Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud-C Removal Help [Closed]


  • This topic is locked This topic is locked

#1
CuriousNotion

CuriousNotion

    New Member

  • Member
  • Pip
  • 2 posts
Hello,

I ran Spybot and it discovered Smitfraud-C on my computer. I tried to get rid of it using Smitfix in safe mode, and then re-ran Spybot, which said it was still on my computer. I finally broke down and ran Hijack-This, and am posting the log here to see if anyone has any suggestions for getting rid of this infection.

Thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:53:27, on 19/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ms\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5555
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O20 - Winlogon Notify: pmnkKdBs - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7330 bytes

Edited by CuriousNotion, 19 May 2010 - 10:06 PM.

  • 0

Advertisements


#2
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello CuriousNotion and welcome to GeeksToGo :)
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.
  • Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
  • Please do no attach logs or post them in Quote/Code boxes unless requested.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
  • When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • If in doubt about anything, please ask.
Please follow these steps.

-- Step 1 --
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.
  • 0

#3
CuriousNotion

CuriousNotion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks for your help!

Here's the "extras.txt" log:

OTL Extras logfile created on: 20/05/2010 6:00:03 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\ms\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 59.50 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMD64
Current User Name: ms
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10579:TCP" = 10579:TCP:*:Enabled:BitCometLite 10579 TCP
"10579:UDP" = 10579:UDP:*:Enabled:BitCometLite 10579 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"59157:TCP" = 59157:TCP:*:Enabled:Pando Media Booster
"59157:UDP" = 59157:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\ms\Desktop\Conquer_v5039_10_BC.exe" = C:\Documents and Settings\ms\Desktop\Conquer_v5039_10_BC.exe:*:Enabled:BitCometLite -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A4A3165-7A7D-9DDB-4AB0-BF572A35BDCD}" = CCC Help Korean
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1779A40B-32A0-17CD-A333-EC43482EC032}" = ccc-core-static
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1CAD83B0-87A3-4206-BF70-644546808731}" = Overland
"{1D450B93-A74E-236A-0D4F-6F7BDBB3FF66}" = CCC Help Dutch
"{1EACFF7B-B5C2-827B-BB8A-C009A1F91443}" = CCC Help Czech
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{1FD9563C-377D-F78D-55DA-C9B396BFD986}" = CCC Help Thai
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{228D5F55-22E1-49EA-9E45-0FC7AFC5BD17}" = ccc-core-preinstall
"{22962997-40E1-811E-C348-4DF07A2A8B93}" = Catalyst Control Center Localization French
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28A25C46-CDE5-2C60-EE82-9567AB0B1D63}" = Skins
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2DC31EC1-A95E-F098-A9C1-A693FE34FB0E}" = Catalyst Control Center Localization Portuguese
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{30E1A1E3-9623-FA27-19AE-6E53764F2C8C}" = CCC Help Hungarian
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32680C18-53B0-B2C5-CEC7-0B05F68EC5BD}" = Catalyst Control Center Localization Polish
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3845118D-795E-F7A0-4B3A-FDE9BC5F29AB}" = CCC Help Italian
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF279A4-8775-3AB6-F2FA-437B6ED68A03}" = Catalyst Control Center Localization Italian
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E15EA58-582B-5390-ECE9-5B2DE54D0EEB}" = Catalyst Control Center Localization Czech
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{403CF577-1198-B246-9DE2-9F971B957B4D}" = Catalyst Control Center Localization Hungarian
"{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1" = JPEG to PDF 1.0
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4813D869-6CCB-C935-62B2-2A5B91809B20}" = CCC Help Greek
"{48D49587-AC1C-5AEA-6915-1ABB02730B81}" = CCC Help Portuguese
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{495DB8C6-3B3C-3B65-0ACC-B99D960B4F15}" = CCC Help French
"{4A436687-178F-55BB-E5F9-F02E79F3E694}" = CCC Help Japanese
"{4B489319-800F-C813-33DE-EC0D159E0A9C}" = Catalyst Control Center Graphics Full Existing
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{52DD159B-D034-66EF-73C7-ACF8EB1F6D7A}" = Catalyst Control Center Localization Dutch
"{5386822B-6ED8-45B8-93BC-5C4B047A06C7}" = CatSpy
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{558EB6F8-47CB-FC23-6E87-5B60D31BB77B}" = CCC Help Finnish
"{5918D0DB-E85F-A85C-7018-C2766296FE9F}" = CCC Help Turkish
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5E979482-A3E5-2514-4751-E9D829DA5D62}" = Catalyst Control Center Localization Norwegian
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5F28C5DF-1986-A030-C632-96BB6A2F671F}" = CCC Help Russian
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{642a22b1-7ab8-44b5-84b9-e58eecf8ece2}" = 2400_2500Help
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{74063E2A-779C-2468-3E42-336378473E68}" = Catalyst Control Center Localization Swedish
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DBB411A-BF70-6065-48DB-805280B124DA}" = Catalyst Control Center Localization Turkish
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82888C2F-8EEC-DA00-03DC-BB428AE2ED70}" = Catalyst Control Center Localization Greek
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8738A2CA-31AC-FF9B-B185-11F4686CB384}" = CCC Help German
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DED8FBE-7FFA-6594-E496-A2C402B2FCD1}" = CCC Help Polish
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{93F70ECC-F010-E9A8-CFFC-0FCFCEA97E41}" = Catalyst Control Center Localization Korean
"{9441cb44-9729-4962-9ce1-c7752350fe52}" = 23_24_2500Tour
"{94552885-D502-7606-DC5E-B41392F8E3A6}" = Catalyst Control Center Localization Russian
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0859C-A1AA-2EF6-7251-E27A038DF006}" = CCC Help Chinese Standard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B74E2C0-8AE3-306B-4725-CF2F76F2D9AE}" = CCC Help Swedish
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EAB625F-4993-003F-B502-966FD5C10134}" = CCC Help Norwegian
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A1DE571E-6309-ECB1-37E8-8E5AD2A1ED3C}" = Catalyst Control Center Core Implementation
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A5E25BA5-21FD-3D88-AABC-64794C5E2B3D}" = Catalyst Control Center Localization German
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96B7070-6499-3A6F-EF08-63F790843E82}" = Catalyst Control Center Localization Chinese Traditional
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B071ACE5-8365-2F61-615B-26CB442FB2F3}" = Catalyst Control Center Localization Danish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B38090CD-6615-C86C-FF35-E71395232E19}" = Catalyst Control Center Localization Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B946D46E-1302-48B4-84EE-B74C3191D975}" = Corel Painter Essentials 2
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BF3839CA-3FEA-E7BA-72D8-EA51CD8E8BC6}" = Catalyst Control Center Localization Chinese Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7A22760-E402-C335-5CC1-1633F286ED0B}" = CCC Help Danish
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9F972A2-C52A-4DD6-4684-A65BF4D2E522}" = Catalyst Control Center Localization Japanese
"{CAFB9E4A-2C50-A16B-5082-8ECF4F4C4305}" = Catalyst Control Center Localization Spanish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D11421F5-717F-142D-76E6-A038E6A9D3F5}" = Catalyst Control Center Graphics Full New
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{D6A648D2-7837-30E0-4179-2848D7F870C2}" = Catalyst Control Center Graphics Light
"{dcf9161c-7da4-4d01-980b-02cce6149fa9}" = 2500
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3D3FA5D-0AAE-7861-5C49-9EA1B6BA3D07}" = CCC Help Chinese Traditional
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E9184AE4-B480-9455-7682-AD236D06729C}" = CCC Help English
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F10B8DD1-1E94-8689-93AA-9441BAEAFF23}" = CCC Help Spanish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{f409f2fe-2567-446f-a220-e60cd7e016f4}" = 2400_2500trb
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7321CA4-91BF-14D4-29B6-148E67FF51A5}" = Catalyst Control Center Localization Thai
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7FA3D60-D9AC-96C7-E7C0-D02C39830B0F}" = ccc-utility
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Browser Defender_is1" = Browser Defender 2.0.6.15
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Debut" = Debut Video Capture Software
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Envy24HF Setup Program" = UnInstall Envy24 Family Audio Device Driver
"GoldenVideos" = Golden Videos
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP4 Player" = MP4 Player
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"Recuva" = Recuva
"Security Task Manager" = Security Task Manager 1.7g
"Spyware Doctor" = Spyware Doctor 7.0
"Tablet Driver" = Tablet
"ToolBox" = NCH Toolbox
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/04/2010 5:55:05 PM | Computer Name = AMD64 | Source = Google Update | ID = 20
Description =

Error - 19/04/2010 12:44:44 AM | Computer Name = AMD64 | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
Windows, contact a customer service representative by telephone.

Error - 19/04/2010 12:48:50 AM | Computer Name = AMD64 | Source = Application Error | ID = 1000
Description = Faulting application xp keyreader.exe, version 1.0.0.5, faulting module
xp keyreader.exe, version 1.0.0.5, fault address 0x00001138.

Error - 19/04/2010 1:12:46 AM | Computer Name = AMD64 | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
Windows, contact a customer service representative by telephone.

Error - 20/04/2010 1:41:27 PM | Computer Name = AMD64 | Source = Windows Product Activation | ID = 1009
Description = You have not activated Windows within the grace period. To activate
Windows, contact a customer service representative by telephone.

Error - 21/04/2010 8:22:53 PM | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Hanging application WordRecovery.exe, version 2.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/04/2010 3:41:18 PM | Computer Name = AMD64 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 28/04/2010 6:56:32 PM | Computer Name = AMD64 | Source = Application Error | ID = 1000
Description = Faulting application corel paint shop pro photo.exe, version 12.0.1.0,
faulting module toolselect.dll, version 12.0.1.0, fault address 0x00020332.

Error - 28/04/2010 6:56:38 PM | Computer Name = AMD64 | Source = Application Error | ID = 1001
Description = Fault bucket 604143988.

Error - 19/05/2010 10:13:48 PM | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 19/05/2010 11:16:33 PM | Computer Name = AMD64 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 19/05/2010 11:16:33 PM | Computer Name = AMD64 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 19/05/2010 11:16:33 PM | Computer Name = AMD64 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 19/05/2010 11:16:33 PM | Computer Name = AMD64 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 19/05/2010 11:16:33 PM | Computer Name = AMD64 | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 19/05/2010 11:16:33 PM | Computer Name = AMD64 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 19/05/2010 11:16:33 PM | Computer Name = AMD64 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdPPM Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip

Error - 19/05/2010 11:18:11 PM | Computer Name = AMD64 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 20/05/2010 9:00:13 PM | Computer Name = AMD64 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 20/05/2010 9:00:13 PM | Computer Name = AMD64 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

And the "OTL.txt" document:

OTL logfile created on: 20/05/2010 6:00:03 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\ms\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 59.50 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMD64
Current User Name: ms
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ms\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
PRC - C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\ms\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Envy24HFS) -- C:\WINDOWS\system32\drivers\Envy24HF.sys (VIA - IC Ensemble, Inc.)
DRV - (ahcix86) -- C:\WINDOWS\system32\drivers\ahcix86.sys (AMD Technologies Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (PenClass) -- C:\WINDOWS\system32\Drivers\PenClass.sys (Wacom Technology Corporation)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDrm.sys (Nero AG)
DRV - (ATIAVPCI) -- C:\WINDOWS\system32\drivers\atinavxx.sys (ATI Technologies Inc.)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yukonwxp.sys (Marvell Semiconductor Inc.)
DRV - (viasraid) -- C:\WINDOWS\system32\DRIVERS\viasraid.sys (VIA Technologies inc,.ltd)
DRV - (UlSata) -- C:\WINDOWS\system32\drivers\UlSata.sys (Promise Technology, Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: [email protected]:3.5
FF - prefs.js..extensions.enabledItems: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20100208
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20091031
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.57

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/19 19:00:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/19 19:02:26 | 000,000,000 | ---D | M]

[2008/07/08 20:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ms\Application Data\Mozilla\Extensions
[2010/05/19 21:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ms\Application Data\Mozilla\Firefox\Profiles\49ht80nt.default\extensions
[2010/02/24 12:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ms\Application Data\Mozilla\Firefox\Profiles\49ht80nt.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
[2010/05/19 19:23:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ms\Application Data\Mozilla\Firefox\Profiles\49ht80nt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/24 12:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ms\Application Data\Mozilla\Firefox\Profiles\49ht80nt.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2010/02/24 12:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ms\Application Data\Mozilla\Firefox\Profiles\49ht80nt.default\extensions\[email protected]
[2009/11/20 13:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ms\Application Data\Mozilla\Firefox\Profiles\49ht80nt.default\extensions\[email protected]
[2010/05/19 20:44:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/09 12:25:01 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/04/01 09:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 09:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 09:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 09:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/19 21:50:54 | 000,405,790 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13667 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\ms\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - antiwpa.dll - C:\WINDOWS\System32\antiwpa.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\pmnkKdBs: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\ms\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ms\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/08 18:58:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/02/15 20:40:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/20 17:58:40 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ms\Desktop\OTL.exe
[2010/05/19 20:52:50 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ms\Desktop\HijackThis.exe
[2010/05/19 18:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/05/19 18:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/05/19 18:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/13 18:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/13 18:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/26 15:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Investintech.com Inc
[2010/04/26 15:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ms\Application Data\Nitro PDF
[2010/04/26 15:40:19 | 000,026,432 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon.dll
[2010/04/26 15:40:19 | 000,017,728 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui.dll
[2010/04/26 15:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/04/26 15:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ms\Application Data\Downloaded Installations
[2010/04/26 15:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\JPEG to PDF
[2010/04/23 13:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2010/04/21 23:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2010/04/21 20:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/04/21 19:55:50 | 000,000,000 | ---D | C] -- C:\Restoration
[2010/04/21 17:19:59 | 000,000,000 | ---D | C] -- C:\Temp
[2010/04/21 17:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\DOC Regenerator
[2010/04/21 17:18:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/04/21 15:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2010/04/21 07:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ms\Local Settings\Application Data\Threat Expert
[2010/04/20 19:05:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/20 19:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/20 19:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/20 19:05:13 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/04/20 19:05:13 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/04/20 19:05:13 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/04/20 19:05:13 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/04/20 19:05:13 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/04/20 19:05:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/04/20 19:05:13 | 000,000,000 | ---D | C] -- C:\fa6a1b27f0a2baad4aec58
[2008/07/08 20:43:18 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2008/07/08 20:43:18 | 000,254,000 | ---- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\ms\My Documents\*.tmp files -> C:\Documents and Settings\ms\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 17:58:47 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\ms\Desktop\gmer.zip
[2010/05/20 17:58:40 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ms\Desktop\OTL.exe
[2010/05/20 17:55:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/20 13:34:42 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\ms\Desktop\Microsoft Outlook.lnk
[2010/05/19 23:12:30 | 000,028,837 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Startrackers.odt
[2010/05/19 21:50:54 | 000,405,790 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/19 21:31:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/19 20:52:48 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ms\Desktop\HijackThis.exe
[2010/05/19 20:23:41 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/19 20:23:41 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/19 20:23:41 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/19 20:20:57 | 000,405,790 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100519-215054.backup
[2010/05/19 20:19:39 | 000,016,117 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010/05/19 20:19:38 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/19 20:19:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/19 20:19:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/19 20:18:12 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\ms\NTUSER.DAT
[2010/05/19 20:18:12 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ms\ntuser.ini
[2010/05/19 20:15:54 | 000,002,832 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/05/19 20:15:51 | 000,405,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100519-202057.backup
[2010/05/19 19:27:38 | 000,405,790 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100519-200041.backup
[2010/05/19 19:16:27 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/05/19 19:08:23 | 000,000,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/19 19:05:42 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/19 19:02:26 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/19 19:00:21 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/19 18:53:29 | 000,000,095 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/19 18:53:18 | 000,390,309 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100519-191848.backup
[2010/05/19 18:53:18 | 000,390,309 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100519-192738.backup
[2010/05/19 18:49:59 | 000,614,400 | -H-- | M] () -- C:\SZKGFS.dat
[2010/05/19 18:44:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/19 18:08:33 | 000,002,828 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/05/18 21:32:25 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/17 12:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/16 11:31:02 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/12 17:42:15 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\ms\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/08 22:06:06 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 2500 series#1215579784.job
[2010/04/26 16:34:02 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\ms\My Documents\Child Labour Essay.doc
[2010/04/26 16:33:27 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\ms\My Documents\Backup of Child Labour Essay.wbk
[2010/04/20 19:11:34 | 000,031,208 | ---- | M] () -- C:\Documents and Settings\ms\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/20 19:10:45 | 000,173,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/20 19:00:42 | 000,390,760 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100519-183601.backup
[2010/04/20 18:58:20 | 000,390,760 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100420-190042.backup
[2010/04/20 18:56:45 | 000,000,908 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/20 18:56:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/20 18:56:45 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\ms\My Documents\*.tmp files -> C:\Documents and Settings\ms\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/20 17:58:47 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\ms\Desktop\gmer.zip
[2010/05/19 23:40:01 | 000,028,837 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Startrackers.odt
[2010/05/19 19:16:24 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/05/19 19:08:14 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/05/19 19:00:58 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/19 18:53:29 | 000,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/19 18:49:59 | 000,614,400 | -H-- | C] () -- C:\SZKGFS.dat
[2010/05/16 11:31:02 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/13 18:31:47 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/26 16:30:57 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\ms\My Documents\Child Labour Essay.doc
[2010/04/26 16:30:57 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\ms\My Documents\Backup of Child Labour Essay.wbk
[2010/04/21 23:37:29 | 000,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2010/04/20 18:46:25 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
[2010/04/20 18:29:22 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\antiwpa.dll
[2010/04/20 10:35:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pmnkKdBs.dll_old
[2010/03/02 15:23:15 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\0088469E32.sys
[2010/01/08 00:04:11 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/01/08 00:04:11 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/05/26 21:29:10 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/26 21:29:10 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/26 21:27:55 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2009/02/28 16:39:06 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\FA9647A60D.sys
[2008/12/21 19:04:58 | 000,000,452 | ---- | C] () -- C:\WINDOWS\alsndmgr.ini
[2008/09/16 21:31:50 | 000,141,612 | ---- | C] () -- C:\WINDOWS\System32\drivers\dump_wmimmc.sys
[2008/07/20 21:57:45 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F9B0007911.sys
[2008/07/20 21:52:27 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/14 19:27:34 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/09 11:38:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/08 21:54:45 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2008/07/08 21:54:35 | 000,003,567 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008/07/08 21:54:35 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/07/08 21:53:50 | 000,000,634 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/07/08 20:43:15 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\UnEnvyNT.dll
[2008/07/08 19:08:57 | 000,005,072 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/08 19:08:55 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/05/02 22:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 22:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 22:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 22:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 22:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 05:00:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\lpcio.dll
[2004/08/03 17:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/07/08 18:58:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/20 18:56:45 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2008/07/08 18:58:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/02/16 05:32:18 | 000,000,086 | ---- | M] () -- C:\csb.log
[2008/07/08 22:06:28 | 000,000,372 | ---- | M] () -- C:\hpcmerr.log
[2008/07/08 18:58:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/09 15:05:57 | 1486,986,335 | ---- | M] () -- C:\MabinogiSetup57R.exe
[2008/07/08 18:58:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/09 11:09:07 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/19 20:19:06 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/05/19 20:17:09 | 000,002,770 | ---- | M] () -- C:\rapport.txt
[2009/02/16 05:25:57 | 000,000,896 | ---- | M] () -- C:\RHDSetup.log
[2010/05/19 18:49:59 | 000,614,400 | -H-- | M] () -- C:\SZKGFS.dat

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/02/15 20:46:32 | 003,407,872 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/02/14 15:30:20 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/02/15 20:46:32 | 026,214,400 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/02/15 20:46:32 | 004,718,592 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 1360 bytes -> C:\Documents and Settings\ms\Application Data\CatSpy.db:mystream
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
  • 0

#4
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Please run the MGA Diagnostic Tool and post back the report it produces:

1. Download MGADiag to your desktop.
2. Double-click on MGADiag.exe to launch the program
3. Click "Continue"
4. Ensure that the "Windows" tab is selected (it should be by default).
5. Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
6. Paste the MGA Diagnostic Report back here in your next reply.
  • 0

#5
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP