VkToriA85
2008-08-26, 21:47
Ok
ComboFix Report:
ComboFix 08-08-25.01 - User 2008-08-26 21:33:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.485 [GMT 3:00]
Running from: C:\Documents and Settings\User\Desktop\My Downloads\Programs\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\My Downloads\Programs\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\LRY7EHG7\static.youku.com
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\LRY7EHG7\static.youku.com\v1.0.0233\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\WINDOWS\system32\dmotsqey.ini
C:\WINDOWS\system32\duixuowl.ini
C:\WINDOWS\system32\hcpofgkt.ini
C:\WINDOWS\system32\hoifrssp.ini
C:\WINDOWS\system32\iPWHNqru.ini
C:\WINDOWS\system32\iPWHNqru.ini2
C:\WINDOWS\system32\iurnsrvy.ini
C:\WINDOWS\system32\jcsdjuha.ini
C:\WINDOWS\system32\kxxgraua.ini
C:\WINDOWS\system32\LlRrttwa.ini
C:\WINDOWS\system32\LlRrttwa.ini2
C:\WINDOWS\system32\OrAaGfhk.ini
C:\WINDOWS\system32\OrAaGfhk.ini2
C:\WINDOWS\system32\rtqnnmah.ini
C:\WINDOWS\system32\ryaplcgg.ini
C:\WINDOWS\system32\sCfefMoq.ini
C:\WINDOWS\system32\sCfefMoq.ini2
C:\WINDOWS\system32\uggqcxmf.ini
C:\WINDOWS\system32\xntqkdbl.ini
.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.
2008-08-26 20:53 . 2008-08-26 20:53 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-08-26 20:53 . 2008-08-26 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 20:53 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 20:53 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 04:54 . 2008-08-25 04:55 <DIR> d-------- C:\Program Files\QuickTime
2008-08-25 04:52 . 2008-08-25 04:52 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-25 04:52 . 2008-08-25 04:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-25 04:48 . 2008-08-26 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-25 04:31 . 2008-08-25 04:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-25 04:31 . 2008-08-25 04:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-24 04:38 . 2008-08-24 04:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-08-16 22:23 . 2008-08-16 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-16 22:09 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-08-16 22:09 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-08-16 22:09 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-08-16 22:09 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-08-16 22:09 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-08-16 22:09 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-08-13 17:58 . 2008-08-13 17:59 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-13 16:16 . 2008-03-20 17:47 1,949,184 --a------ C:\WINDOWS\system32\logonui.backup
2008-08-13 16:16 . 2008-03-20 17:47 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-08-13 16:15 . 2008-08-13 16:16 <DIR> d-------- C:\WINDOWS\Icon_Patcher
2008-08-12 16:52 . 2008-08-12 16:52 <DIR> d-------- C:\Documents and Settings\User\Application Data\GlarySoft
2008-08-09 05:21 . 2008-08-09 05:21 48 --a------ C:\WINDOWS\wininit.ini
2008-08-08 12:13 . 2008-08-08 12:20 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-08 12:13 . 2008-08-08 12:13 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-08 12:11 . 2008-08-08 12:11 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-08 12:11 . 2008-08-26 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-08 12:11 . 2008-08-26 21:36 4,666,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-08 12:11 . 2008-08-26 21:36 720,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-08 12:11 . 2008-08-26 21:36 38,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-08 12:11 . 2008-08-26 21:36 4,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-08 11:33 . 2008-08-08 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-07 10:13 . 2008-08-07 10:13 <DIR> d-------- C:\Documents and Settings\User\LameFE22
2008-08-07 01:12 . 2008-08-07 01:23 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-08-07 01:10 . 2008-08-07 01:10 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-08-02 21:32 . 2008-08-02 21:32 <DIR> d-------- C:\Program Files\i2i Internet Solutions
2008-08-02 21:32 . 2008-08-02 21:32 39 --a------ C:\WINDOWS\ideq32.ini
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 04:22 --------- d-----w C:\Documents and Settings\User\Application Data\uTorrent
2008-08-25 02:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-25 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-19 17:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-19 17:32 --------- d-----w C:\Documents and Settings\User\Application Data\AdobeUM
2008-08-16 19:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 15:09 --------- d-----w C:\Program Files\Google
2008-08-13 13:16 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-13 13:16 1,949,184 ----a-w C:\WINDOWS\system32\logonui.exe
2008-08-12 14:29 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2008-08-12 14:28 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
2008-08-08 04:45 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-08-06 22:10 --------- d-----w C:\Program Files\Java
2008-08-03 01:33 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2008-07-28 06:11 --------- d-----w C:\Documents and Settings\User\Application Data\Winamp
2008-07-23 22:51 --------- d-----w C:\Documents and Settings\User\Application Data\BitTorrent
2008-07-21 15:34 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-18 02:54 --------- d-----w C:\Documents and Settings\User\Application Data\MechCAD
2008-07-18 02:09 --------- d-----w C:\Program Files\Realtek
2008-07-18 01:42 --------- d-----w C:\Documents and Settings\User\Application Data\4shared Uploader
2008-07-17 16:26 97,280 ----a-w C:\WINDOWS\system32\psbase.dll
2008-07-06 20:23 72,393 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_07_06_23_05_17_small.dmp.zip
2008-07-06 20:14 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-03 14:03 4,745,216 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-07-03 13:51 16,876,032 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-06-27 00:02 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-19 13:42 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-06-19 13:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2008-06-19 13:20 57,344 ----a-w C:\WINDOWS\Alcmtr.exe
2008-06-18 15:01 77,824 ----a-w C:\WINDOWS\SoundMan.exe
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-30 11:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 11:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 11:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 11:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 11:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 11:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 11:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-03-20 12:40 2,756,096 ----a-w C:\Program Files\mIRC
2008-04-11 21:03 88 --sha-r C:\WINDOWS\system32\5644982F64.sys
2008-04-11 10:18 56 --sh--r C:\WINDOWS\system32\642F984456.sys
2008-04-11 21:03 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2006-02-28 15:00 14336 82e6bd64658909cddf898b06f9d6648f C:\WINDOWS\system32\svchost.exe
2008-03-20 17:50 1656832 c58f0e4dae57c0dc304ecc3683958e4c C:\WINDOWS\explorer.exe
2007-06-13 14:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-02-28 15:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-03-20 17:50 1656832 c58f0e4dae57c0dc304ecc3683958e4c C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 15:00 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 08:40 2048000]
"CursorFX"="C:\Programs\Stardock\CursorFX\CursorFX.exe" [2008-02-20 01:59 418632]
"FreeRAM XP"="C:\Programs\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 01:13 1591808]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 03:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 00:22 3739648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16:51 16876032 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 15:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-21 01:48 287040 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
--a------ 2007-10-30 19:52 16200 C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-09-04 20:25 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2008-02-22 14:29 54576 C:\Programs\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 16:20 57344 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-11-20 18:15 1826816 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programs\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programs\\Mozilla Thunderbird\\thunderbird.exe"=
"C:\\Programs\\Trillian\\trillian.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Programs\\Ares\\Ares.exe"=
"C:\\Programs\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Programs\\mIRC\\mirc.exe"=
"C:\\Programs\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Programs\\Pando Networks\\Pando\\pando.exe"=
"C:\\Programs\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58407:TCP"= 58407:TCP:Pando P2P TCP Listening Port
"58407:UDP"= 58407:UDP:Pando P2P UDP Listening Port
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-12-20 18:03]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
.
Contents of the 'Scheduled Tasks' folder
2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-08-26 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellExecuteHooks-{38B9D19D-021A-4282-A2BD-F9E40DCBA8C9} - (no file)
MSConfigStartUp-28760834 - C:\WINDOWS\system32\tkgfopch.dll
MSConfigStartUp-BM2b453ba8 - C:\WINDOWS\system32\immtpgqq.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kx57s82l.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.modthesims2.com/index_old.php
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Programs\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - C:\Programs\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\np32dsw.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npdivx32.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\NPOFFICE.DLL
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npPandoWebInst.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\nppdf32.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npqtplugin.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npqtplugin2.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npqtplugin3.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npqtplugin4.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npqtplugin5.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npqtplugin6.dll
FF -: plugin - C:\Programs\Mozilla Firefox\plugins\npqtplugin7.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 21:38:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Programs\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-26 21:43:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 18:43:08
Pre-Run: 22,369,464,320 bytes free
Post-Run: 22,249,545,728 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
282 --- E O F --- 2008-08-05 22:53:11
New New HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:35, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programs\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programs\Stardock\CursorFX\CursorFX.exe
C:\Programs\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programs\Mozilla Firefox\firefox.exe
C:\Programs\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programs\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programs\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programs\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CursorFX] "C:\Programs\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programs\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Netvision Cable Connect.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Programs\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programs\GetRight\GRbrowse.htm
O8 - Extra context menu item: Russian<->Hebrew - C:\Programs\LingvoSoft\LingvoSoft Talking Dictionary 2007 (Russian-Hebrew) for Windows\Plugins\IE.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Russian<->Hebrew - {8C01D20A-910B-4B4A-A223-2E5637EDEC07} - C:\Programs\LingvoSoft\LingvoSoft Talking Dictionary 2007 (Russian-Hebrew) for Windows\Plugins\IE.htm
O9 - Extra 'Tools' menuitem: Russian<->Hebrew - {8C01D20A-910B-4B4A-A223-2E5637EDEC07} - C:\Programs\LingvoSoft\LingvoSoft Talking Dictionary 2007 (Russian-Hebrew) for Windows\Plugins\IE.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programs\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programs\ICQ6\ICQ.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1219539694609
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202225323250
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.tapuz.co.il/albums/album/ImageUploader4.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana10.co.il/Cabs/launcher39.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1BBEE01-8521-47D2-A1D5-D9D0A10A94B2}: NameServer = 194.90.1.5 212.143.212.143
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programs\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programs\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
--
End of file - 9929 bytes
VkToriA85
2008-08-29, 00:59
OTViewIt.Txt
OTViewIt logfile created on: 29/08/2008 00:56:47 - Run 1
OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.17 Mb Total Physical Memory | 554.52 Mb Available Physical Memory | 54.20% Memory free
2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 20.70 Gb Free Space | 42.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 184.05 Gb Total Space | 91.93 Gb Free Space | 49.95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 74.50 Gb Total Space | 43.90 Gb Free Space | 58.93% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-F94095EE62
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
===== Processes - Non-Microsoft Only =====
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[02/20/2008 01:59 AM | 00,418,632 | ---- | M] (Stardock Corporation) - C:\Programs\Stardock\CursorFX\CursorFX.exe
[03/23/2006 01:13 AM | 01,591,808 | ---- | M] (YourWare Solutions (TM)) - C:\Programs\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[02/28/2006 01:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[09/04/2007 08:25 PM | 00,131,072 | ---- | M] (NVIDIA) - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
[06/05/2007 01:20 PM | 00,177,704 | ---- | M] () - C:\WINDOWS\system32\PSIService.exe
File not found - \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
===== Win32 Services - Non-Microsoft Only =====
(AVP) Kaspersky Internet Security [Auto | Running]
[07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Auto | Running]
[02/28/2006 01:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[03/06/2008 11:02 PM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(nTuneService) nTune Service [Auto | Running]
[09/04/2007 08:25 PM | 00,131,072 | ---- | M] (NVIDIA) - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(ProtexisLicensing) ProtexisLicensing [Auto | Running]
[06/05/2007 01:20 PM | 00,177,704 | ---- | M] () - C:\WINDOWS\system32\PSIService.exe
===== Driver Services - Non-Microsoft Only =====
(AtcL002) NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller [On_Demand | Running]
[12/20/2007 06:03 PM | 00,030,720 | ---- | M] (Atheros Communications, Inc.) - C:\WINDOWS\system32\drivers\l251x86.sys
(Cardex) Cardex [On_Demand | Stopped]
[03/16/2007 11:11 AM | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) - C:\WINDOWS\system32\drivers\TBPanel.sys
(F-Secure Standalone Minifilter) F-Secure Standalone Minifilter [On_Demand | Stopped]
[08/27/2008 07:52 AM | 00,065,024 | ---- | M] () - C:\Documents and Settings\User\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk.sys
(kl1) kl1 [Boot | Running]
[07/21/2008 06:34 PM | 00,121,872 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\kl1.sys
(klbg) Kaspersky Lab Boot Guard Driver [Boot | Running]
[01/29/2008 06:29 PM | 00,032,784 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klbg.sys
(KLFLTDEV) Kaspersky Lab KLFltDev [On_Demand | Running]
[03/13/2008 07:02 PM | 00,026,640 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klfltdev.sys
(KLIF) Kaspersky Lab Driver [System | Running]
[08/08/2008 12:10 PM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klif.sys
(klim5) Kaspersky Anti-Virus NDIS Filter [On_Demand | Running]
[04/30/2008 06:06 PM | 00,024,592 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klim5.sys
(MTsensor) ATK0110 ACPI UTILITY [On_Demand | Running]
[08/12/2004 11:00 AM | 00,005,810 | R--- | M] () - C:\WINDOWS\system32\drivers\ASACPI.sys
(NVR0Dev) NVR0Dev [On_Demand | Running]
[09/04/2007 08:26 PM | 00,029,696 | ---- | M] (NVidia Corp.) - C:\WINDOWS\nvoclock.sys
(sptd) sptd [Boot | Running]
[03/31/2008 08:04 PM | 00,685,816 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys
(TBPanel) TBPanel [On_Demand | Stopped]
[03/16/2007 11:11 AM | 00,012,256 | ---- | M] (Windows (R) 2000 DDK provider) - C:\WINDOWS\System32\drivers\TBPanel.sys
(TSP) TSP [On_Demand | Stopped]
[08/08/2008 12:10 PM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\system32\drivers\klif.sys
===== Run Keys =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP" = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [07/29/2008 08:20 PM | 00,206,088 | ---- | M] (Kaspersky Lab)
"googletalk" = C:\Program Files\Google\Google Talk\googletalk.exe /autostart [01/02/2007 12:22 AM | 03,739,648 | ---- | M] (Google)
"KernelFaultCheck" = %systemroot%\system32\dumprep 0 -k File not found
"NeroFilterCheck" = C:\WINDOWS\system32\NeroCheck.exe [01/12/2006 03:40 AM | 00,155,648 | ---- | M] (Nero AG)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [05/16/2008 02:01 PM | 13,529,088 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [05/16/2008 02:01 PM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [05/16/2008 02:01 PM | 01,630,208 | ---- | M] ()
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"RTHDCPL" = RTHDCPL.EXE [07/03/2008 04:51 PM | 16,876,032 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX" = "C:\Programs\Stardock\CursorFX\CursorFX.exe" [02/20/2008 01:59 AM | 00,418,632 | ---- | M] (Stardock Corporation)
"FreeRAM XP" = "C:\Programs\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win [03/23/2006 01:13 AM | 01,591,808 | ---- | M] (YourWare Solutions (TM))
"NBJ" = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [02/10/2006 08:40 AM | 02,048,000 | ---- | M] (Ahead Software AG)
"NVIDIA nTune" = "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [09/04/2007 08:25 PM | 00,081,920 | ---- | M] (NVIDIA)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.
===== Startup Folders =====
[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[User Startup Folder - C:\Documents and Settings\User\Start Menu\Programs\Startup]
File not found - C:\Documents and Settings\User\Start Menu\Programs\Startup\Netvision Cable Connect.lnk =
===== BHO's =====
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HKLM CLSID: (SnagIt Toolbar Loader) - [05/01/2007 11:11 AM | 00,063,048 | ---- | M] (TechSmith Corporation) C:\Programs\SnagIt 8\SnagItBHO.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
HKLM CLSID: (Skype add-on (mastermind)) - [12/07/2007 04:08 PM | 01,377,576 | ---- | M] (Skype Technologies S.A.) C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
HKLM CLSID: (IE to GetRight Helper) - [07/18/2007 04:54 PM | 00,246,848 | ---- | M] (Headlight Software, Inc.) C:\Programs\GetRight\xx2gr.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Programs\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
HKLM CLSID: (IEVkbdBHO Class) - [07/29/2008 08:21 PM | 00,062,728 | ---- | M] (Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.
===== Toolbars =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"
HKLM CLSID: (SnagIt) - [05/01/2007 11:12 AM | 00,161,352 | ---- | M] (TechSmith Corporation) C:\Programs\SnagIt 8\SnagItIEAddin.dll
===== Policies =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun" = 67108863
"NoDriveTypeAutoRun" = 255
"NoDrives" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"DisableRegistryTools" = 0
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
===== Desktop Components =====
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"
===== Shared Task Scheduler =====
===== AppInit_Dlls =====
===== Lsa Authentication Packages =====
===== Lsa Security Packages =====
===== Authorized Applications List =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [02/28/2006 03:00 PM | 00,140,800 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 03:44 PM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [02/28/2006 03:00 PM | 00,140,800 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 03:44 PM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Programs\ICQ6\ICQ.exe" = C:\Programs\ICQ6\ICQ.exe [12/19/2007 05:48 PM | 00,172,280 | ---- | M] (ICQ, Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Programs\Mozilla Thunderbird\thunderbird.exe" = C:\Programs\Mozilla Thunderbird\thunderbird.exe [08/02/2008 09:12 PM | 08,496,752 | ---- | M] (Mozilla Corporation)
"C:\Programs\Trillian\trillian.exe" = C:\Programs\Trillian\trillian.exe [03/20/2008 01:12 PM | 01,873,280 | ---- | M] (Cerulean Studios)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe [12/07/2007 04:08 PM | 21,686,568 | R--- | M] (Skype Technologies S.A.)
"C:\Programs\Ares\Ares.exe" = C:\Programs\Ares\Ares.exe File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [02/28/2006 01:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe [08/27/2008 11:37 PM | 00,267,056 | ---- | M] (BitTorrent, Inc.)
"C:\Programs\mIRC\mirc.exe" = C:\Programs\mIRC\mirc.exe [03/20/2008 03:40 PM | 02,756,096 | ---- | M] (mIRC Co. Ltd.)
"C:\Programs\BitTorrent\bittorrent.exe" = C:\Programs\BitTorrent\bittorrent.exe [02/27/2008 10:53 PM | 00,587,568 | ---- | M] ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe [03/21/2008 01:48 AM | 00,287,040 | ---- | M] ()
"C:\Programs\Pando Networks\Pando\pando.exe" = C:\Programs\Pando Networks\Pando\pando.exe [04/02/2008 03:22 PM | 06,112,584 | ---- | M] (Pando Networks)
"C:\Programs\LimeWire\LimeWire.exe" = C:\Programs\LimeWire\LimeWire.exe File not found
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\setup.exe [04/25/2008 05:46 PM | 00,070,992 | ---- | M] (Kaspersky Lab)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe [01/02/2007 12:22 AM | 03,739,648 | ---- | M] (Google)
===== HKLM Winlogon Settings =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [03/20/2008 05:50 PM | 01,656,832 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [02/28/2006 03:00 PM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"LogonUI.EXE" - [08/13/2008 04:16 PM | 01,949,184 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [03/20/2008 05:50 PM | 10,906,624 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [03/20/2008 05:50 PM | 00,346,624 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
===== User's Winlogon Settings =====
===== Winlogon Notify Settings =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
"DllName" = C:\WINDOWS\system32\klogon.dll [07/29/2008 08:21 PM | 00,218,376 | ---- | M] (Kaspersky Lab)
===== Safeboot Options =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe
===== Disabled MsConfig Items =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Alcmtr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\Alcmtr.exe [06/19/2008 04:20 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.)
"hkey" = HKLM
"command" = C:\WINDOWS\Alcmtr.exe [06/19/2008 04:20 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent DNA]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = btdna
"hkey" = HKCU
"command" = C:\Program Files\DNA\btdna.exe [03/21/2008 01:48 AM | 00,287,040 | ---- | M] ()
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel File Shell Monitor]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = CorelIOMonitor
"hkey" = HKLM
"command" = C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [10/30/2007 07:52 PM | 00,016,200 | ---- | M] ()
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msmsgs
"hkey" = HKCU
"command" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 07:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NVIDIA nTune]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = nTuneCmd
"hkey" = HKCU
"command" = C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [09/04/2007 08:25 PM | 00,081,920 | ---- | M] (NVIDIA)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OM2_Monitor]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = FirstStart
"hkey" = HKLM
"command" = C:\Programs\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [02/22/2008 02:29 PM | 00,054,576 | ---- | M] (OLYMPUS IMAGING CORP.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkyTel]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\SkyTel.exe [11/20/2007 06:15 PM | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"hkey" = HKLM
"command" = C:\WINDOWS\SkyTel.exe [11/20/2007 06:15 PM | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = winampa
"hkey" = HKLM
"inimapping" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2
===== DNS Name Servers =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{EE35F00A-8272-4D4C-899A-7260BFAD0937}]
Servers: | Description: Atheros L2 Fast Ethernet 10/100 Base-T Controller
===== CDRom AutoRun Settings =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
===== Autorun Files on Drives =====
AUTOEXEC.BAT []
[02/05/2008 04:49 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]
===== MountPoints2 =====
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16628678-d45d-11dc-9133-001bfcaf03f7}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16628678-d45d-11dc-9133-001bfcaf03f7}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [03/20/2008 05:50 PM | 10,906,624 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16628678-d45d-11dc-9133-001bfcaf03f7}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{397dbbc2-5504-11dd-a125-001bfcaf03f7}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{397dbbc2-5504-11dd-a125-001bfcaf03f7}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [03/20/2008 05:50 PM | 10,906,624 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{397dbbc2-5504-11dd-a125-001bfcaf03f7}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6442d02e-f1de-11dc-9165-001bfcaf03f7}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6442d02e-f1de-11dc-9165-001bfcaf03f7}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [03/20/2008 05:50 PM | 10,906,624 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6442d02e-f1de-11dc-9165-001bfcaf03f7}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a62c85fa-d3f5-11dc-9123-001bfcaf03f7}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a62c85fa-d3f5-11dc-9123-001bfcaf03f7}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [03/20/2008 05:50 PM | 10,906,624 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a62c85fa-d3f5-11dc-9123-001bfcaf03f7}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c146cdfa-105a-11dd-86be-001bfcaf03f7}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c146cdfa-105a-11dd-86be-001bfcaf03f7}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [03/20/2008 05:50 PM | 10,906,624 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c146cdfa-105a-11dd-86be-001bfcaf03f7}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc2a6762-e54d-11dc-9150-001bfcaf03f7}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc2a6762-e54d-11dc-9150-001bfcaf03f7}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [03/20/2008 05:50 PM | 10,906,624 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc2a6762-e54d-11dc-9150-001bfcaf03f7}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd12281c-31f4-11dd-a0f6-001bfcaf03f7}\Shell]
"" = None
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd12281c-31f4-11dd-a0f6-001bfcaf03f7}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [03/20/2008 05:50 PM | 10,906,624 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd12281c-31f4-11dd-a0f6-001bfcaf03f7}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}
===== Hosts File =====
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
[Files/Folders - Created Within 30 days]
[1 C:\*.tmp files]
[08/26/2008 09:32 PM | ---D | C] - C:\cmdcons
[08/26/2008 09:32 PM | ---D | C] - C:\QooBox
[08/26/2008 09:33 PM | 00,000,211 | ---- | C] () - C:\Boot.bak
[08/26/2008 09:33 PM | 00,260,272 | ---- | C] () - C:\cmldr
[08/26/2008 11:21 PM | -HSD | C] - C:\RECYCLER
[08/27/2008 07:49 AM | ---D | C] - C:\fsaua.data
[08/08/2008 12:10 PM | 00,213,008 | ---- | C] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/08/2008 12:11 PM | 00,004,732 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/08/2008 12:11 PM | 00,038,584 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/08/2008 12:11 PM | 00,761,888 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[08/08/2008 12:11 PM | 04,666,400 | -HS- | C] () - C:\WINDOWS\System32\drivers\fidbox.dat
[08/08/2008 12:13 PM | 00,087,855 | ---- | C] () - C:\WINDOWS\System32\drivers\klick.dat
[08/08/2008 12:13 PM | 00,096,976 | ---- | C] () - C:\WINDOWS\System32\drivers\klin.dat
[1 C:\WINDOWS\System32\*.tmp files]
[08/13/2008 05:58 PM | ---D | C] - C:\WINDOWS\System32\Adobe
[9 C:\WINDOWS\*.tmp files]
[08/02/2008 09:32 PM | 00,000,039 | ---- | C] () - C:\WINDOWS\ideq32.ini
[08/09/2008 05:21 AM | 00,000,048 | ---- | C] () - C:\WINDOWS\wininit.ini
[08/13/2008 04:15 PM | ---D | C] - C:\WINDOWS\Icon_Patcher
[08/25/2008 04:31 AM | 00,001,409 | ---- | C] () - C:\WINDOWS\QTFont.for
[08/25/2008 04:31 AM | 00,054,156 | -H-- | C] () - C:\WINDOWS\QTFont.qfn
[08/26/2008 04:15 AM | -H-D | C] - C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[08/26/2008 09:31 PM | 00,028,672 | ---- | C] (NirSoft) - C:\WINDOWS\Nircmd.exe
[08/26/2008 09:31 PM | 00,049,152 | ---- | C] () - C:\WINDOWS\VFind.exe
[08/26/2008 09:31 PM | 00,068,096 | ---- | C] () - C:\WINDOWS\zip.exe
[08/26/2008 09:31 PM | 00,080,412 | ---- | C] () - C:\WINDOWS\grep.exe
[08/26/2008 09:31 PM | 00,089,504 | ---- | C] (Smallfrogs Studio) - C:\WINDOWS\fdsv.exe
[08/26/2008 09:31 PM | 00,098,816 | ---- | C] () - C:\WINDOWS\sed.exe
[08/26/2008 09:31 PM | 00,136,704 | ---- | C] (SteelWerX) - C:\WINDOWS\swsc.exe
[08/26/2008 09:31 PM | 00,161,792 | ---- | C] (SteelWerX) - C:\WINDOWS\swreg.exe
[08/26/2008 09:31 PM | 00,212,480 | ---- | C] (SteelWerX) - C:\WINDOWS\swxcacls.exe
[08/26/2008 09:32 PM | ---D | C] - C:\WINDOWS\erdnt
[08/24/2008 04:41 AM | 00,000,330 | -H-- | C] () - C:\WINDOWS\tasks\MP Scheduled Scan.job
[08/25/2008 04:52 AM | 00,000,284 | ---- | C] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/08/2008 11:33 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[08/08/2008 12:11 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[08/25/2008 04:43 AM | 00,001,751 | ---- | C] () - C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[08/25/2008 04:48 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/25/2008 04:52 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Apple
[08/26/2008 08:53 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/07/2008 01:12 AM | ---D | C] - C:\Documents and Settings\User\Application Data\OpenOffice.org2
[08/12/2008 04:52 PM | ---D | C] - C:\Documents and Settings\User\Application Data\GlarySoft
[08/26/2008 08:53 PM | ---D | C] - C:\Documents and Settings\User\Application Data\Malwarebytes
[08/19/2008 08:32 PM | ---D | C] - C:\Documents and Settings\User\Local Settings\Application Data\NOS
[08/25/2008 04:52 AM | ---D | C] - C:\Documents and Settings\User\Local Settings\Application Data\Apple
[08/06/2008 08:16 PM | 00,000,761 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[08/12/2008 04:35 PM | 00,000,791 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[08/16/2008 10:24 PM | 00,000,742 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[08/16/2008 10:24 PM | 00,000,742 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[08/26/2008 08:53 PM | 00,000,655 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/07/2008 10:34 AM | 00,000,679 | ---- | C] () - C:\Documents and Settings\User\Desktop\mp3DirectCut.lnk
[08/07/2008 10:53 AM | 00,000,771 | ---- | C] () - C:\Documents and Settings\User\Desktop\Power MP3 WAV Converter.lnk
[08/12/2008 04:47 PM | 00,000,659 | ---- | C] () - C:\Documents and Settings\User\Desktop\Glary Registry Repair.lnk
[08/12/2008 04:54 PM | 00,000,712 | ---- | C] () - C:\Documents and Settings\User\Desktop\Advanced WindowsCare V2 Personal.lnk
[08/25/2008 04:48 AM | 00,000,882 | ---- | C] () - C:\Documents and Settings\User\Desktop\Spybot - Search & Destroy.lnk
[08/25/2008 06:08 AM | 00,001,914 | ---- | C] () - C:\Documents and Settings\User\Desktop\Windows Live Writer.lnk
[08/26/2008 07:10 AM | 00,001,673 | ---- | C] () - C:\Documents and Settings\User\Desktop\HijackThis.lnk
[08/27/2008 11:37 PM | 00,000,630 | ---- | C] () - C:\Documents and Settings\User\Desktop\µTorrent.lnk
[08/19/2008 08:36 PM | 00,001,757 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[08/02/2008 09:32 PM | ---D | C] - C:\Program Files\i2i Internet Solutions
[08/07/2008 01:10 AM | ---D | C] - C:\Program Files\OpenOffice.org 2.4
[08/08/2008 12:11 PM | ---D | C] - C:\Program Files\Kaspersky Lab
[08/24/2008 04:38 AM | ---D | C] - C:\Program Files\Windows Defender
[08/25/2008 04:52 AM | ---D | C] - C:\Program Files\Apple Software Update
[08/25/2008 04:54 AM | ---D | C] - C:\Program Files\QuickTime
[Files/Folders - Modified Within 30 days]
[1 C:\*.tmp files]
[08/16/2008 10:41 PM | 00,000,211 | ---- | M] () - C:\Boot.bak
[08/25/2008 04:54 AM | R--D | M] - C:\Program Files
[08/26/2008 09:33 PM | 00,000,281 | RHS- | M] () - C:\boot.ini
[08/26/2008 09:33 PM | ---D | M] - C:\cmdcons
[08/26/2008 09:43 PM | ---D | M] - C:\QooBox
[08/26/2008 11:21 PM | -HSD | M] - C:\RECYCLER
[08/27/2008 07:47 AM | ---D | M] - C:\Programs
[08/27/2008 07:49 AM | ---D | M] - C:\fsaua.data
[08/27/2008 08:47 AM | ---D | M] - C:\WINDOWS
[08/26/2008 09:37 PM | 00,000,027 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\hosts
[08/08/2008 12:10 PM | 00,213,008 | ---- | M] (Kaspersky Lab) - C:\WINDOWS\System32\drivers\klif.sys
[08/08/2008 12:13 PM | 00,087,855 | ---- | M] () - C:\WINDOWS\System32\drivers\klick.dat
[08/08/2008 12:20 PM | 00,096,976 | ---- | M] () - C:\WINDOWS\System32\drivers\klin.dat
[08/26/2008 09:37 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[08/28/2008 02:56 PM | 00,004,732 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.idx
[08/28/2008 02:56 PM | 00,038,584 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08/28/2008 02:56 PM | 00,761,888 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox2.dat
[08/28/2008 02:56 PM | 04,666,400 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.dat
[1 C:\WINDOWS\System32\*.tmp files]
[08/08/2008 10:39 AM | 00,004,212 | -H-- | M] () - C:\WINDOWS\System32\zllictbl.dat
[08/08/2008 12:06 AM | 01,635,536 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/13/2008 04:01 PM | ---D | M] - C:\WINDOWS\System32\wbem
[08/13/2008 05:59 PM | ---D | M] - C:\WINDOWS\System32\Adobe
[08/13/2008 11:43 AM | ---D | M] - C:\WINDOWS\System32\Restore
[08/16/2008 10:09 PM | ---D | M] - C:\WINDOWS\System32\DirectX
[08/25/2008 05:00 AM | 00,016,832 | ---- | M] () - C:\WINDOWS\System32\amcompat.tlb
[08/25/2008 05:00 AM | 00,023,392 | ---- | M] () - C:\WINDOWS\System32\nscompat.tlb
[08/25/2008 08:32 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/26/2008 04:15 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/26/2008 09:35 PM | ---D | M] - C:\WINDOWS\System32\config
[08/26/2008 09:43 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/29/2008 12:52 AM | 00,013,646 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/29/2008 12:52 AM | 00,186,500 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[08/29/2008 12:55 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/29/2008 12:57 AM | 00,064,828 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/29/2008 12:57 AM | 00,410,006 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/29/2008 12:57 AM | 00,481,850 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[9 C:\WINDOWS\*.tmp files]
[08/02/2008 09:32 PM | 00,000,039 | ---- | M] () - C:\WINDOWS\ideq32.ini
[08/06/2008 08:16 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/07/2008 01:10 AM | R-SD | M] - C:\WINDOWS\Fonts
[08/07/2008 01:11 AM | R-SD | M] - C:\WINDOWS\assembly
[08/07/2008 10:59 AM | 00,000,407 | ---- | M] () - C:\WINDOWS\powermp3wavconverter.ini
[08/08/2008 11:53 AM | ---D | M] - C:\WINDOWS\Internet Logs
[08/09/2008 05:21 AM | 00,000,048 | ---- | M] () - C:\WINDOWS\wininit.ini
[08/12/2008 05:28 PM | 00,118,784 | ---- | M] () - C:\WINDOWS\GREUninstall.exe
[08/12/2008 05:29 PM | 00,118,784 | ---- | M] () - C:\WINDOWS\SeaMonkeyUninstall.exe
[08/13/2008 04:16 PM | ---D | M] - C:\WINDOWS\Icon_Patcher
[08/13/2008 11:43 AM | ---D | M] - C:\WINDOWS\Registration
[08/16/2008 10:41 PM | 00,000,603 | ---- | M] () - C:\WINDOWS\win.ini
[08/22/2008 07:29 PM | 00,000,069 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/25/2008 04:31 AM | 00,001,409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/25/2008 04:31 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/25/2008 07:58 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/25/2008 07:59 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/25/2008 07:59 AM | ---D | M] - C:\WINDOWS\Help
[08/26/2008 04:15 AM | -H-D | M] - C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[08/26/2008 09:34 PM | ---D | M] - C:\WINDOWS\AppPatch
[08/26/2008 09:35 PM | ---D | M] - C:\WINDOWS\erdnt
[08/26/2008 09:38 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/27/2008 07:46 AM | -HSD | M] - C:\WINDOWS\Installer
[08/27/2008 07:52 AM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/27/2008 08:31 AM | 00,016,138 | ---- | M] () - C:\WINDOWS\mozver.dat
[08/27/2008 08:47 AM | ---D | M] - C:\WINDOWS\Minidump
[08/28/2008 01:04 AM | -H-D | M] - C:\WINDOWS\inf
[08/29/2008 12:52 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/29/2008 12:55 AM | --SD | M] - C:\WINDOWS\Tasks
[08/29/2008 12:56 AM | ---D | M] - C:\WINDOWS\Prefetch
[08/29/2008 12:56 AM | ---D | M] - C:\WINDOWS\Temp
[08/29/2008 12:57 AM | ---D | M] - C:\WINDOWS\system32
[08/25/2008 07:28 AM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/29/2008 12:52 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/29/2008 12:55 AM | 00,000,330 | -H-- | M] () - C:\WINDOWS\tasks\MP Scheduled Scan.job
[08/08/2008 11:33 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[08/19/2008 08:36 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/24/2008 04:38 AM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/25/2008 04:44 AM | 00,001,751 | ---- | M] () - C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[08/25/2008 04:52 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Apple
[08/25/2008 04:54 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Apple Computer
[08/25/2008 05:40 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\WLInstaller
[08/26/2008 07:06 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/26/2008 08:53 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/29/2008 12:52 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[08/03/2008 04:33 AM | ---D | M] - C:\Documents and Settings\User\Application Data\LimeWire
[08/07/2008 01:23 AM | ---D | M] - C:\Documents and Settings\User\Application Data\OpenOffice.org2
[08/12/2008 04:52 PM | ---D | M] - C:\Documents and Settings\User\Application Data\GlarySoft
[08/19/2008 08:32 PM | ---D | M] - C:\Documents and Settings\User\Application Data\AdobeUM
[08/26/2008 08:53 PM | ---D | M] - C:\Documents and Settings\User\Application Data\Malwarebytes
[08/29/2008 12:53 AM | ---D | M] - C:\Documents and Settings\User\Application Data\uTorrent
[08/06/2008 08:21 PM | ---D | M] - C:\Documents and Settings\User\Local Settings\Application Data\Paint.NET
[08/07/2008 10:48 AM | 00,096,584 | ---- | M] () - C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/08/2008 11:04 AM | 00,020,992 | ---- | M] () - C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/13/2008 03:38 PM | 03,173,682 | -H-- | M] () - C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[08/19/2008 08:37 PM | ---D | M] - C:\Documents and Settings\User\Local Settings\Application Data\NOS
[08/22/2008 08:18 PM | ---D | M] - C:\Documents and Settings\User\Local Settings\Application Data\ApplicationHistory
[08/24/2008 04:01 AM | ---D | M] - C:\Documents and Settings\User\Local Settings\Application Data\Microsoft
[08/25/2008 04:52 AM | ---D | M] - C:\Documents and Settings\User\Local Settings\Application Data\Apple
[08/07/2008 10:15 AM | R--D | M] - C:\Documents and Settings\User\My Documents\My Music
[08/06/2008 08:16 PM | 00,000,761 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[08/09/2008 08:21 AM | 00,000,613 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[08/12/2008 05:28 PM | 00,001,503 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[08/16/2008 10:24 PM | 00,000,742 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[08/16/2008 10:24 PM | 00,000,742 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[08/26/2008 04:16 AM | 00,000,791 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[08/26/2008 08:53 PM | 00,000,655 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/07/2008 10:34 AM | 00,000,679 | ---- | M] () - C:\Documents and Settings\User\Desktop\mp3DirectCut.lnk
[08/07/2008 10:53 AM | 00,000,771 | ---- | M] () - C:\Documents and Settings\User\Desktop\Power MP3 WAV Converter.lnk
[08/12/2008 04:47 PM | 00,000,659 | ---- | M] () - C:\Documents and Settings\User\Desktop\Glary Registry Repair.lnk
[08/12/2008 04:54 PM | 00,000,712 | ---- | M] () - C:\Documents and Settings\User\Desktop\Advanced WindowsCare V2 Personal.lnk
[08/25/2008 04:48 AM | 00,000,882 | ---- | M] () - C:\Documents and Settings\User\Desktop\Spybot - Search & Destroy.lnk
[08/25/2008 06:08 AM | 00,001,914 | ---- | M] () - C:\Documents and Settings\User\Desktop\Windows Live Writer.lnk
[08/25/2008 08:07 AM | R--D | M] - C:\Documents and Settings\User\Desktop\My Downloads
[08/26/2008 07:10 AM | 00,001,673 | ---- | M] () - C:\Documents and Settings\User\Desktop\HijackThis.lnk
[08/27/2008 11:37 PM | 00,000,630 | ---- | M] () - C:\Documents and Settings\User\Desktop\µTorrent.lnk
[08/19/2008 08:36 PM | 00,001,757 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[08/16/2008 10:23 PM | ---D | M] - C:\Program Files\Common Files\Wise Installation Wizard
[08/19/2008 08:36 PM | ---D | M] - C:\Program Files\Common Files\Adobe
< End of report >
VkToriA85
2008-08-29, 01:00
Extras.Txt
OTViewIt Extras logfile created on: 29/08/2008 00:56:47 - Run 1
OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.17 Mb Total Physical Memory | 554.52 Mb Available Physical Memory | 54.20% Memory free
2.40 Gb Paging File | 2.05 Gb Available in Paging File | 85.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 20.70 Gb Free Space | 42.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 184.05 Gb Total Space | 91.93 Gb Free Space | 49.95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 74.50 Gb Total Space | 43.90 Gb Free Space | 58.93% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
===== File Associations =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = ComFile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/18/2008 03:10 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Programs\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -
===== HKEY_LOCAL_MACHINE Uninstall List =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20AC583C-A6FB-410A-807D-25308225C201}" = Paint.NET v3.35
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39E705C7-669D-42EC-90F0-38F376D24774}" = Windows Live Writer Blog This for Mozilla Firefox
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = The Sims™ Castaway Stories
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901E040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Hebrew User Interface Pack
"{901E0419-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Russian User Interface Pack
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9F7F073B-CBC1-4588-9B21-D21971173301}" = FaceGen Modeller 3.2 Free
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}" = Pando
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"4shared_Uploader" = 4shared Uploader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Audacity_is1" = Audacity 1.2.6
"BSPlayer" = BSPlayer
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"CursorFX" = CursorFX
"Direct KiSS" = Direct KiSS
"EsetOnlineScanner" = ESET Online Scanner
"GetRight Pro_is1" = GetRight
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"KB873339" = Windows XP Hotfix - KB873339
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB888111WXPSP2" = High Definition Audio Driver Package - KB888111
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891122" = Windows Media Format SDK Hotfix - KB891122
"KB891781" = Windows XP Hotfix - KB891781
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896344" = Hotfix for Windows XP (KB896344)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896428" = Security Update for Windows XP (KB896428)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911164" = Update for Windows XP (KB911164)
"KB911280" = Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911927" = Security Update for Windows XP (KB911927)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916595" = Update for Windows XP (KB916595)
"KB917344" = Security Update for Windows XP (KB917344)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921503" = Security Update for Windows XP (KB921503)
"KB922582" = Update for Windows XP (KB922582)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923789" = Security Update for Windows XP (KB923789)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931784" = Security Update for Windows XP (KB931784)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935448" = Hotfix for Windows XP (KB935448)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936357" = Update for Windows XP (KB936357)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB938127" = Security Update for Windows XP (KB938127)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615" = Security Update for Windows XP (KB942615)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB942840" = Update for Windows XP (KB942840)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951618-v2" = Update for Windows XP (KB951618-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952954" = Security Update for Windows XP (KB952954)
"KB955417" = Security Update for Windows XP (KB955417)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.0 Full
"LingvoSoft FlashCards (Russian<->Hebrew) for Windows" = LingvoSoft FlashCards (Russian<->Hebrew) for Windows
"LingvoSoft FlashCards Builder 2006 for Windows" = LingvoSoft FlashCards Builder 2006 for Windows
"LingvoSoft Talking Dictionary 2007 Russian<->Hebrew for Windows" = LingvoSoft Talking Dictionary 2007 Russian<->Hebrew for Windows
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pankaj Arora Software's Tumi Cursor PowerPack" = Pankaj Arora Software's Tumi Cursor PowerPack (Remove)
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Power MP3 WAV Converter_is1" = Power MP3 WAV Converter 1.12
"RAR Key Demo" = RAR Key 8.3 Demo
"SeaMonkey (1.1.10)" = SeaMonkey (1.1.10)
"SimPE_is1" = SimPE 0.68 (alpha)
"Sims 2 Wardrobe Wrangler v1.1" = Sims 2 Wardrobe Wrangler v1.1
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"ST6UNST #1" = ScreenPrint32 v3.5
"SystemRequirementsLab" = System Requirements Lab
"TaskPatrol Personal_is1" = TaskPatrol Personal 2.0
"The Compressorizer! Version 1.01" = The Compressorizer! Version 1.01
"Trillian" = Trillian
"Tweak UI 2.10" = Tweak UI
"VDOTool_is1" = VDOTool 5.3
"Vista Anthracite Pack - UltraLite" = Vista Anthracite Pack - UltraLite 1.31
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"What's Running_is1" = What's Running 2.2
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinCleanerMemOptimizer_is1" = WinCleaner Memory Optimizer Version 5.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.4.4
"WinRAR archiver" = WinRAR archiver
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 3.2.1
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 3 Free 3.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
===== HKEY_CURRENT_USER Uninstall List =====
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"uTorrent" = µTorrent
===== Winsock2 Catalogs =====
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [02/28/2006 01:42 PM | 00,094,208 | ---- | M] (Apple Computer, Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
Protocol_Catalog9\Catalog_Entries\000000000001 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000002 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000003 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000004 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000005 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000006 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000007 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000008 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000009 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000010 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000011 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000012 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000013 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000014 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000015 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000016 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000017 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000018 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000019 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000020 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
Protocol_Catalog9\Catalog_Entries\000000000021 - [02/05/2008 05:39 PM | 00,298,104 | ---- | M] (Eset ) C:\WINDOWS\system32\imon.dll
===== HKEY_LOCAL_MACHINE Protocol Defaults =====
===== HKEY_CURRENT_USER Protocol Defaults =====
===== Protocol Handlers =====
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class]
[12/07/2007 04:08 PM | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll
===== Protocol Filters =====
< End of report >