Trend ChipAway Virus red warning screen [Solved] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Trend ChipAway Virus red warning screen [Solved]

#1 Owen22

  • Group: Member
  • Posts: 10
  • Joined: 03-November 09

Posted 03 November 2009 - 11:13 AM

After returning from vacation I booted up my, to my knowledge, previously working PC and got a red screen stating "Trend ChipAwayVirus has detected a boot virus on your hard disk". My PC now takes ages to perform any task and applications regularly crash...

I ran a full system scan with Norton Internet Security and a full scan will my already installed copy of Malwarebytes but neither found anything.

Strangely when I performed a 'quick' scan with Malwarebytes today it found and removed the following:

Malwarebytes' Anti-Malware 1.41
Database version: 3092
Windows 5.1.2600 Service Pack 3

03/11/2009 15:41:55
mbam-log-2009-11-03 (15-41-55).txt

Scan type: Quick Scan
Objects scanned: 116921
Time elapsed: 25 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\UAChpmkowbprd.db (Rootkit.TDSS) -> Quarantined and deleted successfully.


Despite this after rebooting my system I again got the ChipAway screen so it appears there is still a problem.

Here are the other requested scans...

RootRepeal:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/03 15:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dmx6fire.sys
Image Path: C:\WINDOWS\system32\drivers\dmx6fire.sys
Address: 0xF73FC000 Size: 86400 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF52CF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BD5000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8A22000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF7569000 Size: 323584 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x86eea918

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x86eeab08

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x86eefc60

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x86ede3c0

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x86cabc00

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf576d130

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x86b9c0f8

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x86bf0008

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x86c2d748

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x86eefef8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf576d3b0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf576d910

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x86e400f8

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x86ee76d8

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x86eea5f8

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x86f66db8

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x86cac7a0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x86ee6d70

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x86eecef8

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x86bd10f0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x86f65428

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x86ee36e0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x86bd1060

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x86bfc108

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x86c5a3e0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x86f63698

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x86bfa008

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x86eebef8

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf576db60

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x86efcef8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x86f69b78

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x86ef7928

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x86f64ef8

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x86ef6e90

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x86eefbd0

==EOF==


OTL:

OTL logfile created on: 03/11/2009 15:51:57 - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\ADMIN\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.47 Mb Total Physical Memory | 569.16 Mb Available Physical Memory | 55.61% Memory free
2.41 Gb Paging File | 2.06 Gb Available in Paging File | 85.62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 359.66 Gb Free Space | 77.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 76.32 Gb Total Space | 35.80 Gb Free Space | 46.90% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VINCENT
Current User Name: ADMIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/03 14:55:37 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/22 07:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/22 07:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/01 18:58:06 | 00,094,256 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/06/01 18:13:56 | 00,331,312 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/02/06 10:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/20 14:07:54 | 01,940,992 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
PRC - [2008/10/26 18:47:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/09 15:52:54 | 00,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2005/10/23 00:00:00 | 00,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2005/09/15 15:23:38 | 00,909,312 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe
PRC - [2003/08/29 09:30:28 | 00,335,872 | ---- | M] (TerraTec Electronic GmbH) -- C:\Program Files\TerraTec\DMX 6fire\DMX6Fire.exe


========== Modules (SafeList) ==========

MOD - [2009/11/03 14:55:37 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
MOD - [2009/08/22 07:28:14 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\asOEHook.dll
MOD - [2008/10/09 15:53:03 | 00,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2008/04/14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 00:12:04 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2008/04/14 00:11:57 | 00,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll
MOD - [2008/04/14 00:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008/04/14 00:11:48 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll
MOD - [2008/04/14 00:11:48 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/06 13:50:00 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2009/08/22 07:28:17 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/01 18:58:12 | 00,034,352 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/06/01 18:58:06 | 00,094,256 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/06/01 18:13:56 | 00,331,312 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/20 14:07:54 | 01,940,992 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2008/10/26 19:53:02 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/10/26 18:47:09 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/10/26 13:45:15 | 00,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2008/08/29 10:01:22 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/02/28 18:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/02/18 17:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/01/04 21:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 E2 7E A8 0C 41 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://katemoross.com/shop/"
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.29
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.04
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.32.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.7
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 8
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.2.2
FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..extensions.enabledItems: {eb46c787-131a-4eb7-9b93-7f62ca550917}:0.4.0
FF - prefs.js..extensions.enabledItems: {4a1a0a40-7d27-11dd-ad8b-0800200c9a66}:1.1

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/10/26 18:47:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 17:10:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/09/06 13:50:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/31 15:31:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/31 10:27:45 | 00,000,000 | ---D | M]

[2008/10/26 16:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2008/10/26 16:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/03 14:03:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions
[2009/09/04 19:15:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/03 05:21:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\{4a1a0a40-7d27-11dd-ad8b-0800200c9a66}
[2008/10/29 07:20:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2008/10/26 22:18:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/08/24 22:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2009/03/02 11:38:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2009/08/20 16:03:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/08/24 22:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
[2009/08/20 16:03:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\CrystalFox_Qute@BigRedBrent
[2009/10/31 09:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\firefox@tvunetworks.com
[2009/09/25 17:52:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\searchrecs@veoh.com
[2009/08/24 22:03:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\t1h84ogr.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2009/11/03 15:44:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/31 10:27:45 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/26 18:47:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/10/31 10:27:35 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/31 10:27:35 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/03/31 21:47:26 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/01/23 06:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/10/26 18:47:09 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/31 10:27:37 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/25 16:46:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/25 16:46:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/25 16:46:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/25 16:46:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/25 16:46:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/25 16:46:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/25 16:46:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 17:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/08/29 10:01:22 | 00,106,348 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/02/05 17:37:01 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/02/05 17:37:01 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/02/05 17:37:01 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/02/05 17:37:01 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/02/05 17:37:01 | 00,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/02/05 17:37:01 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/23 17:48:28 | 00,002,221 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SafeSearch.xml
[2009/02/05 17:37:01 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/02/05 17:37:01 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DMX 6fire 2496 ControlPanel.lnk = C:\Program Files\TerraTec\DMX 6fire\DMX6Fire.exe (TerraTec Electronic GmbH)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll (Google Inc.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://my.circleanglia.org/CitrixSessionIn...AWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1225038441300 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/26 13:48:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/08 21:03:37 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/10/26 13:47:53 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: TermService - C:\WINDOWS\system32\termsrv32.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/03 15:08:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/03 15:08:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/03 14:55:28 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2009/11/03 14:48:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\av
[2009/11/01 20:15:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\partioes
[2009/10/31 17:39:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\s
[2009/10/29 18:56:31 | 00,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 14 Days ==========

[2009/11/03 15:44:30 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/11/03 15:44:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/03 15:44:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/03 15:42:43 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\ADMIN\NTUSER.DAT
[2009/11/03 15:42:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini
[2009/11/03 15:08:20 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\NTREGOPT.lnk
[2009/11/03 14:55:37 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2009/11/03 10:48:37 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/31 17:59:56 | 00,058,880 | ---- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/29 19:00:40 | 00,492,536 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/29 19:00:40 | 00,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/29 19:00:40 | 00,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/29 18:53:06 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2009/11/03 15:08:20 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\NTREGOPT.lnk
[2009/06/24 18:11:42 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\FreeProxyDLL392.dll
[2009/05/26 02:41:00 | 04,322,428 | -H-- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\IconCache.db
[2009/05/09 09:35:47 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/09 15:55:38 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009/02/27 18:56:55 | 00,000,027 | ---- | C] () -- C:\WINDOWS\CDE P4490DEFGIPSR.ini
[2008/11/02 14:19:29 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/01 17:11:04 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/11/01 17:11:04 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/11/01 17:11:04 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/11/01 17:10:57 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/01 17:10:57 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/11/01 16:57:18 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\FDlg.dll
[2008/10/26 18:25:52 | 00,058,880 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 17:50:11 | 00,075,600 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/26 13:58:12 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/10/26 13:51:53 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\ADMIN\Application Data\desktop.ini
[2008/05/16 14:01:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/06 19:39:17 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2003/08/12 17:16:44 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2002/09/10 15:10:05 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2002/08/29 12:00:00 | 00,000,592 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 12:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== LOP Check ==========

[2009/04/24 18:52:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Antares
[2009/02/27 19:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\EPSON
[2009/01/25 19:06:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\FrostWire
[2009/04/09 17:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\ICAClient
[2009/01/30 17:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mp3tag
[2008/11/01 16:18:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\PPLive
[2008/11/05 18:48:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Publish Providers
[2009/05/10 16:27:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Red Kawa
[2008/11/05 18:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Sony
[2008/11/17 17:39:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Sony Setup
[2009/10/05 20:42:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Spotify
[2008/11/01 17:09:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Steinberg
[2009/02/26 18:13:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\TigerPlayer
[2009/02/19 08:50:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2008/10/26 22:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\WinPatrol
[2009/05/17 20:57:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/11/10 21:47:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2009/01/13 10:19:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2009/09/19 11:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/12/16 18:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/30 17:06:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/12/30 16:49:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2009/09/25 16:49:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/23 05:54:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2002/08/29 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/03 15:44:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 07:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 07:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 07:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/04 05:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/04 06:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 06:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\AGP440.SYS

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >


OTL Extras:

OTL Extras logfile created on: 03/11/2009 15:51:57 - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\ADMIN\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.47 Mb Total Physical Memory | 569.16 Mb Available Physical Memory | 55.61% Memory free
2.41 Gb Paging File | 2.06 Gb Available in Paging File | 85.62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 359.66 Gb Free Space | 77.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 76.32 Gb Total Space | 35.80 Gb Free Space | 46.90% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VINCENT
Current User Name: ADMIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8833:TCP" = 8833:TCP:*:Enabled:BitComet 8833 TCP
"8833:UDP" = 8833:UDP:*:Enabled:BitComet 8833 UDP
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\PPLive\PPLive.exe" = C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive -- ()
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"C:\WINDOWS\system32\MPK\Mpk.exe" = C:\WINDOWS\system32\MPK\Mpk.exe:*:Enabled:TCP\IP -- File not found
"C:\WINDOWS\system32\MPK\MpkView.exe" = C:\WINDOWS\system32\MPK\MpkView.exe:*:Enabled:TCP\IP -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Willing Webcam\wwcam.exe" = C:\Program Files\Willing Webcam\wwcam.exe:*:Enabled:Willing Webcam -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A33D692-8679-4142-94C7-0BB784B9B3A3}" = DMX 6fire 24/96 ControlPanel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8 Ultra Edition HD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{495B6040-801F-474C-ADB8-309F132CF5F9}" = iPhoneBrowser
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E19B918-2820-74A9-3CE0-9BAD5E1D360C}" = TweetDeck
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D35E8-D426-3E2E-8222-F4FFD9E104FD}" = Google Gears
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3BDF1C8-66EF-4A0F-B427-A99E39706F45}_is1" = RMVB Converter 1.8
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Sitecom Wireless LAN Card
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"Any Video Converter_is1" = Any Video Converter 1.0.2
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Arturia Modular System v1.0" = Arturia Modular System v1.0
"AviSynth" = AviSynth 2.5
"BitComet" = BitComet 1.05
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CS-80V" = CS-80V
"CyberGhost VPN_is1" = CyberGhost VPN
"DC++" = DC++ 0.707
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"File-SJ_is1" = File Splitter and Joiner version 2.9
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"FreeProxy/FreeWeb_is1" = FreeProxy version 3.92
"Hide IP Platinum_is1" = Hide IP Platinum 3.42
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.17
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Korg Legacy Collection VSTi v1.0.02" = Korg Legacy Collection VSTi v1.0.02
"Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixMeister Studio 7.2.2_is1" = MixMeister Studio 7.2.2
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Mp3tag" = Mp3tag v2.42
"MpcStar" = MpcStar 3.4
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Pro-53" = Native Instruments Pro-53
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PERF4490P User's Guide" = PERF4490P User's Guide
"Pianissimo" = Pianissimo
"PPLive" = PPLive 1.9
"Prophet V" = Prophet V
"RealPlayer 6.0" = RealPlayer
"ReFX JunoX2 VSTi v1.51" = ReFX JunoX2 VSTi v1.51
"SopCast" = SopCast 3.0.3
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Soulseek2" = SoulSeek 157 NS 13c
"Spotify" = Spotify
"Steinberg Cubase SX v3.0.2.623" = Steinberg Cubase SX v3.0.2.623
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft License Control" = Syncrosoft License Control
"Syncrosoft's License Control" = Syncrosoft's License Control
"The Proxomitron - Universal Web Filter_is1" = The Proxomitron Ver. Naoko-4.5
"Vanguard Demo_is1" = Vanguard Demo 1.03
"Veetle TV" = Veetle TV 0.9.14
"Veoh Web Player Beta" = Veoh Web Player
"Videora iPhone 3G Converter" = Videora iPhone 3G Converter 4.07
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.4
"Voxynth_is1" = Voxynth 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2008
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD" = XviD MPEG-4 Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/08/2009 12:53:13 | Computer Name = VINCENT | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.4.0, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x00077ca4.

Error - 24/08/2009 12:54:04 | Computer Name = VINCENT | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.4.0, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x00077ca4.

Error - 24/08/2009 12:54:14 | Computer Name = VINCENT | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.4.0, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x00077ca4.

Error - 24/08/2009 12:55:08 | Computer Name = VINCENT | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.4.0, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x00077ca4.

Error - 24/08/2009 13:33:44 | Computer Name = VINCENT | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.4.0, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x00077ca4.

Error - 24/08/2009 13:35:50 | Computer Name = VINCENT | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.4.0, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x00077ca4.

Error - 24/08/2009 13:38:04 | Computer Name = VINCENT | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.9.4.0, faulting module avcodec-51.dll,
version 0.0.0.0, fault address 0x00077ca4.

Error - 06/09/2009 15:55:56 | Computer Name = VINCENT | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 12.0.128.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/09/2009 21:08:02 | Computer Name = VINCENT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3526, faulting module
Annots.api, version 9.0.0.332, fault address 0x0000ff52.

Error - 17/10/2009 07:35:53 | Computer Name = VINCENT | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02fe3140.

[ System Events ]
Error - 03/11/2009 10:58:36 | Computer Name = VINCENT | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 03/11/2009 10:58:36 | Computer Name = VINCENT | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Routing Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.

Error - 03/11/2009 10:58:36 | Computer Name = VINCENT | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 03/11/2009 10:58:36 | Computer Name = VINCENT | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 03/11/2009 10:58:36 | Computer Name = VINCENT | Source = Service Control Manager | ID = 7034
Description = The PLFlash DeviceIoControl Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 03/11/2009 10:58:36 | Computer Name = VINCENT | Source = Service Control Manager | ID = 7034
Description = The CyberGhost VPN Client service terminated unexpectedly. It has
done this 1 time(s).

Error - 03/11/2009 10:58:36 | Computer Name = VINCENT | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 03/11/2009 10:58:36 | Computer Name = VINCENT | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 03/11/2009 11:03:32 | Computer Name = VINCENT | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2

Error - 03/11/2009 11:45:22 | Computer Name = VINCENT | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%2


< End of report >


My only other concern is that while I have had the ChipAway issue I have had to copy some important data from this machine using a Sandisk Extreme III SDHC card (and USB adaptor) and I am concerned about the risk of the card reinfecting my PC. Is this possible?

Thanks for you help!
Owen.

#2 azarl

  • Group: GeekU Moderator
  • Posts: 15,954
  • Joined: 07-April 08

Posted 04 November 2009 - 11:31 AM

Hi Owen22

Welcome to Geekstogo. I'm Azarl and I'll be helping you. Please be patient, I'm still in training so my actions need to be checked before I reply to you.

Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarifiation.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

#3 azarl

  • Group: GeekU Moderator
  • Posts: 15,954
  • Joined: 07-April 08

Posted 04 November 2009 - 04:33 PM

Hi Owen22

"Trend ChipAwayVirus" is a hardware/firmware product installed on your motherboard, the warning is probably false. It can usually be switched off by going into the BIOS settings.

We'll do some other checks.

Step 1
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Step 2
Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Upgrading Java
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 17.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")
Running Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

#4 Owen22

  • Group: Member
  • Posts: 10
  • Joined: 03-November 09

Posted 05 November 2009 - 02:18 AM

Hi azarl,

Thanks for you help with this!

I ran TFC and updated to the lastest JRE however it looks like Kaspersky's WebScanner has been taken offline as the website says:

"The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience. While you are waiting for the improved Online Scanner, why not try a free trial of Kaspersky Internet Security 2010, which has everything you need to keep your computer safe."

I checked the US version of the site and it's not available there either...

As I already have Norton Internet Security I'm not sure whether I should install another AV program.

Any ideas?

#5 azarl

  • Group: GeekU Moderator
  • Posts: 15,954
  • Joined: 07-April 08

Posted 05 November 2009 - 03:15 AM

Hi Owen22

Kaspersky have a habit of that. You're right, you do not want a second A/V, it would slow your system down and cause problems.

We'll run a different version of Kaspersky, AVP, this is just a scanner, not an A/V

AVP
Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

#6 azarl

  • Group: GeekU Moderator
  • Posts: 15,954
  • Joined: 07-April 08

Posted 05 November 2009 - 11:32 AM

... or Kaspersky is back up again now

#7 Owen22

  • Group: Member
  • Posts: 10
  • Joined: 03-November 09

Posted 05 November 2009 - 05:39 PM

Sorry azarl, I'm not sure if they've taken Kaspersky Webscanner down again since your last message but it's currently still listed as unavailable on both US & UK sites...

I clicked on the AVP Tool link (http://ftp.kaspersky...builds/AVPTool/) and it says:

"Not Found.

The requested resource was not found."

Any ideas?

#8 azarl

  • Group: GeekU Moderator
  • Posts: 15,954
  • Joined: 07-April 08

Posted 06 November 2009 - 02:49 AM

Try this link for AVP

#9 Owen22

  • Group: Member
  • Posts: 10
  • Joined: 03-November 09

Posted 07 November 2009 - 02:17 PM

That worked, thanks!

Here is the log for kas.txt:

Scan
----
Scanned: 554181
Detected: 1
Untreated: 0
Start time: 06/11/2009 18:11:26
Duration: 14:02:56
Finish time: 07/11/2009 08:14:22


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.Obfuscated.en File: E:\Documents and Settings\Vincent Twice\Desktop\Rob.Papen.LinPlug.Albino.VSTi.v3.0.1.rar.bc!/Rob.Papen.LinPlug.Albino.VSTi.v3.0.1\Albino3Installer301.exe//Rob Papen\Albino3.dll


Events
------
Time Name Status Reason
---- ---- ------ ------
06/11/2009 18:11:40 Running module: smss.exe\smss.exe ok scanned
06/11/2009 18:11:40 File: C:\WINDOWS\System32\smss.exe ok scanned
06/11/2009 18:11:40 Running module: smss.exe\ntdll.dll ok scanned
06/11/2009 18:11:40 File: C:\WINDOWS\system32\ntdll.dll ok scanned
06/11/2009 18:11:40 Running module: csrss.exe\csrss.exe ok scanned


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Custom
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search Yes
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----

#10 Owen22

  • Group: Member
  • Posts: 10
  • Joined: 03-November 09

Posted 07 November 2009 - 02:26 PM

I performed this scan yesterday and it appears to have detected and removed a virus (from the original primary drive on this pc which I replaced after I bought it 2nd hand).

However on booting it up today in order to post the log it still displays the ChipAway virus warning screen and still has problems with slow speed and crashes...

Thanks for your help so far!

#11 azarl

  • Group: GeekU Moderator
  • Posts: 15,954
  • Joined: 07-April 08

Posted 08 November 2009 - 06:46 AM

Hi Owen22

Nothing obvious, we'll dig deeper :)

IceSword Rootkit Detector

Please download and unzip Icesword to its own folder on your desktop

If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 :
Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.

Step 2 :
Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.

Step 3 :
Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.

Step 4 :
Click the Kernel Module tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Kernel and save it to your desktop.

Step 5 :
Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.

Step 6 :
Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.

Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
Kernel
SSDT
Message Hooks


#12 Owen22

  • Group: Member
  • Posts: 10
  • Joined: 03-November 09

Posted 09 November 2009 - 05:48 AM

Hi azarl,

Okay here are the results from IceSword:

Processes
No red entries

Win32 Services
No red entries

Startup
No red entries

Kernel
No red entries

SSDT red entries
NtAlertResumeThread
NtAlertThread
NtAllocateVirtualMemory
NtAssignProcessToJobObject
NtConnectPort
NtCreateKey
NtCreateMutant
NtCreatSymbolicLinkObject
NtCreateThread
NtDebugActiveProcess
NtDeleteKey
NtDeleteValueKey
NtDuplicateObject
NtFreeVirtualMemory
NtImpersonateAnonymousToken
NtImpersonateThread
NtLoadDriver
NtMapViewOfSection
NtOpenEvent
NtOpenProcess
NtOpenProcessToken
NtOpenSection
NtOpenThread
NtProtectVirtualMemory
NtResumeThread
NtSetContextThread
NtSetInformationProcess
NtSetSystemInformation
NtSetValueKey
NtSuspendProcess
NtSuspendThread
NtTerminateProcess
NtTerminateThread
NtUnmapViewOfSection
NtWriteVirtualMemory

Message Hooks (matching your criteria inc. duplicate entries)
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TerraTec\DMX 6Fire\DMX6Fire.exe
C:\Program Files\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Security\Engine\16.7.2.11\ccSvchst.exe
C:\Program Files\Internet Security\Engine\16.7.2.11\ccSvchst.exe
C:\Program Files\Internet Security\Engine\16.7.2.11\ccSvchst.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Security\Engine\16.7.2.11\ccSvchst.exe
C:\Program Files\Internet Security\Engine\16.7.2.11\ccSvchst.exe
C:\Program Files\Internet Security\Engine\16.7.2.11\ccSvchst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe

Thanks!

#13 azarl

  • Group: GeekU Moderator
  • Posts: 15,954
  • Joined: 07-April 08

Posted 09 November 2009 - 08:33 AM

Hi Owen22

Have you got the full logs for
Processes
Win32 Services
Startup
Kernel

that you saved to your desktop?

#14 Owen22

  • Group: Member
  • Posts: 10
  • Joined: 03-November 09

Posted 09 November 2009 - 12:27 PM

Hi azarl,

Sorry, I thought you would only need them if they had red entries in them...

Process:

System Idle Process
System
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TerraTec\DMX 6fire\DMX6Fire.exe
C:\Program Files\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\csrss.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\ADMIN\Desktop\av\is\IceSword122en\IceSword122en\IceSword.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wuauclt.exe


Started Service:

Service Name:ALG Display Name:Application Layer Gateway Service
Service Name:Apple Mobile Device Display Name:Apple Mobile Device
Service Name:AudioSrv Display Name:Windows Audio
Service Name:Bonjour Service Display Name:Bonjour Service
Service Name:Browser Display Name:Computer Browser
Service Name:CGVPNCliSrvc Display Name:CyberGhost VPN Client
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:Dhcp Display Name:DHCP Client
Service Name:Dnscache Display Name:DNS Client
Service Name:ERSvc Display Name:Error Reporting Service
Service Name:Eventlog Display Name:Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:FastUserSwitchingCompatibility Display Name:Fast User Switching Compatibility
Service Name:helpsvc Display Name:Help and Support
Service Name:HotspotShieldService Display Name:Hotspot Shield Service
Service Name:HssSrv Display Name:Hotspot Shield Routing Service
Service Name:HTTPFilter Display Name:HTTP SSL
Service Name:iPod Service Display Name:iPod Service
Service Name:JavaQuickStarterService Display Name:Java Quick Starter
Service Name:lanmanserver Display Name:Server
Service Name:lanmanworkstation Display Name:Workstation
Service Name:LmHosts Display Name:TCP/IP NetBIOS Helper
Service Name:Netman Display Name:Network Connections
Service Name:Nla Display Name:Network Location Awareness (NLA)
Service Name:Norton Internet Security Display Name:Norton Internet Security
Service Name:NVSvc Display Name:NVIDIA Display Driver Service
Service Name:PLFlash DeviceIoControl Service Display Name:PLFlash DeviceIoControl Service
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PolicyAgent Display Name:IPSEC Services
Service Name:ProtectedStorage Display Name:Protected Storage
Service Name:RasMan Display Name:Remote Access Connection Manager
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:Schedule Display Name:Task Scheduler
Service Name:seclogon Display Name:Secondary Logon
Service Name:SENS Display Name:System Event Notification
Service Name:SharedAccess Display Name:Windows Firewall/Internet Connection Sharing (ICS)
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:Spooler Display Name:Print Spooler
Service Name:SSDPSRV Display Name:SSDP Discovery Service
Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:W32Time Display Name:Windows Time
Service Name:WebClient Display Name:WebClient
Service Name:winmgmt Display Name:Windows Management Instrumentation
Service Name:wuauserv Display Name:Automatic Updates


Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nwiz
nwiz.exe /install

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WinPatrol
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
GrooveMonitor
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
H2O
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Malwarebytes Anti-Malware (reboot)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched
"C:\Program Files\Java\jre6\bin\jusched.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DMX 6fire 2496 ControlPanel.lnk
C:\Program Files\TerraTec\DMX 6fire\DMX6Fire.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Sitecom Wireless Utility.lnk
C:\Program Files\Sitecom\Sitecom WL-151 Wireless LAN Card\Installer\WLANUTL.exe (Remark£º)

C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup
Adobe Gamma.lnk
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Remark£º)

C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup
desktop.ini


Kernel Module:

\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
SYMEFA.SYS
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\dmx6fire.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\dmxsens.sys
\SystemRoot\System32\DRIVERS\RT61.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\tapvpn.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\SymIM.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\cledx.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NIS\1007020.00B\SRTSP.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091108.020\NAVEX15.SYS
\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091108.020\NAVENG.SYS
\SystemRoot\system32\drivers\NIS\1007020.00B\SRTSPX.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS
\SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS
\SystemRoot\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091105.001\IDSxpx86.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\NIS\1007020.00B\ccHPx86.sys
\SystemRoot\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\AegisP.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS


Sorry again...

Thanks!

#15 azarl

  • Group: GeekU Moderator
  • Posts: 15,954
  • Joined: 07-April 08

Posted 09 November 2009 - 01:07 PM

I wish :) Got to crunch the lot

Share this topic:


  • 2 Pages +
  • 1
  • 2