128 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/04/29 23:09:57 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/09/29 17:57:48 | 21,755,688 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĩTorrent] -> [2009/05/22 22:19:23 | 00,274,224 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 6/3/2009 8:32:02 PM Computer Name = MYNAME | Source = Application Error | ID = 1000 -> Description = Faulting application firefox.exe, version 1.9.0.3399, faulting module xul.dll, version 1.9.0.3399, fault address 0x000aed35.
Application [ Error ] 6/5/2009 6:22:43 PM Computer Name = MYNAME | Source = MsiInstaller | ID = 1008 -> Description = The installation of C:\WINDOWS\Installer\47e13.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Application [ Error ] 6/5/2009 6:22:49 PM Computer Name = MYNAME | Source = MsiInstaller | ID = 1008 -> Description = The installation of C:\WINDOWS\Installer\47e13.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Application [ Error ] 6/5/2009 6:22:51 PM Computer Name = MYNAME | Source = MsiInstaller | ID = 1008 -> Description = The installation of C:\WINDOWS\Installer\47e13.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Application [ Error ] 6/5/2009 6:23:21 PM Computer Name = MYNAME | Source = MsiInstaller | ID = 1008 -> Description = The installation of C:\WINDOWS\Installer\47e1e.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
Application [ Error ] 6/6/2009 11:19:08 AM Computer Name = MYNAME | Source = Application Error | ID = 1000 -> Description = Faulting application mbam.exe, version 1.36.0.0, faulting module oleaut32.dll, version 5.1.2600.5512, fault address 0x000048a4.
Application [ Error ] 6/6/2009 11:19:44 AM Computer Name = MYNAME | Source = Application Error | ID = 1000 -> Description = Faulting application mbam.exe, version 1.36.0.0, faulting module oleaut32.dll, version 5.1.2600.5512, fault address 0x000048a4.
Application [ Error ] 6/6/2009 11:19:54 AM Computer Name = MYNAME | Source = Application Error | ID = 1000 -> Description = Faulting application mbam.exe, version 1.36.0.0, faulting module oleaut32.dll, version 5.1.2600.5512, fault address 0x000048a4.
Application [ Error ] 6/6/2009 11:24:38 AM Computer Name = MYNAME | Source = Application Error | ID = 1000 -> Description = Faulting application mbam.exe, version 1.36.0.0, faulting module oleaut32.dll, version 5.1.2600.5512, fault address 0x000048a4.
Application [ Error ] 6/7/2009 1:11:22 PM Computer Name = MYNAME | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established  
System [ Error ] 6/7/2009 1:46:51 PM Computer Name = MYNAME | Source = BROWSER | ID = 8032 -> Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{CF1E3C74-3086-4DB1-BBCC-CEC142AA3BA5}.  The backup browser is stopping.
System [ Error ] 6/7/2009 1:51:37 PM Computer Name = MYNAME | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
System [ Error ] 6/7/2009 1:53:06 PM Computer Name = MYNAME | Source = Service Control Manager | ID = 7000 -> Description = The npkcrypt service failed to start due to the following error:   %%3
System [ Error ] 6/7/2009 1:54:45 PM Computer Name = MYNAME | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
System [ Error ] 6/7/2009 1:55:20 PM Computer Name = MYNAME | Source = BROWSER | ID = 8032 -> Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{CF1E3C74-3086-4DB1-BBCC-CEC142AA3BA5}.  The backup browser is stopping.
System [ Error ] 6/7/2009 2:58:40 PM Computer Name = MYNAME | Source = MRxSmb | ID = 8003 -> Description = The master browser has received a server announcement from the computer D76HSS81  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CF1E3C74-3086-4DB1-.  The master browser is stopping or an election is being forced.
System [ Error ] 6/7/2009 4:30:34 PM Computer Name = MYNAME | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 6/7/2009 4:30:54 PM Computer Name = MYNAME | Source = Service Control Manager | ID = 7001 -> Description = The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error:   %%1068
System [ Error ] 6/7/2009 4:30:54 PM Computer Name = MYNAME | Source = Service Control Manager | ID = 7001 -> Description = The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error:   %%1068
System [ Error ] 6/7/2009 4:30:54 PM Computer Name = MYNAME | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   Fips  intelppm  SASDIFSV  SASKUTIL
 
[Files/Folders - Created Within 30 Days]
kikutepo -> C:\WINDOWS\System32\kikutepo -> [2099/01/01 12:00:00 | 00,006,456 | -H-- | C] ()
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/06/07 16:31:56 | 00,505,856 | ---- | C] (OldTimer Tools)
CF17231.exe -> C:\WINDOWS\System32\CF17231.exe -> [2009/06/07 13:40:59 | 00,389,120 | ---- | C] (Microsoft Corporation)
ComboFix -> C:\ComboFix -> [2009/06/07 13:40:59 | 00,000,000 | --SD | C]
temp -> C:\WINDOWS\temp -> [2009/06/07 13:17:59 | 00,000,000 | ---D | C]
UserData -> C:\Documents and Settings\Administrator\UserData -> [2009/06/07 12:33:14 | 00,000,000 | --SD | C]
Combo-Fix -> C:\Combo-Fix -> [2009/06/07 12:18:38 | 00,000,000 | --SD | C]
Combo-Fix.exe -> C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe -> [2009/06/07 12:17:36 | 03,018,938 | R--- | C] ()
OTL.exe -> C:\Documents and Settings\Administrator\Desktop\OTL.exe -> [2009/06/07 11:48:43 | 00,501,760 | ---- | C] (OldTimer Tools)
Rustbfix -> C:\Rustbfix -> [2009/06/05 22:02:58 | 00,000,000 | ---D | C]
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/06/02 17:02:44 | 00,154,624 | ---- | C] ()
Qoobox -> C:\Qoobox -> [2009/06/02 17:01:57 | 00,000,000 | ---D | C]
98902496.ini -> C:\Documents and Settings\All Users\Application Data\98902496.ini -> [2009/06/02 15:39:11 | 00,000,000 | ---- | C] ()
Electronic Arts -> C:\Documents and Settings\All Users\Application Data\Electronic Arts -> [2009/05/23 08:35:55 | 00,000,000 | ---D | C]
Microsoft WSE -> C:\Program Files\Microsoft WSE -> [2009/05/23 01:59:47 | 00,000,000 | ---D | C]
The Sims™ 3.lnk -> C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk -> [2009/05/23 01:58:58 | 00,001,723 | ---- | C] ()
Electronic Arts -> C:\Program Files\Electronic Arts -> [2009/05/23 01:40:17 | 00,000,000 | ---D | C]
uTorrent -> C:\Program Files\uTorrent -> [2009/05/22 22:19:23 | 00,000,000 | ---D | C]
Research In Motion -> C:\Research In Motion -> [2009/05/21 10:23:36 | 00,000,000 | ---D | C]
AT&T -> C:\Program Files\AT&T -> [2009/05/21 10:23:36 | 00,000,000 | ---D | C]
Microsoft CAPICOM 2.1.0.2 -> C:\Program Files\Microsoft CAPICOM 2.1.0.2 -> [2009/05/09 09:59:32 | 00,000,000 | ---D | C]
swmsflt.sys -> C:\WINDOWS\System32\drivers\swmsflt.sys -> [2009/01/09 02:36:40 | 00,026,760 | R--- | C] ()
lvcoinst.ini -> C:\WINDOWS\System32\lvcoinst.ini -> [2008/12/24 20:30:41 | 00,066,482 | ---- | C] ()
LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2008/07/26 09:25:02 | 00,025,624 | ---- | C] ()
sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2008/01/14 22:01:28 | 00,716,272 | ---- | C] ()
GunzLauncher.INI -> C:\WINDOWS\GunzLauncher.INI -> [2007/12/21 00:49:49 | 00,000,032 | ---- | C] ()
WB.ini -> C:\WINDOWS\WB.ini -> [2007/11/06 18:28:16 | 00,000,000 | ---- | C] ()
wbload.dll -> C:\WINDOWS\System32\wbload.dll -> [2007/11/06 15:53:49 | 00,020,480 | ---- | C] ()
dlcxcoin.dll -> C:\WINDOWS\System32\dlcxcoin.dll -> [2007/08/25 18:08:11 | 00,344,064 | R--- | C] ()
D6DF696C83.sys -> C:\WINDOWS\System32\D6DF696C83.sys -> [2007/08/25 17:52:50 | 00,000,104 | RHS- | C] ()
KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2007/08/25 17:52:49 | 00,006,580 | -HS- | C] ()
DLPRMON.DLL -> C:\WINDOWS\System32\DLPRMON.DLL -> [2007/08/25 17:38:04 | 00,045,056 | ---- | C] ()
DLPMONUI.DLL -> C:\WINDOWS\System32\DLPMONUI.DLL -> [2007/08/25 17:38:04 | 00,032,768 | ---- | C] ()
dlcxinst.dll -> C:\WINDOWS\System32\dlcxinst.dll -> [2007/08/25 17:36:02 | 00,274,432 | ---- | C] ()
dlcxhcp.dll -> C:\WINDOWS\System32\dlcxhcp.dll -> [2007/08/25 17:36:01 | 00,323,584 | ---- | C] ( )
dlcxinpa.dll -> C:\WINDOWS\System32\dlcxinpa.dll -> [2007/08/25 17:36:00 | 00,413,696 | ---- | C] ( )
dlcxiesc.dll -> C:\WINDOWS\System32\dlcxiesc.dll -> [2007/08/25 17:36:00 | 00,397,312 | ---- | C] ( )
dlcxusb1.dll -> C:\WINDOWS\System32\dlcxusb1.dll -> [2007/08/25 17:35:59 | 00,991,232 | ---- | C] ( )
dlcxutil.dll -> C:\WINDOWS\System32\dlcxutil.dll -> [2007/08/25 17:35:59 | 00,454,656 | ---- | C] ()
dlcxserv.dll -> C:\WINDOWS\System32\dlcxserv.dll -> [2007/08/25 17:35:58 | 01,224,704 | ---- | C] ( )
dlcxprox.dll -> C:\WINDOWS\System32\dlcxprox.dll -> [2007/08/25 17:35:57 | 00,163,840 | ---- | C] ( )
dlcxpplc.dll -> C:\WINDOWS\System32\dlcxpplc.dll -> [2007/08/25 17:35:57 | 00,094,208 | ---- | C] ( )
dlcxpmui.dll -> C:\WINDOWS\System32\dlcxpmui.dll -> [2007/08/25 17:35:56 | 00,643,072 | ---- | C] ( )
dlcxlmpm.dll -> C:\WINDOWS\System32\dlcxlmpm.dll -> [2007/08/25 17:35:56 | 00,585,728 | ---- | C] ( )
dlcxinsb.dll -> C:\WINDOWS\System32\dlcxinsb.dll -> [2007/08/25 17:35:55 | 00,176,128 | ---- | C] ()
dlcxjswr.dll -> C:\WINDOWS\System32\dlcxjswr.dll -> [2007/08/25 17:35:55 | 00,139,264 | ---- | C] ()
dlcxinsr.dll -> C:\WINDOWS\System32\dlcxinsr.dll -> [2007/08/25 17:35:55 | 00,106,496 | ---- | C] ()
dlcxins.dll -> C:\WINDOWS\System32\dlcxins.dll -> [2007/08/25 17:35:54 | 00,176,128 | ---- | C] ()
dlcxhbn3.dll -> C:\WINDOWS\System32\dlcxhbn3.dll -> [2007/08/25 17:35:53 | 00,696,320 | ---- | C] ( )
dlcxgrd.dll -> C:\WINDOWS\System32\dlcxgrd.dll -> [2007/08/25 17:35:52 | 00,188,416 | ---- | C] ()
dlcxcub.dll -> C:\WINDOWS\System32\dlcxcub.dll -> [2007/08/25 17:35:51 | 00,086,016 | ---- | C] ()
dlcxcu.dll -> C:\WINDOWS\System32\dlcxcu.dll -> [2007/08/25 17:35:49 | 00,073,728 | ---- | C] ()
dlcxcur.dll -> C:\WINDOWS\System32\dlcxcur.dll -> [2007/08/25 17:35:49 | 00,036,864 | ---- | C] ()
dlcxcomm.dll -> C:\WINDOWS\System32\dlcxcomm.dll -> [2007/08/25 17:35:48 | 00,421,888 | ---- | C] ( )
dlcxcomc.dll -> C:\WINDOWS\System32\dlcxcomc.dll -> [2007/08/25 17:35:47 | 00,684,032 | ---- | C] ( )
dlcxcfg.dll -> C:\WINDOWS\System32\dlcxcfg.dll -> [2007/08/25 17:35:45 | 00,073,728 | ---- | C] ()
UNDPX2A.sys -> C:\WINDOWS\UNDPX2A.sys -> [2007/08/18 19:32:13 | 00,053,693 | R--- | C] ()
Sacm2A.sys -> C:\WINDOWS\System32\drivers\Sacm2A.sys -> [2007/08/18 19:32:13 | 00,015,429 | R--- | C] ( )
SmartAudio.INI -> C:\WINDOWS\SmartAudio.INI -> [2007/04/24 19:38:06 | 00,000,027 | ---- | C] ()
9DSetup.ini -> C:\WINDOWS\9DSetup.ini -> [2007/04/16 19:24:01 | 00,000,027 | ---- | C] ()
Sonyhcp.dll -> C:\WINDOWS\System32\drivers\Sonyhcp.dll -> [2007/03/15 23:56:59 | 00,003,654 | ---- | C] ()
winamp.ini -> C:\WINDOWS\winamp.ini -> [2006/12/31 14:51:05 | 00,001,065 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2006/12/26 17:01:03 | 00,000,820 | ---- | C] ()
dlcxcaps.dll -> C:\WINDOWS\System32\dlcxcaps.dll -> [2006/09/22 07:42:38 | 00,065,536 | ---- | C] ()
QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2006/09/12 01:33:52 | 00,000,031 | ---- | C] ()
NSSetDefaultBrowser.ini -> C:\WINDOWS\NSSetDefaultBrowser.ini -> [2006/09/12 01:30:31 | 00,000,698 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/09/12 01:13:48 | 00,000,376 | ---- | C] ()
oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2006/09/12 01:03:33 | 00,028,836 | ---- | C] ()
dlcxdrs.dll -> C:\WINDOWS\System32\dlcxdrs.dll -> [2006/08/08 15:58:04 | 00,692,224 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/06/29 15:18:14 | 00,000,061 | ---- | C] ()
WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2006/06/29 14:46:56 | 00,000,059 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2006/06/29 14:43:40 | 00,000,889 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2006/06/29 14:13:22 | 00,000,687 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2006/06/29 07:00:42 | 00,000,227 | ---- | C] ()
dlcxvs.dll -> C:\WINDOWS\System32\dlcxvs.dll -> [2006/04/24 15:09:58 | 00,040,960 | ---- | C] ()
dlcxcnv4.dll -> C:\WINDOWS\System32\dlcxcnv4.dll -> [2006/03/19 20:03:04 | 00,061,440 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2006/03/04 03:07:34 | 00,235,008 | ---- | C] ()
Vrunzip.dll -> C:\WINDOWS\System32\Vrunzip.dll -> [2006/02/13 09:13:00 | 00,058,038 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2005/12/02 14:09:10 | 00,000,000 | ---- | C] ()
qt-mt331.dll -> C:\WINDOWS\System32\qt-mt331.dll -> [2004/09/16 16:24:26 | 03,375,104 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> 
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/06/07 16:31:56 | 00,505,856 | ---- | M] (OldTimer Tools)
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/06/07 16:29:34 | 00,002,048 | --S- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/06/07 16:28:13 | 00,000,006 | -H-- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/06/07 13:54:53 | 00,000,227 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/06/07 13:54:44 | 00,000,027 | ---- | M] ()
Perflib_Perfdata_1f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1f0.dat -> [2009/06/07 13:43:53 | 00,016,384 | ---- | M] ()
CF17231.exe -> C:\WINDOWS\System32\CF17231.exe -> [2009/06/07 13:40:43 | 00,389,120 | ---- | M] (Microsoft Corporation)
NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2009/06/07 12:59:44 | 01,048,576 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\Administrator\ntuser.ini -> [2009/06/07 12:59:44 | 00,000,178 | -HS- | M] ()
Combo-Fix.exe -> C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe -> [2009/06/07 12:17:36 | 03,018,938 | R--- | M] ()
OTL.exe -> C:\Documents and Settings\Administrator\Desktop\OTL.exe -> [2009/06/07 11:48:44 | 00,501,760 | ---- | M] (OldTimer Tools)
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2009/06/07 11:39:12 | 02,205,456 | -H-- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/06/07 11:29:49 | 00,004,232 | ---- | M] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2009/06/06 17:28:16 | 00,001,324 | ---- | M] ()
98902496.ini -> C:\Documents and Settings\All Users\Application Data\98902496.ini -> [2009/06/02 15:39:11 | 00,000,000 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/05/31 11:08:41 | 00,154,624 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation)
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/05/26 10:45:01 | 00,005,819 | ---- | M] ()
The Sims™ 3.lnk -> C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk -> [2009/05/23 01:58:59 | 00,001,723 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/05/23 01:25:23 | 00,001,158 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/05/21 17:26:34 | 00,418,492 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/05/21 17:26:34 | 00,067,406 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/05/21 17:26:33 | 00,493,182 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/05/21 07:33:02 | 00,000,284 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/05/09 11:38:49 | 01,613,456 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/05/09 09:59:48 | 00,001,355 | ---- | M] ()
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [2008/01/17 14:08:49 | 00,162,451 | ---- | M] ()
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2008/01/17 10:18:59 | 00,016,384 | ---- | M] ()
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [2007/06/08 18:40:17 | 00,001,632 | ---- | M] ()
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2007/03/11 13:11:10 | 00,011,144 | ---- | M] ()
 
[File - Lop Check]
Application Data -> C:\Documents and Settings\Administrator\Application Data -> [2009/03/08 14:11:52 | 00,000,000 | RH-D | M]
Intuit -> C:\Documents and Settings\Administrator\Application Data\Intuit -> [2006/09/12 01:33:55 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009/06/02 16:12:30 | 00,000,000 | -H-D | M]
acccore -> C:\Documents and Settings\All Users\Application Data\acccore -> [2009/03/07 23:40:42 | 00,000,000 | ---D | M]
AT&T -> C:\Documents and Settings\All Users\Application Data\AT&T -> [2009/05/09 11:41:28 | 00,000,000 | ---D | M]
Azureus -> C:\Documents and Settings\All Users\Application Data\Azureus -> [2007/07/19 19:51:11 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [2006/09/12 01:15:12 | 00,000,000 | ---D | M]
DellFaxCtr -> C:\Documents and Settings\All Users\Application Data\DellFaxCtr -> [2007/08/25 17:37:31 | 00,000,000 | ---D | M]
Electronic Arts -> C:\Documents and Settings\All Users\Application Data\Electronic Arts -> [2009/05/23 08:35:55 | 00,000,000 | ---D | M]
FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [2008/08/11 20:29:13 | 00,000,000 | ---D | M]
Fugazo -> C:\Documents and Settings\All Users\Application Data\Fugazo -> [2008/06/09 20:56:44 | 00,000,000 | ---D | M]
Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [2006/09/12 01:33:55 | 00,000,000 | ---D | M]
Logishrd -> C:\Documents and Settings\All Users\Application Data\Logishrd -> [2009/03/10 02:07:48 | 00,000,000 | ---D | M]
LogiShrd(2) -> C:\Documents and Settings\All Users\Application Data\LogiShrd(2) -> [2009/02/25 17:03:17 | 00,000,000 | ---D | M]
Messenger Plus! -> C:\Documents and Settings\All Users\Application Data\Messenger Plus! -> [2008/02/20 01:46:12 | 00,000,000 | ---D | M]
muvee Technologies -> C:\Documents and Settings\All Users\Application Data\muvee Technologies -> [2007/01/06 21:24:48 | 00,000,000 | ---D | M]
NexonUS -> C:\Documents and Settings\All Users\Application Data\NexonUS -> [2008/07/03 16:22:05 | 00,000,000 | ---D | M]
PlayFirst -> C:\Documents and Settings\All Users\Application Data\PlayFirst -> [2007/07/01 14:54:49 | 00,000,000 | ---D | M]
Pure Networks -> C:\Documents and Settings\All Users\Application Data\Pure Networks -> [2008/08/24 14:32:29 | 00,000,000 | ---D | M]
SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2006/09/11 23:33:03 | 00,000,000 | ---D | M]
SongbirdVLC -> C:\Documents and Settings\All Users\Application Data\SongbirdVLC -> [2007/07/19 18:38:37 | 00,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2008/06/09 21:18:31 | 00,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2009/03/08 18:44:41 | 00,000,000 | ---D | M]
WildTangent -> C:\Documents and Settings\All Users\Application Data\WildTangent -> [2007/05/24 17:53:15 | 00,000,000 | ---D | M]
WinZip -> C:\Documents and Settings\All Users\Application Data\WinZip -> [2007/05/26 13:09:51 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\Default User\Application Data -> [2006/09/12 01:33:55 | 00,000,000 | RH-D | M]
Intuit -> C:\Documents and Settings\Default User\Application Data\Intuit -> [2006/09/12 01:33:55 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\LocalService\Application Data -> [2009/01/09 02:37:14 | 00,000,000 | ---D | M]
Bytemobile -> C:\Documents and Settings\LocalService\Application Data\Bytemobile -> [2009/01/09 02:37:14 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [2009/01/09 08:49:02 | 00,000,000 | ---D | M]
Bytemobile -> C:\Documents and Settings\NetworkService\Application Data\Bytemobile -> [2009/01/09 08:49:02 | 00,000,000 | ---D | M]
Application Data -> C:\Documents and Settings\MYNAME Han\Application Data -> [2009/05/23 08:37:56 | 00,000,000 | RH-D | M]
.purple -> C:\Documents and Settings\MYNAME\Application Data\.purple -> [2009/03/08 12:30:06 | 00,000,000 | ---D | M]
acccore -> C:\Documents and Settings\MYNAME\Application Data\acccore -> [2007/05/05 23:54:49 | 00,000,000 | ---D | M]
Aim -> C:\Documents and Settings\MYNAME\Application Data\Aim -> [2009/03/08 12:29:53 | 00,000,000 | ---D | M]
Ambient Design -> C:\Documents and Settings\MYNAME\Application Data\Ambient Design -> [2008/08/11 15:49:24 | 00,000,000 | ---D | M]
AT&T -> C:\Documents and Settings\MYNAME\Application Data\AT&T -> [2009/01/09 02:36:59 | 00,000,000 | ---D | M]
Azureus -> C:\Documents and Settings\MYNAME\Application Data\Azureus -> [2007/07/19 19:58:54 | 00,000,000 | ---D | M]
BitTorrent -> C:\Documents and Settings\MYNAME\Application Data\BitTorrent -> [2009/05/22 22:27:22 | 00,000,000 | ---D | M]
BitTorrent DNA -> C:\Documents and Settings\MYNAME\Application Data\BitTorrent DNA -> [2007/09/18 10:11:43 | 00,000,000 | ---D | M]
CamTrack -> C:\Documents and Settings\MYNAME\Application Data\CamTrack -> [2009/01/02 00:45:56 | 00,000,000 | ---D | M]
Corel -> C:\Documents and Settings\MYNAME\Application Data\Corel -> [2007/08/25 17:45:24 | 00,000,000 | ---D | M]
CyberLink -> C:\Documents and Settings\MYNAME\Application Data\CyberLink -> [2007/01/06 21:36:57 | 00,000,000 | ---D | M]
DAEMON Tools -> C:\Documents and Settings\MYNAME\Application Data\DAEMON Tools -> [2008/01/15 01:10:10 | 00,000,000 | ---D | M]
DBUpdater -> C:\Documents and Settings\MYNAME\Application Data\DBUpdater -> [2009/01/09 02:37:07 | 00,000,000 | ---D | M]
DellFaxCtr -> C:\Documents and Settings\MYNAME\Application Data\DellFaxCtr -> [2008/10/23 18:45:48 | 00,000,000 | ---D | M]
EstSoft -> C:\Documents and Settings\MYNAME\Application Data\EstSoft -> [2008/06/11 20:52:10 | 00,000,000 | ---D | M]
FlashGet -> C:\Documents and Settings\MYNAME\Application Data\FlashGet -> [2007/04/16 17:32:54 | 00,000,000 | ---D | M]
GetRightToGo -> C:\Documents and Settings\MYNAME\Application Data\GetRightToGo -> [2008/09/22 00:24:47 | 00,000,000 | ---D | M]
HorizonWimba -> C:\Documents and Settings\MYNAME\Application Data\HorizonWimba -> [2007/08/20 21:54:58 | 00,000,000 | ---D | M]
Intuit -> C:\Documents and Settings\MYNAME\Application Data\Intuit -> [2006/09/12 01:33:55 | 00,000,000 | ---D | M]
Leadertech -> C:\Documents and Settings\MYNAME\Application Data\Leadertech -> [2007/01/06 21:23:41 | 00,000,000 | ---D | M]
Move Networks -> C:\Documents and Settings\MYNAME\Application Data\Move Networks -> [2009/05/08 00:54:06 | 00,000,000 | -H-D | M]
Mp3tag -> C:\Documents and Settings\MYNAME\Application Data\Mp3tag -> [2008/06/17 19:27:49 | 00,000,000 | ---D | M]
Music Recognition -> C:\Documents and Settings\MYNAME\Application Data\Music Recognition -> [2009/04/08 16:19:58 | 00,000,000 | ---D | M]
muvee Technologies -> C:\Documents and Settings\MYNAME\Application Data\muvee Technologies -> [2007/01/06 21:28:11 | 00,000,000 | ---D | M]
Nexon -> C:\Documents and Settings\MYNAME\Application Data\Nexon -> [2007/08/25 20:58:51 | 00,000,000 | ---D | M]
ooVoo Details -> C:\Documents and Settings\MYNAME\Application Data\ooVoo Details -> [2009/01/18 16:32:53 | 00,000,000 | ---D | M]
Opera -> C:\Documents and Settings\MYNAME\Application Data\Opera -> [2007/08/23 23:33:16 | 00,000,000 | ---D | M]
PlayFirst -> C:\Documents and Settings\MYNAME\Application Data\PlayFirst -> [2007/07/01 14:54:49 | 00,000,000 | ---D | M]
Sierra Wireless -> C:\Documents and Settings\MYNAME\Application Data\Sierra Wireless -> [2009/01/09 02:36:40 | 00,000,000 | ---D | M]
Songbird -> C:\Documents and Settings\MYNAME\Application Data\Songbird -> [2007/01/22 19:31:32 | 00,000,000 | ---D | M]
SoundSpectrum -> C:\Documents and Settings\MYNAME\Application Data\SoundSpectrum -> [2007/12/22 01:15:14 | 00,000,000 | ---D | M]
SystemRequirementsLab -> C:\Documents and Settings\MYNAME\Application Data\SystemRequirementsLab -> [2009/05/14 00:09:54 | 00,000,000 | ---D | M]
Template -> C:\Documents and Settings\MYNAME\Application Data\Template -> [2008/01/17 10:18:57 | 00,000,000 | ---D | M]
Uniblue -> C:\Documents and Settings\MYNAME\Application Data\Uniblue -> [2007/08/14 00:05:58 | 00,000,000 | ---D | M]
Unity -> C:\Documents and Settings\MYNAME\Application Data\Unity -> [2009/03/07 12:45:10 | 00,000,000 | ---D | M]
uTorrent -> C:\Documents and Settings\MYNAME\Application Data\uTorrent -> [2009/05/23 08:35:39 | 00,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\MYNAME\Application Data\Viewpoint -> [2008/11/05 12:42:47 | 00,000,000 | ---D | M]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2009/06/07 12:27:51 | 00,000,000 | --SD | M]
AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2009/05/21 07:33:02 | 00,000,284 | ---- | M] ()
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2006/03/16 00:00:00 | 00,000,065 | RH-- | M] ()
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2009/06/07 16:28:13 | 00,000,006 | -H-- | M] ()
 
[File - Purity Scan]
 
 
[Alternate Data Streams]
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9000539
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0127DBDE
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wadmaud.drv:SummaryInformation
< End of report >

#10 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,433
  • Joined: 31-May 06

Posted 07 June 2009 - 03:01 PM

This looks to be the lot I think - can you let me know how your computer is behaving on completion, any problems you are experiencing

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: "ProxyEnable" -> 1
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY -> kikutepo -> C:\WINDOWS\System32\kikutepo
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

#11 epicholic

  • Group: Member
  • Posts: 60
  • Joined: 09-March 09

Posted 07 June 2009 - 03:14 PM

So far no problems. I did the OTS scan in normal mode and it went through successfully.

Also just a question, but do you know if Rootkit.Agent is something that takes away my information such as banking etc? I want to know what the point of this virus is.

[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\kikutepo moved successfully.
[Empty Temp Folders]

User: Administrator
->FireFox cache emptied: 26915779 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Temporary Internet Files folder emptied: 16786 bytes

User: MYNAME
File delete failed. C:\Documents and Settings\MYNAME\Temporary Internet Files\Content.IE5\Q1K9S5W9\size=120x90;noperf=1;alias=93245511;kvmn=93245511;target=_blank;aduho=240;grp=408553187;misc=40
8553187[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MYNAME\Temporary Internet Files\Content.IE5\Q1K9S5W9\tcodewads_at[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MYNAME\Temporary Internet Files\Content.IE5\OVM5SJQD\tcode3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MYNAME\Temporary Internet Files\Content.IE5\K3GBKLE3\AIM_UAC_v2[2].adp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MYNAME\Temporary Internet Files\Content.IE5\K3GBKLE3\ypc3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MYNAME\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 16992720 bytes
->Java cache emptied: 248367 bytes
File delete failed. C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 30967818 bytes
->Google Chrome cache emptied: 818 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 142582 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 713.89 mb

< End of fix log >
OTS by OldTimer - Version 3.0.4.0 fix logfile created on 06072009_170432

Files\Folders moved on Reboot...
C:\Documents and Settings\MYNAME\Temporary Internet Files\Content.IE5\Q1K9S5W9\size=120x90;noperf=1;alias=93245511;kvmn=93245511;target=_blank;aduho=240;grp=408553187;misc=40
8553187[1].htm moved successfully.
C:\Documents and Settings\MYNAME\Temporary Internet Files\Content.IE5\Q1K9S5W9\tcodewads_at[1].htm moved successfully.
C:\Documents and Settings\MYNAME\Temporary Internet Files\Content.IE5\OVM5SJQD\tcode3[1].htm moved successfully.
C:\Documents and Settings\MYNAME\Temporary Internet Files\Content.IE5\K3GBKLE3\AIM_UAC_v2[2].adp moved successfully.
C:\Documents and Settings\MYNAME\Temporary Internet Files\Content.IE5\K3GBKLE3\ypc3[1].htm moved successfully.
C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\MYNAME\Local Settings\Application Data\Mozilla\Firefox\Profiles\y0yzvhmd.default\XUL.mfl moved successfully.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1b8.dat not found!

Registry entries deleted on Reboot...

#12 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,433
  • Joined: 31-May 06

Posted 07 June 2009 - 03:23 PM

The point of this virus/malware is to attempt to turn your computer into either a spambot (send out spam mail) or to conduct a denial of service against a web site.

Are you experiencing any further problems now ?

#13 epicholic

  • Group: Member
  • Posts: 60
  • Joined: 09-March 09

Posted 07 June 2009 - 03:26 PM

Thank you, I've experienced no problems whatsoever after I was able to regain access to normal mode. Is there anything else we need to delete or get rid of?

Also I want to know how I can stop getting google redirect viruses because it seems those are the ones that I keep getting caught with. This is the third time actually :)...

#14 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,433
  • Joined: 31-May 06

Posted 07 June 2009 - 03:29 PM

Quote

Also I want to know how I can stop getting google redirect
Always close any popups by using the red x and not the close or cancel buttons

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")


XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done



SPRING CLEAN

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean


THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit


To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)

#15 epicholic

  • Group: Member
  • Posts: 60
  • Joined: 09-March 09

Posted 07 June 2009 - 03:59 PM

The only weird thing I have encountered is that my firefox looks smaller, such as the resolution. Would you happen to know if the virus changed my resolution and how to change it back to normal?

And thank you very much for your help! Geeks are the way to go :)

Share this topic:


  • 2 Pages +
  • 1
  • 2